The purpose of this Policy is to safeguard information belonging to R:BASE Technologies and its stakeholders (customers, clients, and general public), within a secure environment.
This Policy informs the R:BASE Technologies' staff of the principles governing the holding, use, and disposal of information.
It is the goal of R:BASE Technologies that:
Information relates to:
The R:BASE Technologies requires all users to exercise a duty of care in relation to the operation and use of its information systems.
With the exception of information published for public consumption, all users of R:BASE Technologies information systems must be formally authorised by appointment as a member of staff. Authorised users will be in possession of a unique user identity. Any password associated with a user identity must not be disclosed to any other person. The Network password policy describes these principles in greater detail.
Authorised users will pay due care and attention to protect R:BASE Technologies information in their personal possession. Confidential, personal or private information must not be copied or transported without consideration of:
Use of the R:BASE Technologies' information systems by authorised users will be lawful, honest and decent and shall have regard to the rights and sensitivities of other people. The detail of acceptable use in specific areas may be found in the list of subsidiary policies detailed in the Appendix.
R:BASE Technologies staff who are responsible for information systems are required to ensure that:
Authorised users of information systems are not given rights of privacy in relation to their use of R:BASE Technologies' information systems. Authorised R:BASE Technologies staff may access or monitor personal data contained in any information system (email, web access logs, file-store, etc).
Individuals in breach of this policy are subject to disciplinary procedures at the discretion of management, including referral to the Police where appropriate.
R:BASE Technologies will take legal action to ensure that its information systems are not used by unauthorised persons.
The Director of Information Systems has direct responsibility for maintaining this policy and providing guidance and advice on its implementation.
Information system owners are responsible for the implementation of this Policy within their area, and to ensure adherence.
If you have any inqueries regarding this security policy, you can contact R:BASE Technologies at services@rbase.com.