Our clients trust us to protect the data that we handle for them. ITARUS™ takes this responsibility seriously.
This policy outlines acceptable use of ITARUS™ extranet based applications. By this we mean private web sites held on behalf of a client company, which are accessed using the internet. These sites are not available to the general public, and require each user to be granted access by our IT Staff.
Effective security is a team effort involving the participation and support of both ITARUS™ employees, and all users who are granted access. It is the responsibility of every employee and Extranet system user to read, understand, accept and adhere to these guidelines and to conduct their activities accordingly.
This policy applies specifically to those users of Extranet-based systems which are hosted by ITARUS™ (for example, all applications residing at www.itarus.com/). This includes any user, internal or external to ITARUS™ who has been granted access.
- Users should be aware, that for security and network maintenance purposes, authorised individuals within ITARUS™ may monitor equipment, systems and network traffic at any time.
- ITARUS™ reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.
Security of user information
- Users MUST keep passwords and user names secure and not share accounts. Authorised users are solely responsible for the security of their own passwords and accounts. Users should never leave their systems unattended for others to make use of their accounts.
- Users MUST NEVER e-mail usernames and passwords. Your initial password may be e-mailed to you by our system. You are advised to change your password after logging in for the first time. If you need to discuss problems logging into an application, please do not include passwords and usernames in an e-mail even if you are asked to do so by someone. Please contact our support staff, or your administrator, and keep your log-in information confidential.
When an employee leaves
User’s must NOT under any circumstances access any of the ITARUS™ applications after their employment with the client has ended. The client Company’s nominated Administrator is asked to inform ITARUS™ so that the user’s account can be removed from the system.
All computers which are used by users to access ITARUS™ Extranet systems, whether owned by the user, or the client company MUST be continually executing approved virus-scanning software with a current virus database, unless overridden by departmental IT or group company policy. If you are not sure whether your machine or network is protected by anti-virus software, please check with your IT department in advance.
The following activities are in general, prohibited. Certain employees, such as system administrators may be exempted from some these restrictions when they are carried out during the course of their legitimate responsibilities.
1. Introduction or use of malicious code into or against the network or any server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.)
2. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to:
- Deliberately accessing data to which the user is not entitled;
- Logging into an account that the user is not expressly authorised to access;
- Port or vulnerability scanning, or monitoring is expressly prohibited;
- Circumventing user authentication or security of any host, network, or account;
- Providing information about ITARUS™ systems, or any other user information such as log-ins, passwords and urls to unauthorised third parties.
Please address any queries arising from these terms to:
ICT Operations & Security Manager