Affiliates refers to Employees, Part-time Employees, Contractors, Consultants, Volunteers and any third party vendors operating on behalf of Women Who Code.
Members are people who are eligible for and/or receive Women Who Code benefits.
Customers and Partners are people or Companies that do business with Women Who Code.
Security Committee is a group of Board Members, Advisory and/or Affiliates designated to uphold the adherence of this Policy.
Proprietary Information is identifiable Member data (including Member emails), Employee information, and financial data outside of non-profit disclosure requirements without prior approval of the sources.
Social Media Posting includes Blogging, Posting or Messaging to social media and communicating with Press.
Women Who Code's (WWCode) intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to our established Mission and vision. Effective Security involves the participation and support of every WWCode Affiliate who handles information and/or information systems. It is the responsibility of every affiliate to know this Policy, and to conduct their activities accordingly.
The purpose of this Policy is to outline the acceptable use of computer equipment, software, operating systems, storage media, network accounts providing electronic mail, and internet browsing at WWCode. These rules are in place to protect the Affiliates, Members, Customers and Partners of WWCode. Inappropriate use exposes WWCode to risks including virus attacks, compromise of network systems and services, legal issues, and reputational damage.
This Policy applies to the use of information, electronic and computing devices, and network resources to conduct WWCode business or interact with internal networks and business systems, whether owned or leased by WWCode or its Affiliates. All Affiliates at WWCode are responsible for exercising good judgment regarding appropriate use of information, electronic devices, and network resources in accordance with WWCode Policies and standards, local laws and regulation.
Exceptions to this policy are documented in Section 6.2.
5.1.1 You have a responsibility to promptly report the theft, loss or unauthorized disclosure of WWCode's Proprietary Information to the Security Committee.
5.1.2 You have a responsibility to promptly report any compromise discovered on WWCode property, regardless of whether it is for personal or business use to the Security Committee.
5.1.3 You may access, use or share WWCode Proprietary Information with Affiliates only to the extent it is authorized and necessary to fulfill your assigned job duties.
5.1.4 Affiliates are responsible for exercising good judgment regarding the reasonableness of personal use while using WWCode equipment.
5.1.5 For security and network maintenance purposes, Individuals authorized by the Security Committee within WWCode may monitor equipment, systems and network traffic at any time.
5.1.6 WWCode reserves the right to audit networks and systems on a periodic basis to ensure compliance with this Policy.
5.2.1 System level and user level passwords must comply with internal Password Protection Policies and be of your best judgement. Providing access to another Individual, either deliberately or through failure to secure its access, is prohibited.
5.2.2 All computing devices must be secured with a password protected screensaver with the automatic activation feature set to 10 minutes or less. You must lock the screen or log off when the device is unattended.
5.2.3 Postings by Affiliates from a WWCode email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of WWCode, unless posting is in the course of business duties.
5.2.4 Affiliates must use extreme caution when opening email attachments, links, or software received from known or unknown senders, which may contain malware.
The following activities are, in general, prohibited. Affiliates may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., software engineer may have a need to disable application access for deployment, improvements or updates).
Under no circumstances are Affiliates of WWCode authorized to engage in any activity that is illegal under Local, State, Federal or International Law while utilizing WWCode owned resources.
The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use. Any unacceptable use shall be reported to the Security Committee.
The following activities are strictly prohibited:
Violations of the rights of any person or company protected by Copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by WWCode.
Unauthorized copying of Copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which WWCode or the end user does not have an active license is strictly prohibited.
Accessing data, a server or an account for any purpose other than conducting WWCode business, even if you have authorized access, is prohibited.
Exporting software, technical information, encryption software or technology, in violation of International or regional export control laws, is illegal. The appropriate Management should be consulted prior to export of any material that is in question.
Exporting or copying any WWCode Proprietary Information for uses outside of your current job duties.
Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, email bombs, etc.).
Revealing your WWCode account passwords to others or allowing use of your account by non WWCode Affiliates. This includes family and other household Members when work is being done at home.
Using a WWCode computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.
Making fraudulent offers of products, items, or services originating from any WWCode account.
Making verbal or written claims, expressly or implied, unless it is a part of normal job duties.
Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the affiliate is not an intended recipient or logging into a server or account that the an affiliate is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "security breaches or disruptions" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
Executing any form of network monitoring which will intercept data not intended for the employee's host, unless this activity is a part of the employee's normal job/duty.
Circumventing user authentication or security of any host, network or account.
Interfering with or denying service to any user other than the employee's host (for example, denial of service attack).
Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
Providing information about, or lists of WWCode Proprietary Information to parties outside WWCode including Customers, Partners, Members and the general public unless pre-approved by the source and Security Committee.
Downloading and installing software without approval from the Security Committee.
When using WWCode resources to access and use the Internet, users must realize they represent the Company. Access to Company resources are inclusive of all social mediums, as referenced in Section 5.3.3. Whenever Affiliates state an affiliation to WWCode, they must also clearly indicate that “the opinions expressed are my own and not necessarily those of the company”.
Sending unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).
Any form of harassment via email, telephone or paging, whether through language, frequency, or size of messages.
Unauthorized use, or forging, of email header information.
Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies.
Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.
Posting non-business-related messages to large numbers of newsgroups or group chats (newsgroup spam).
Utilizing inappropriate language, terminology, emjoi's/gifs/or other digital expressions - especially when the recipient of the message is (i) external to WWCode, and (ii) unknown, and (iii) a Customer or Partner.
Social Media Posting by Affiliates, whether using WWCode property and systems or personal computer systems, is also subject to the Terms and restrictions set forth in this Policy. Use of WWCode's systems to engage in Social Media Posting is acceptable, provided that it is done in a professional and responsible manner, and is not detrimental to WWCode's Mission and vision.
WWCode's Affiliates are prohibited from revealing any WWCode Proprietary Information, trade secrets, or any other material pre-defined as confidential.
Affiliates shall not engage in any Social Media posting that may harm or tarnish the image, reputation and/or goodwill of WWCode and/or any of its employees.
Affiliates are also prohibited from making any discriminatory, disparaging, defamatory, or harassing comments when Social Media Posting or otherwise engaging in any conduct prohibited by non US or US discrimination and harassment laws.
Affiliates may also not attribute personal statements, opinions or beliefs to WWCode when engaged in Social Media Posting. If an affiliate is expressing their beliefs and/or opinions in in posts, the affiliate may not, expressly or implicitly, represent themselves as an affiliate or representative of WWCode. Affiliates assume any and all risk associated with Social Media Posting.
Apart from following all laws pertaining to the handling and disclosure of Copyrighted or export controlled materials, WWCode's trademarks, logos and any other WWCode Proprietary Information may also not be used in connection with any unauthorized Social Media Posting activity.
The Security Committee will verify compliance to this Policy through various methods, including but not limited to, business tool reports, internal and external audits, and Policy review.
Any exception to the policy must be approved by the Security Committee in advance.
An affiliate found to have violated this policy may be subject to disciplinary action, up to and including termination of employment or contract based on review of the Security Committee.
Any questions should be addressed to the Security Committee to firstname.lastname@example.org.
Dates of Changes
May 24, 2018 initial draft approved and finalized
January 18, 2018 initial draft