Electronic Communication and Security Policy

1. Introduction

Information technology systems are an integral part of any business. The services provided come with a cost investment in human capital and financial resources to create and maintain these systems and the integrity and operation thereof should be protected at all times.

This Electronic Communication Policy has been established in order to:

a) Protect the company’s investment;

b) Safeguard the information contained within these systems;

a) Minimize business and legal risk; and

b) Protect the reputation of the organisation.

2. Glossary and Terms

The following terms and definitions are used within this document:

a) “the Company” incorporates all divisions, companies, subsidiaries, associates or Joint Ventures that are controlled by your current employer.

b) Computer viruses are programmes designed to make unauthorised changes to programmes and data.

c) Confidential information means all proprietary data, trade secrets, copyright material and any other confidential information including without limitation all information pertaining to confidential agreements, business plans, product development, market surveys, client lists, employee information and technical knowledge.

d) Electronic communications means any communication that includes amongst others and not limited to Internet, email, SMS, instant messaging, fax or any other communication which may be described in the Electronic Communications and Transactions Act.

e) E-Mail means electronic mail, a data message used or intended to be used as a mail message between the originator and addressee in an electronic communication.

f) Firewall means a set of related computer programmes, located on a networked server or appliance that protects the resources of a private network from users on other networks.

g) Illegal Content – means any electronic communication content that contains material that is pornographic, oppressive, racist, sexist, defamatory against any employee or third party, offensive to any group, a violation of an employee’s or a third party’s privacy, identity or personality, copyright infringement, malicious codes such as viruses and Trojan Horses, and content containing any personal information of employees or third parties as defined by the Promotion of Access to Information Act and / or the Electronic Communications and Transactions Act.

h) Information system resources includes, but is not limited to, data networks, workstations, tablets, smartphones, servers, cloud services and personal devices or computers (stand-alone or network-enabled) located at the company and non - the company locations, where these systems are under the jurisdiction and/or ownership of the company, and any personal devices or computers and / or servers authorised to access the company’s data networks

i) Internet means the interconnected system of networks that connects computers around the world using the TCP/IP and includes future versions thereof.

j) Intranet means a private network that is contained within an organisation and typically protected from uncontrolled external access by a firewall.

k) Pornographic means all the content and actions, simulated or real, graphic or written detailed in Schedules 1, 2, 6, 7 and 11 of the Films and Publications Act.

l) Users mean employees, temporary staff, contractors, service providers, consultants and authorised guests using Information System Resources or Electronic Communications.

3. Scope

The scope of this policy applies to:

a) Users utilising the company information system resources;

b) Information system resources in any form including electronic or paper-based media;

c) This policy and the principles contained herein shall form part of any contract negotiated with external parties.

4. Electronic Communications

The electronic communication facilities provided by the company must be appropriately protected against innocent misuse and malicious abuse to ensure their optimum functionality at all times.

a) Policy

Access to electronic communications is provided to users for the benefit of the company and its business. Access to electronic communications is a privilege and such access is entirely at the discretion of the company or its appointed delegates. Users are able to connect to a variety of information system resources through the Internet. This access is limited to employees and other users that the company may authorise from time to time.

Electronic communications are replete with risks and illegal content. To protect the company’s interests this policy has been established for the use of electronic communications.

b) Non-business use

The information system resources provided by the company are primarily intended for business usage and to enhance the company’s business. Incidental private and personal use may be allowed by the company, subject to the conditions and policies the company. The company will not accept any liability regarding the use of electronic communication facilities when used for private use, and the employee indemnifies the company against any such liability.

Generally incidental non-business use of electronic communications are permitted, providing at all times that such use does not:

i. Interfere with the user’s work or performance;

ii. Interfere with any other user or employee’s work or performance;

iii. Violate any applicable national or international law:

iv. Cause disruptions to the operations or the company’s information systems resources;

v. Violate any other provision of this policy or any other applicable policy, guideline or rule of the company.

5. Acceptable Use

Users may access the Internet through the information system resources for the purpose of conducting the company’s business. Users using electronic communications may cause the company to be held liable for legal liability arising through or caused by such use. Users are responsible for ensuring that the Internet is used in an effective, ethical, and lawful manner. This includes:

a) Using the Internet to obtain business information for company use from commercial or academic web sites.

b) Accessing databases for information as needed for company business.

c) Using e-mail for business correspondence.

d) Utilising electronic communications, as a tool to advance the business objectives of the company. Best practice should be followed, ie:

i. When forwarding e-mail or replying to e-mail, the contents of the original e-mail should not be altered. If the content needs to be changed, then all changes must be clearly marked as such.

ii. E-mail should be kept brief and formulated appropriately.

