End User Guidelines

Document ID : End User Guidelines Ver_3.00

Created on : December 29, 2022

Prepared By : Ragini/Shaik

Approved By : Selva Kumar

End User Guidelines

Internal 2 of 8

1. Scope

These guidelines are applicable to all the employees, contractors & third party

personnel at Information Dynamics.

2. Purpose

To establish guidelines for all employees and end-users of Information Dynamics, to

aid enforce them organization-wide information security.

3. Admin Guidelines

• Users should display their own identification cards (Proximity Card) prominently.

• Users should use their own Proximity Card to get access to facilities.

• In case an employee forgets to bring their ID card, Security Supervisor will ask

the respective Manager / Team Leader to come to the Security Gate to sign in the

issue register for issuing a temporary access card to the employee for the day. For

more details on the process of issuing temporary access card please refer to

section 3.1.1 in Administration Guidelines.

• Users should follow standard operating procedures that are stipulated from time-

to time.

• Users should proactively handover the keys of the drawer or cabin at the time of

shifting from one seat to another.

• Ensure that you are aware of the emergency/fire exits.

4. Computing Guidelines

• Users are expected to keep their passwords secure and confidential. Giving your

password to others is explicitly forbidden.

• Users should not store personally-identifiable information about others on their

PC, even though it may be convenient to do so.

• Users should abide by all applicable Acceptable Use Guidelines.

• Users should log off or Lock PC when leaving for the day.

• Users should not use removable media disks except where specifically authorized

by reporting Manager.

• Information and data stored on Laptop or portable computers be backed up

regularly.

• Only authorized equipments should be taken outside the Information Dynamics

premises i.e. laptop users must sign an undertaking and for other official

equipment gate pass must be issued.

• Do not use any unauthorized software.

End User Guidelines

Internal 3 of 8

• Should not leave unattended diskettes / tapes /papers containing information

classified as confidential.

• All critical data/information should be stored on shared location available at

SAN/NAS boxes.

• Should not attempt to gain access without proper authorization to a computing

system or network.

• All users should check for version update of antivirus signature, if found an old

version (older than two days than the current date) it should be reported to IT

team.

• Report all IT related issues to the ID helpdesk

5. Password Usage Guidelines:

• Users should not use their user id as password in any form;

• Users should not use their first, middle or last name as password, family or pet

names or nicknames;

• Password should not be shared with anyone till the time required to fulfill

business purpose.

• Information easily obtained about them e.g. license plate, telephone number, date

of birth, employee or payroll number should not be used as passwords;

• All digits or the entire sequence of single letter should not be used (example:

common character sequences like 1234567, abcdefg) as passwords; and

6. General Guidelines:

• Clear Desk and Clear Screen should be maintained.

• All documents of confidential nature should be shredded when no longer required.

The document owner must authorize or initiate this destruction.

• Eatable/drinks should not be carried to the workstation.

• Music, movies & Games should not be played, on the system/Laptop

• People roaming around the facility without ID cards should be challenged.

• Cameras and audio recording devices should not be allowed into the work area.

• Server room access is Internal to authorized personnel only and users should not

attempt to enter such rooms to which they have not been provided access.

7. IPR, Data Security, Confidentiality & Privacy

Information Dynamics users should be responsible for ensuring the confidentiality and

appropriate use of organizational and customer data/information to which they are given

access, ensuring security of the equipment where such information is held or displayed,

and abiding by related privacy rights concerning the use and release of personal

information, as required by law & Information Dynamics policies, including

Confidentiality & Non Disclosure Agreement.

Copyright law should apply to all forms of information, including electronic

communications, and violations are prohibited. Infringements of copyright laws include,

End User Guidelines

Internal 4 of 8

but are not limited to, making unauthorized copies of any copyrighted material (including

software, text, images, audio, and video), and displaying or distributing copyrighted

materials over computer networks without the author's permission except as provided in

limited form by copyright fair use restrictions.

8. Acceptable Use

8.1. General Use

• Information Dynamics’s network administration should provide a reasonable

level of privacy to the users for business purposes, users should be aware that

the data they create on the corporate systems’ remains the property of

Information Dynamics.

