ACCEPTABLE USE POLICY

Meta Data

Version: 1.3

Status: Released

Last Publication Date: 1/25/2022

Last Review Date: 12/19/2025

Version History 

Review History

Meta Data

Version History

Review History

1 Introduction

2 Intended Audience

3 Policy Statement

3.1 General Requirements

3.2 System Accounts

3.3 Computing Assets

3.4 Network Use

3.5 Electronic Communications

4 Enforcement

5 Definitions

1. Introduction

The purpose of this policy is to establish acceptable and unacceptable uses of electronic devices and network resources at App47, Inc. in conjunction with its established culture of ethical and lawful behavior, openness, trust, and integrity.

App47, Inc. provides computer devices, networks, and other electronic information systems to meet missions, goals, and initiatives and it and its employees must manage them responsibly to maintain the confidentiality, integrity, and availability of its information assets. This policy requires the users of information assets to comply with company policies and protect the company against damaging legal issues.

2. Intended Audience

All employees, contractors, consultants, temporary, and other workers at App47, Inc., including all personnel affiliated with third parties must adhere to this policy. This policy applies to information assets owned or leased by App47, Inc., or to devices that connect to a App47, Inc. network or reside at a App47, Inc. site.

Information Security must approve exceptions to this policy in advance through an email originally sent to security@app47.com.

3. Policy Statement

1. General Requirements

1. You are responsible for exercising good judgment regarding appropriate use of App47, Inc. resources in accordance with App47, Inc. policies, standards, and guidelines. App47, Inc. resources may not be used for any unlawful or prohibited purpose.

2. For security, compliance, and maintenance purposes, authorized personnel may monitor and audit equipment, systems, and network traffic per the Audit Policy. Devices that interfere with other devices or users on the App47, Inc. network may be disconnected. Information Security prohibits actively blocking authorized audit scans. Firewalls and other blocking technologies must permit access to the scan sources.

2. System Accounts

1. You are responsible for the security of data, accounts, and systems under your control. Keep passwords secure and do not share account or password information with anyone, including other personnel, family, or friends. Providing access to another individual, either deliberately or through failure to secure its access, is a violation of this policy.  If you believe that someone is in violation of this policy, please refer to the Incident Management Plan.

2. You must maintain system-level and user-level passwords in accordance with the Password Policies found in the App47 IT Security Policy.

3. You must ensure through legal or technical means that proprietary information remains within the control of App47, Inc. at all times. Conducting App47, Inc. business that results in the storage of proprietary information on personal or non-App47, Inc. controlled environments, including devices maintained by a third party with whom App47, Inc. does not have a contractual agreement, is prohibited. This specifically prohibits the use of an e-mail account that is not provided by App47, Inc., or its customer and partners, for company business.

3. Computing Assets

1. You are responsible for ensuring the protection of assigned App47, Inc. assets that includes the use of computer cable locks and other security devices. Laptops left at App47, Inc. overnight must be properly secured or placed in a locked drawer or cabinet. Promptly report any theft of App47, Inc. assets to the security@app47.com.

2. All PCs, mobile devices, laptops, and workstations must be secured with a password-protected screensaver with the automatic activation feature set to 15 minutes or less. You must lock the screen or log off when the device is unattended.

3. Devices that connect to the App47, Inc. network must comply with the Minimum Access Policy.

4. In accordance with App47’s BYOD policy, system security software (Antivirus, SPAM filter) software must be used on desktop and laptop computers when connected to App47 resources. This is further explained in the Minimum Access Policy.

5. Any software install must be approved by management.

4. Network Use

You are responsible for the security and appropriate use of App47, Inc. network resources under your control. Using App47, Inc. resources for the following is strictly prohibited:

6. Causing a security breach to either App47, Inc. or other network resources, including, but not limited to, accessing data, servers, or accounts to which you are not authorized; circumventing user authentication on any device; or sniffing network traffic.

7. Causing a disruption of service to either App47, Inc. or other network resources, including, but not limited to, ICMP floods, packet spoofing, denial of service, heap or buffer overflows, and forged routing information for malicious purposes.

8. Introducing honeypots*, honeynets*, or similar technology on the App47, Inc. network.

1. *See the Definitions section of this document for more information about the starred items above.

9. Violating copyright law, including, but not limited to, illegally duplicating or transmitting copyrighted pictures, music, video, and software.  

10. Exporting or importing software, technical information, encryption software, or technology in violation of international or regional export control laws.

11. Use of the Internet or App47, Inc. network that violates the App47 IT Security Policy, other App47, Inc. policies, or local laws.  

12. Intentionally introducing malicious code, including, but not limited to, viruses, worms, Trojan horses, e-mail bombs, spyware, adware, and keyloggers.

13. Port scanning or security scanning on a production network unless authorized in advance by Information Security.

5. Electronic Communications

The following are strictly prohibited:

14. Inappropriate use of communication vehicles and equipment, including, but not limited to, supporting illegal activities, and procuring or transmitting material that violates App47, Inc. policies against harassment or the safeguarding of confidential or proprietary information.

15. Sending spam* via e-mail, text messages, pages, instant messages, voice mail, or other forms of electronic communication.

1. *See the Definitions section of this document for more information about the starred items above.

16. Forging, misrepresenting, obscuring, suppressing, or replacing a user identity on any electronic communication to mislead the recipient about the sender.

17. Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

18. Use of an App47, Inc. e-mail or IP address to engage in conduct that violates App47, Inc. policies or guidelines. Posting to a public newsgroup, bulletin board, or listserv with a App47, Inc. e-mail or IP address represents App47, Inc. to the public; therefore, you must exercise good judgment to avoid misrepresenting or exceeding your authority in representing the opinion of the company.

4. Enforcement

An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. A violation of this policy by a temporary worker, contractor or vendor may result in the termination of their contract or assignment with App47, Inc.

5. Definitions