The company has the right to limit the size of incoming and outgoing email messages and attachments, downloads and other files and may block and delete e-mail messages, downloads, attachments or other files that are larger than the set maximum size. It is the responsibility of the employee to limit the size of attachments and other files to prevent overloading of the information system resources.

6. Unacceptable Use

Employees must not use electronic communications for purposes that are illegal, unethical, harmful to the company (including statements, actions or omissions that do, or could, lead to civil and/or criminal liability to the company or damage or loss to the company or its reputation) or fellow employees. Employees shall not:

a) Receive, store, download, print, distribute, send or access any material that is illegal content.

b) Participate in e-mail “chain letters” or unsolicited e-mail (“spam”), for example, e-mail messages containing instructions to forward the message to others where not for official or company business purpose.

a) Send or forward joke e-mails, electronic greeting cards, Christmas cards, copyrighted music files (e.g. MP3), copyrighted video clips (not related to official business) and games that can negatively impact on the overall performance of the company’s information system resources.

b) Represent personal opinions as that of the company via e-mail or publication of unauthorised statements onto web sites, bulletin boards, social media, discussion areas or newsgroups.

c) Modify an e-mail message and forwarding or replying therewith without noting the changes, i.e. deletions, removal of recipients or modification of content.

d) Send, reply to or forward e-mail messages or other electronic communications which hides the identity of the sender or represents the sender as someone else.

e) Use information, e-mail, files, downloads or data to commit fraud or any other criminal offence/s.

f) Conduct a personal business using company information system resources.

g) Transmit confidential information to any person not authorised to receive it.

h) Conduct any form of a campaign that may be considered as damaging against fellow employee/s or any third party by e-mail or by any other electronic means.

7. Proactively Monitoring

The many of systems provided by JEC Technologies to the company include passive and active file, email and mailbox filters. These may include such things as anti-spam, antivirus and anti-malware filters. Therefore, and with due regard to the Constitution of the Republic of South Africa and the Regulation of Interception of Communications Act and Provision of Communications-Related Information in order for the company to effectively manage its electronic communication resources the company reserves the right to:

a) Intercept, monitor, block, delete, read and act upon any incoming or outgoing electronic communication addressed to or originating from a user;

b) Intercept, monitor, block delete, read and act upon any file, in whatever format, stored by a user on any information system resource of the company; and each and every user has given his or her written consent, or shall be deemed to have given such consent if he or she uses the company’s information system resources for access to electronic communications. The company will respect the employee’s right to privacy as far as is reasonably possible, subject to the protection of the company’s rights and interest in and to its business.

c) Every user shall be deemed to have given consent to monitor their communications by accepting this policy

8. Computer Viruses

Computer viruses can cause destruction of information system resources. It is important to know that computer viruses are much easier to prevent than to cure. Defences against computer viruses include protection against unauthorised access to computer systems, using only trusted sources for data and programmes, and maintaining virus-scanning software. Employees shall therefore:

a) Not knowingly introduce a computer virus into company computers.

b) Not deactivate the anti-virus scanning engine on the computer.

c) Not load diskettes, CD-ROMS, DVDs or any other media type of unknown origin unless it has been scanned for viruses before they are loaded or executed.

9. User Accounts and Passwords

The confidentiality and integrity of data stored on company computer systems must be protected by access controls to ensure that only authorised users have access to it. This access shall be restricted to only those capabilities that are appropriate to each users’ duties.

In addition, users shall access electronic communications in a manner that does not compromise the company’s network security. This includes the user keeping their username and password secure, prohibiting access to intruders or viruses. The use of a defined user ID and the choice of passwords do not in any manner imply that an employee has a legitimate expectation of privacy with regard to his or her use of the company’s information systems.

Each employee shall:

a) Be responsible for all computer transactions that are made with his/her User ID (username) and password.

b) Not share logon usernames or disclose passwords to others. Passwords must be changed immediately if it is suspected that they may have become known to others. Passwords should not be recorded or kept where they might be easily obtained.

10. Intellectual Property Rights

a) Software

All software acquired for or on behalf of the company or developed by company employees or contract personnel on behalf of the company is and shall be deemed company property. All such software must be used in compliance with applicable licenses, notices, contracts, and agreements. Users should therefore:

a) Not duplicate or give to any unauthorised persons any copyrighted software.

b) Only use or install software that is licensed to or owned by the company.

Illegal software products increase the risk to the company of legal action by the owners of those products.

There is also an increase risk of malware and compromise of the data on the machine for software obtained via illegitimate means.

b) Media

While some media is created, royalty free, most has been registered and requires specific permissions to duplicate or distribute. Any copyrighted audio, video, or image files stored on a company device or within company storage, without the requisite licenses held, results in a liability to the company. Users should therefore:

a) Not duplicate or give to any unauthorised persons any copyrighted media.

b) Do not publicly display or play more than is permitted by Fair Use doctrine within copyright, as applicable for the media being consumed