• Responsibility for exercising good judgment regarding the reasonableness of

personal use should be that of the user of the asset. Individual should be

responsible for the use of Internet/Intranet systems.

• Laptop users should agree to take shared responsibility for the security of their

laptop and the information it contains as per the Communication and

Operations Management Policy. They need to sign a Laptop Undertaking

Form.

• For security and network maintenance purposes, authorized individuals within

Information Dynamics should monitor equipment; systems and network traffic

at any time and review them.

8.1.1. Security and Proprietary Information

• The user interface for information contained on Internet/Intranet/Extranet-

related systems and hardcopies should be classified as Confidential, Internal

or Public, as defined by Asset Management Policy

• Authorized users should be responsible for the security of their passwords

and accounts. System and user level passwords should be changed after a

fixed duration of time.

• All PCs, laptops and workstations should be secured with a password

protection.

• Information contained on portable computers is vulnerable, special care

should be exercised by their user.

• Postings by employees from a Information Dynamics email address should

contain a disclaimer stating that the opinions expressed are strictly their own

and not necessarily those of Information Dynamics, unless posting is in the

course of business duties.

• All hosts used by the employee that are connected to the Information

Dynamics Internet/Intranet/Extranet, whether owned by the employee or

Information Dynamics, should be continually executing approved virus-

scanning software with a current virus database.

End User Guidelines

Internal 5 of 8

• Employees should take caution while opening e-mail attachments received

from unknown senders, which may contain viruses, e-mail bombs, or Trojan

horse code.

• In case an Asset (Laptop, Hardware Equipment, etc) is lost or stolen

appropriate authorities should be intimated as per the Information Security

Incident Management Policy.

• Information should not be left unattended at Photocopiers, Printers, Fax

machines, etc

• The custodian of any form of information storage media should be

responsible for the asset as per the Asset Management Policy.

8.2. Unacceptable Use

The following activities are, in general, prohibited. Employees may be exempted

from these restrictions during the course of their legitimate job responsibilities

(e.g., systems administration staff may have a need to disable the network access

of a host if that host is disrupting production services).

Under no circumstances is an employee of Information Dynamics authorized to

engage in any activity that is illegal under law while utilizing Information

Dynamics-owned resources.

The lists below are by no means exhaustive, but attempt to provide a framework

for activities, which fall into the category of unacceptable use.

8.2.1. System and Network Activities

The following activities should be strictly prohibited, with no exceptions:

• Violations of the rights of any person or company protected by

copyright, trade secret, patent or other intellectual property, or similar

laws or regulations, including, but not limited to, the installation or

distribution of "pirated" or other software products that are not

appropriately licensed for use by Information Dynamics.

• Unauthorized copying of copyrighted material should be prohibited.

Laptop users should ensure they comply with data copyright

requirements.

• Exporting software, technical information, encryption software or

technology, in violation of international or regional export control laws,

is illegal and appropriate management should be consulted prior to

export such material in question.

• Introduction of malicious programs into the network or server (e.g.,

viruses, worms, Trojan horses, e-mail bombs, etc.). Installation of

unlicensed or malicious software on the laptops.

End User Guidelines

Internal 6 of 8

• Revealing account password and allowing use of account by

unauthorized users. This includes family and other household

members when work is being done at home.

• Using Information Dynamics computing asset to actively engage in

procuring or transmitting material that is in violation of sexual

harassment or hostile workplace laws in the user's local jurisdiction.

• Making fraudulent offers of products, items, or services originating

from any Information Dynamics account.

• Making statements about warranty, expressly or implied, unless it is a

part of normal job duties.

• Effecting security breaches or disruptions of network communication.

Security breaches include, but are not limited to, accessing data of

which the employee is not an intended recipient or logging into a

server or account that the employee is not expressly authorized to

access, unless these duties are within the scope of regular duties. For

purposes of this section, "disruption" includes, but is not limited to,

network sniffing, pinged floods, packet spoofing, denial of service,

and forged routing information for malicious purposes.

• Port scanning or security scanning is expressly prohibited unless

authorized by IT Head.

• Executing any form of network monitoring which will intercept data

not intended for the employee's host, unless this activity is a part of the

employee's normal job/duty is prohibited.

