IT Policy

ECAAS ISO New Zealand provides information technology (IT) equipment and software for its employees to use in accordance with the performance of their specific duties and to enable ECAAS to operate in the most efficient and effective manner. 

 

In order to ensure that both ECAAS and its employees are protected from legal liability arising from breaches of discrimination and other laws, the acceptable standard of behaviour and usage by all employees in relation to the IT equipment and software is outlined below. 

 

For the purposes of this Policy, IT equipment includes servers, computers, laptops, printers, scanners, copiers, telephones, mobile phones, network hardware and cables, digital cameras, data projectors and all other electronic devices, along with any software and systems required for these devices. 

 

Breaches of this IT Policy will result in the employee being subject to disciplinary action, and in serious cases, termination of employment. contact 

 

1.1   Information Protection/Confidentiality 

Any confidential documents or computer output that are no longer required should be disposed of in accordance with the instruction: Control of Documents & Records. 

 

All data handled on IT equipment must be stored in the Microsoft 365 cloud-based platform.  

 

Data stored on IT equipment must be deleted when no longer required by an authorised user. 

 

Passwords must be stored in our electronic password management platform. 

 

The unauthorised provision, access or use of confidential, personal or sensitive information, in accordance with ECAAS Privacy Policy, is prohibited. 

 

Employees of ECAAS are, without authority, prohibited from accessing (hacking) any computer, whether owned by ECAAS or by another organisation. 

1.2   Use of Computer Equipment 

 

All computer equipment must be located in physically secured areas.  IT equipment such as laptops and mobile phones must never be left in an unsecured site, for example, in cars or at client’s premises. 

 

Any changes to user access and the installation, re-configuration, relocation or disposal of IT equipment, systems and software can only be authorised by the Managing Director. 

 

1.3   Internet/E-mail Facilities 

Internet and e-mail facilities are provided for the purpose of communication, research and legitimate business purposes related to the position.   

 

ECAAS reserves the right to monitor or audit staff compliance with this Policy relating to usage of both Internet or e-mail facilities.  Detailed logs of every employee’s e-mail usage, web browsing and Internet activities will be stored by ECAAS and management will access these logs when staff compliance becomes an issue or concern. 

 

Improper use of the Internet or e-mail by an employee may pose a threat to ECAAS security, the privacy of other employees and also the legal liability of ECAAS itself, and as a result, any programs, information or files downloaded from the Internet will need prior authorisation from the Managing Director. 

 

Electronic messages are formal business communication and have the same legal status as letters, memos and other printed communication.  Both hard copies and electronically stored copies of e-mail communication are subject to the laws of defamation, harassment, copyright and/or privacy. 

 

The following activities are prohibited when using Internet or e-mail facilities: 

  • sending, receiving, downloading, displaying, printing or otherwise disseminating material that  

     is sexually explicit, obscene, profane, harassing, discriminating, fraudulent, offensive,  

     defamatory or otherwise unlawful; 

  • the playing of games within working hours; 

  • creating and/or sending unnecessarily large computer network traffic; 

  • transmission of large files such as videos and images should be avoided; 

  • forwarding chain e-mails; 

  • using or copying software in violation of license agreements or copyright; 

  • violating any State, Federal or International law; 

  • excessive use of the Internet for personal business or private purposes; 

  • engaging in online chat groups or real-time exchange; or 

  • excessive usage of the e-mail facility for personal communications. 

 

1.4   Security Violations 

 

An IT security violation occurs when an authorised or unauthorised user deliberately accesses, or attempts to access, computer equipment for personal benefit or gain, to destroy data in order to disrupt business or for any other reason.  Examples of security violations include: 

  • attempting to access a computer system or function within a system without authority; 

  • attempting to log on with someone else’s User ID; 

  • accessing and supplying data to an unauthorised user; 

  • installing unauthorised software or hardware on ECAAS IT equipment; 

  • removing IT equipment from ECAAS premise without proper authorisation; or 

  • falsifying or updating records and systems without proper authorisation. 

 

1.5   Computer Viruses 

 

The most common way a virus is introduced to a computer system is via a file loaded, accessed or executed from an external source, such as a USB or the Internet.  Therefore, any software brought into ECAAS such as USB's obtained from external parties, must be scanned for viruses prior to being downloaded. 

 

Viruses may also be introduced to the system via e-mail transmission. 

 

Any virus warning on a system must be reported immediately to the Managing Director.  Employees are not permitted to take any action themselves. 

 

Deliberate installation of a virus or virus-infected material onto the ECAAS IT System is a dismissible offence. 

 

1.6   Telephone Systems 

 

ECAAS telephone systems (including mobile phones) are provided for business related purposes.  The appropriate use of the telephone systems for private use is acceptable as ECAAS recognises that in certain circumstances, employees may receive or be required to make private telephone calls whilst at work.  

 

The number and duration of private telephone calls made or received by employees shall be kept to a minimum. This equally applies to employees using their own mobile phones during work hours. 

 

Employees should be aware that the utilisation of ECAAS telephones is a privilege and not an automatic right. 

 

An employee may be held responsible for reimbursing ECAAS for the cost of all unauthorised private STD, ISD and mobile phone calls made whilst at work, and in serious cases of non-compliance with this Policy, may be disciplined.