Acceptable Use of Technology Policy
| STATEMENT of POLICY and PROCEDURE | |||
|---|---|---|---|
| Department | Information Systems | Policy No. | 4.01 |
| Name | Acceptable Use of Technology Policy | Review Frequency | 3 years |
| Approved by | Management | Replaces: | |
| Effective date | August 1, 2025 | Dated: | |
1 OVERVIEW
The Acceptable Use of Technology Policy aims to protect the integrity, security, and availability of MakeWay Foundation (“MakeWay”) technology resources and prevent misuse that could lead to data breaches, legal issues, or damage to MakeWay’s reputation. By defining acceptable use, the policy helps maintain a secure and productive environment for all users.
2 PURPOSE
The purpose of this policy is to establish guidelines and expectations for the appropriate use of technology resources within the organization. This policy outlines acceptable and unacceptable use and promotes responsible and ethical use of technology resources with the goal of protecting employees and organizational data, preventing unauthorized access, and ensuring compliance with legal and regulatory requirements
3 SCOPE
This policy applies to all employees, contractors, vendors, and any other individuals granted access to MakeWay technology resources. These resources include, but are not limited to, computers, mobile devices, email, data, networks, software applications, etc.
4 ACCEPTABLE USE
MakeWay provides technology resources to users for the primary purpose of conducting work related activities. Users are expected to use these resources responsibly and professionally. Users are expected to safeguard their MakeWay devices and store them safely when not in use. Users should be aware that all activities on company technology may be monitored for security reasons (See Section 6 – Monitoring). If you are unsure about acceptable use, you should consult your supervisor for guidance.
5 UNACCEPTABLE USE
Engaging in activities listed below or any other activities that violate laws or MakeWay policies are strictly prohibited. These activities can compromise MakeWay’s data, systems, and reputation, and will result in disciplinary action. Understanding and adhering to these guidelines helps to protect our staff, organization, and communities while ensuring a safe and productive work environment for everyone.
5.01 Unauthorized Access
Users are prohibited from accessing or attempting to access technology resources, systems, or data for which they do not have explicit authorization, including unauthorized login attempts, password guessing, or exploiting vulnerabilities to gain access.
5.02 Data Breaches
Users must not engage in activities that compromise the security or integrity of data, including unauthorized disclosure, alteration, or destruction of data, as well as intentionally spreading malware, viruses, or other harmful software.
5.03 Copyright Infringement
It is prohibited to use technology resources to engage in activities that violate copyright laws, such downloading or sharing pirated software, music, movies, or other protected content. Always respect copyright. Copyright may be breached if another user’s work product (i.e., document, images, design, etc.) is transmitted without their prior knowledge and permission. It is also customary to acknowledge sources of any material quoted directly.
5.04 Harassment and Discrimination
Users must not use technology resources to engage in harassing, threatening, or discriminatory behaviour, including sending offensive or inappropriate messages, posting derogatory or defamatory content, or engaging in cyberbullying.
5.05 Illegal Activities
Any use of technology resources for illegal purposes is strictly prohibited, including but not limited to engaging in fraud, identity theft, hacking, phishing, software piracy or any other criminal activities.
5.06 Interference with Network
Users are prohibited from engaging in activities that disrupt or interfere with the operation of the organization's network or technology infrastructure, including bandwidth-intensive activities (e.g. downloading/uploading large amounts of data for personal use), network scanning, or launching denial-of-service attacks.
5.07 Misuse of Accounts
Users must not share their personal login credentials with others or use another user's account without proper authorization. Users must not attempt to impersonate other users or misrepresent their identity when using technology resources.
5.08 Unauthorized Device Use
Users are prohibited from allowing unauthorized users to access their MakeWay devices as these devices may have access to sensitive (confidential and/or restricted) and personal information that MakeWay has been trusted to protect.
5.09 Excessive Personal Use
Technology resources should be used for business-related activities, and users should refrain from excessive personal use. While we understand that incidental personal use is a given in today’s world, MakeWay devices are work devices. Excessive personal use could range from downloading large not work-related files, syncing personal cloud resources, storing large amounts of personal data, frequent and excessive browsing of non-work-related websites, etc. Excessive personal use increases risk to MakeWay data as it extends the number of potential threats beyond work related activities. MakeWay is not responsible for any personal data stored on a device.
6 MONITORING
6.01 MakeWay is committed to respecting the privacy and confidentiality of its users to the extent permitted by law, and any monitoring activities will be conducted in accordance with applicable privacy laws and regulations. Any review of sensitive materials will be done with the utmost care, respect and with the consultation of the Privacy Officer.
6.02 MakeWay reserves the right to passively monitor all network activity and data transmitted over its technology resources to protect the integrity and security of its systems, and to safeguard sensitive information. Monitoring may include, but is not limited to, the use of network monitoring tools, intrusion detection systems, logging mechanisms, and other security measures to identify and investigate suspicious or unauthorized activities.
6.03 Users should be aware that their actions, including but not limited to, internet browsing, email communication, file transfers, and software usage, are subject to passive monitoring and logging. By accessing and using MakeWay’s technology resources, users consent to such monitoring activities and acknowledge that any information collected may be used for the purposes of investigating security incidents and ensuring compliance within legal regulations.
6.04 Access to monitoring data or log files is restricted to authorized personnel for security analysis and incident response purposes only. For more details, please refer to the following policies:
- Remote Access Policy (Policy No. 8.01)
- Bring Your Own Device (BYOD) (Policy No. 7.01)
- Cyber Security Policy (Policy No. 2.01)
7 USE OF ARTIFICIAL INTELLIGENCE (AI) TOOLS
MakeWay acknowledges that employees now have access to a wide range of AI tools that are designed to improve productivity and assist with day-to-day work activities. While use of these AI tools is not prohibited or controlled, these tools should be used responsibly and with care.
7.01 AI tools must not be used to process, store, or analyze sensitive (confidential or restricted) organizational data, including personal information, financial records, and proprietary information.
7.02 Use of AI tools for meeting transcription, monitoring, recording or taking notes must be disclosed to all participating members before recording begins. Undisclosed transcription, recording or use of AI tools to monitor or record data of other participants is prohibited.
7.03 Users may use AI-driven search engines or AI tools to gather information, conduct preliminary research, and generate ideas for projects, but they must verify and validate the accuracy of the information from reliable sources. AI tools are often subject to bias of information and misinformation and all information must be validated with care.
7.04 Users should avoid using AI tools from unverified or unknown sources that may pose security risks to the organization’s network and data. When unsure, please consult the Information Systems Department (“IS”) by emailing [email protected] to confirm which tools are trusted.
8 CODE OF CONDUCT
8.01 Additional references and guidelines can be found in the MakeWay Employee Guidebook including consequences of policy breaches, etiquette, email best practices, guidelines on personal activities etc.
9 COMPLIANCE
9.01 Users are expected to adhere to this policy. Users are encouraged to report any violations of this policy to IS or their supervisor.
10 REFERENCES and RELATED STATEMENTS of POLICY and PROCEDURE
10.01 Remote Access Policy (Policy No. 8.01)
10.02 Bring Your Own Device (BYOD) (Policy No. 7.01)
10.03 Cyber Security Policy (Policy No. 2.01)