Information Security: Acceptable Use Policy¶
We are obliged contractually to comply with the security standards of our clients, and the legal regulations of the countries we operate in. Failure to comply can be damaging for all involved.
Our information security policy has been developed with these compliance objectives in mind, and will be provided to you for reference.
Please take into account the following critical security points, which detail acceptable use at FooEngine Ltd., and then take the time to read the related policy. Please also refer to the primary security policy to identify our overall approach to information security.
| Topic | Policy |
|---|---|
| Confidentiality | For the avoidance of doubt, any information made available to you concerning the company, its clients or operations is explicitly confidential. |
| Social media | You must not share any company or client information in any form on any social media platform, forum, blog post or website without expressed written consent from an officer of the company who has the authority to give such approval. |
| Artificial Intelligence / Machine Learning (AI/ML) | Artificial Intelligence / Machine Learning tools are only to be used with prior authorisation; usage is subject to company policy, and according to the classification of data processed. |
| Incident reporting | If you identify a potential or actual security incident, then you must use the current incident management procedure to notify management as appropriate. |
| Mobile devices / recording equipment | We prohibit camera, video or audio capture of any confidential information or locations under our care, without prior authorisation. |
| Internet Use | Employees and contractors are expected to use the Internet responsibly and productively. Internet access from company systems is limited to job-related activities and incidental personal use. All Internet data that is composed, transmitted and/or received by company systems is considered to belong to the company and is recognised as part of its official data. It is therefore subject to disclosure for legal reasons and/or to other third parties as required. The equipment, services and technology used to access the Internet are the property of the company, and the company reserves the right to monitor Internet traffic and monitor and access data that is composed, sent, or received through its networks. Emails sent via the company email system must not contain content that is deemed to be offensive. This includes, though is not restricted to, the use of vulgar or harassing language or images. Illegal, violent, pornographic, hateful or terrorist material is strictly forbidden. All sites and downloads may be monitored and/or blocked by the company if they are deemed to be harmful and/or not productive to business. Where the content of client material in the platform may be potentially in violation of this acceptable use policy, the company must be notified as soon as possible as per incident management procedure which is provided as part of personnel training. The installation or use of unapproved software or web based services is strictly prohibited. |
| Use of cloud resources (e.g. GCP / AWS) | Cloud services being used for business activities (e.g. administrative consoles, remote desktops for administration or content processing activities etc.) are only to be used according to approved company procedures. |