• Circumventing user authentication or security of any host, network or

account.

• Interfering with or denying service to any user other than the

employee's host (for example, denial of service attack).

• Using any program/script/command, or sending messages of any kind,

with the intent to interfere with, or disable, a user's terminal session,

via any means, locally or via the Internet/Intranet/Extranet.

• Providing information about, or lists of, Information Dynamics

employees to parties outside Information Dynamics.

• Use of such software/technique which bypass Information Dynamics’s

Group policy.

8.2.2. Email and Communications Activities

The following activities should be strictly prohibited, with no exceptions:

• Sending unsolicited email messages, including the sending of junk

mail" or other advertising material to individuals who did not

specifically request such material (email spam).

• Any form of harassment via email, telephone or paging, whether

through language, frequency, or size of messages.

• Unauthorized use, or forging, of email header information.

End User Guidelines

Internal 7 of 8

• Solicitation of email for any other email address, other than that of

the poster's account, with the intent to harass or to collect replies.

• Creating or forwarding "chain letters" or other "pyramid" schemes

of any type.

• Use of unsolicited email originating from within Information

Dynamics's networks of other Internet/Intranet/Extranet service

providers on behalf of, or to advertise, any service hosted by

Information Dynamics or connected via Information Dynamics's

network.

• Posting the same or similar non-business-related messages to large

numbers of Usenet newsgroups (newsgroup spam).

• Usage of phones, fax, or other communication equipments other

than operational and functional requirement of the business.

• Storage of unsolicited email messages in public folders.

9. Information Labeling, Handling & Exchange Guidelines

Guidelines for handling, processing, storing, and communicating information consistent

with its classification are:

• Handling and labeling of all media should indicate its classification level i.e.

Internal, Confidential or Public

• Spooled data awaiting output( Printing or Photocopying) should be protected

to a level consistent with its sensitivity;

• The distribution of data should keep to a minimum and should be accessible to

authorized persons who require them for business needs.

• Distribution list and List of authorized person should be reviewed quarterly.

• System documentation should be stored securely.

• Sensitive or critical information should not be left over printing facilities, e.g.

copiers, printers, and facsimile machines, as these may be accessed by

unauthorized personnel;

• Automatic forwarding of electronic mail to external mail addresses should not

be allowed;

• Messages containing sensitive information should not be left on voice mail

since these may be replayed by unauthorized persons, stored on communal

systems or stored incorrectly as a result of misdialing;

• Media containing sensitive or critical information should be protected against

unauthorized access, misuse or corruption during transportation beyond an

Information Dynamics’s physical boundaries. Only authorized persons should

carry these media to the desired destinations.

• Packaging should be sufficient to protect the contents from any physical

damage likely to arise during transit and in accordance with any

manufacturers’ specifications.

• Information should be classified and exchanged according to their criticality.

End User Guidelines

Internal 8 of 8

10. Public

• General information and organizational brochure should be considered as

public.

• Information pertaining to Information Dynamics which is available on www

domain could be accessed by anyone.

• Public information should be made available through Internet/E-mails.

• Hard/Softcopies with no label should be considered as “Public”.

• Hard copies of the “Public” documents should not be stamped.

11. Internal

• All information of proprietary nature - procedures, operational work routines,

project plans, designs and specifications that define the way in which

Information Dynamics operates should be considered as “Internal”.

• Access to information labeled “Internal” should be given to authorized

persons with a business need to know and is for circulation within the

organization.

• Internal Information/Data should be made available through Intranet/ E-mails

to employees and to third party personnel with a business need to know.

• Hard copies of the “Internal” documents.

• Media containing obsolete Internal information/data should be destroyed/

formatted. Information asset owner should initiate the disposal.

12. Confidential

• All information regarding Business, financial, Trade secrets, marketing,

operational, technical and customer /client information should be considered as

“Confidential”.

• Access to information labeled “Confidential” should be given to authorized

persons with a business need to know and relevant level of physical and logical

access should be provided.

• Confidential Information/Data should be made available through Secure

VPN/Secure FTP/Email/Electronic file transmission systems.

• Media containing “Confidential” information/data which is no longer required

should be destroyed/ formatted. Information asset owner should initiate the

disposal.