🚧
ICT Systems
Version 1.0 | This Policy was approved on DD MMMM YYYY.
​ShortURL | Playbook | Assistant
NOTICE
This documentation page is under construction. Should you want to be notified once it's published, let us know.

Introduction

Definitions

This document employs terms related to the DCDR Advocacy that can be found in the TIOF terminology.
For a structure of The IO Foundation, please visit
Back to top

About this document

This document sets out the standards established by TIOF in matters of Information Technologies and Communication Systems you will need to be aware of while being a Member for TIOF. It establishes the facilities that you are provided of, when we will monitor their use and the actions the organization will take if you breach these standards. You should familiarize yourself with them and comply with them at all times. Any questions you may have with regard to its contents or what you have to do to comply with it should be referred to your corresponding Team HR Coordinator.
Any Member who breaches this Policy will face disciplinary action, which could result in dismissal for gross misconduct. Any non-Member who breaches this Policy may have their contract (or equivalent official relationship with TIOF) terminated with immediate effect.
This document complements TIOF's Code of Conduct​
This document does not form part of any Engagement Document and we may amend it at any time.
Back to top

Scope

This document directly applies to:
This document indirectly applies to:
The policies and/or procedures set out in this document apply to all TIOF Members unless otherwise indicated. They therefore apply to Directors, Advisers, Counselors, Staff, Volunteers and Interns; this is irrespective of their part-time, fixed-term or casual status. They equally apply to all Contributors and will be used as part of the selection criteria when engaging with them.
This document applies within all TIOF spaces, including (although not limited to) management activities, project contributions or events, and also applies when an individual is officially representing the broader community in public spaces. Examples of representing our community include (although not limited to) using an official e-mail address, posting via an official social media account or acting as an appointed representative at an event (online or offline).
Back to top

Policy details

IT and Communications Systems statement

The IO Foundation's IT and communications systems are intended to promote effective communication, working practices and an effective way to advance its advocacy. The organization is committed to provide with all necessary tools for Members to perform their tasks and to work jointly to ensure their responsible and safe use.
Back to top

Organization infrastructure and services

The IO Foundation has designed and implemented an infrastructure that enables the organization, its Members and Contributors, to perform their assigned responsibilities and move forward TIOF's advocacy.
To facilitate remote collaboration, most of this infrastructure is built around online platforms that are made available through a single working interface.
Back to top

Platform Requirements

This is the current list of requirements for any service or platform adopted by The IO Foundation:
Mandatory
  • GDPR Compliant
Desirable
  • Open Source
Back to top

Bring Your Own Device (BYOD)

Because of it's global orientation, The IO Foundation heavily relies on a strong base of Members that are distributed across the globe. In order to facilitate this distributed and remote structure, we encourage Members to use their own devices to perform their tasks. The organization will do all possible efforts to provide with the online tools necessary to implement those tasks and will assist Members in configuring and securing their devices ot the extend of its possibilities.
Back to top

Equipment security and Digital Credentials

Members will be provided with a number of Digital Credentials to access the different online platforms and services. While the organization will make all efforts to assist Members, including training, to secure their Digital Credentials, the responsibility to protect them ultimately lies in them.
You are responsible for the security of the equipment allocated to or used by you (BYOD) and you must not allow it to be used by anyone other than in accordance with this Policy. You should use your Digital Credentials on all IT equipment, particularly items that you take out of the office, keep them confidential and update them regularly.
You must only log on to our systems using your own Digital Credentials. Under no circumstance you should use another Member's or allow anyone else to log on using yours.
If you are away from your desk you should log out or lock your computer. You must log out and shut down your computer, or alternatively send it to hibernation, at the end of each working day.
Back to top

Renewal of Digital Credentials

Back to top

MFA/2FA

As an additional layer of security, the organization encourages, and sometimes mandates, the use of MFA/2FA techniques to further secure the Members' Digital Credentials. Suitable training is provided to understand how to configure and use these techniques.
Back to top

Systems and data security

You should not delete, destroy or modify existing systems, programs, information or data (except as authorized in the proper performance of your duties).
You must not download or install software from external sources without authorization. Downloading unauthorized software may interfere with our systems and may introduce viruses or other malware. Failure to comply may result in facing compensation charges.
You must not attach any device or equipment including mobile phones, tablet computers or USB storage devices to our systems without authorization. We monitor all e-mails passing through our system for viruses. You should exercise particular caution when opening unsolicited e-mails from unknown sources. If an e-mail looks suspicious do not reply to it, open any attachments or click any links in it. Inform someone immediately if you suspect your computer may have a virus.
Back to top

Using Channels

Members are provided with a number of Official Channels to communicate among themselves and with third parties. Any sharing of information using any of these is considered a communication.
When communicating with third parties by means on any of the available Channels, you must at all times adopt a professional tone and observe appropriate etiquette under the guidance of the Media Policy.
Remember that such communications can be used in legal proceedings and that even when deleted these may remain on the system and be capable of being retrieved.
You must not send abusive, obscene, discriminatory, racist, harassing, derogatory, defamatory, pornographic or otherwise inappropriate communications. All such behaviors will be treated according to our Anti harassment and Anti bullying Policy.
You should not:
  • send or forward private communications at work which you would not want a third party to read;
  • send or forward chain communications, junk communications, cartoons, jokes or gossip;
  • contribute to system congestion by sending trivial communications or unnecessarily copying or forwarding communications to others who do not have a real need to receive them; or
  • send communications from on behalf of another Member (unless authorized) or under an assumed name/identity.
Do not use your own personal channels (such as e-mail, instant messaging applications, etc.) to send or receive communications for the purposes of your responsibilities with TIOF. Only use the accounts we have provided for you.
We do not permit access to web-based personal e-mail such as Gmail or Hotmail on our computer systems at any time due to additional security risks.
Back to top
​
E-mail
  1. 1.
    Adopt a professional tone and observe appropriate etiquette when communicating with third parties by e-mail.
  2. 2.
    Remember that e-mails can be used in legal proceedings and that even deleted e-mails may remain on the system and be capable of being retrieved.
  3. 3.
    You must not send abusive, obscene, discriminatory, racist, harassing, derogatory, defamatory, pornographic or otherwise inappropriate e-mails.
  4. 4.
    You should not:
    1. 1.
      send or forward private e-mails at work which you would not want a third party to read;
    2. 2.
      send or forward chain mail, junk mail, cartoons, jokes or gossip;
    3. 3.
      contribute to system congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to others who do not have a real need to receive them; or
    4. 4.
      send messages from another person's e-mail address (unless authorised) or under an assumed name.
  5. 5.
    Do not use your own personal e-mail account to send or receive e-mail for the purposes of our business. Only use the e-mail account we have provided for you.
  6. 6.
    [We do not permit access to web-based personal e-mail such as Gmail or Hotmail on our computer systems at any time due to additional security risks.]

Using the Internet

When specifically provided, Internet access is provided primarily to perform your responsibilities in TIOF. Occasional personal use may be permitted as set out in below.
You should not access any web page or download any image or other file from the Internet which could be regarded as illegal, offensive, in bad taste or immoral. Be always mindful of possible extra limitations set forward by your local jurisdiction. As a general rule, actions (or lack of thereof) that result in accessing information or files that might be a source of embarrassment if made public will be a breach of this Policy.
Back to top

Blocking of information

We may block or restrict access to some websites at our discretion. These will always be reasoned as a security measure and never as an attempt to curtail freedom of information or expression.
Back to top

Personal use of our systems

We permit the incidental use of our systems to send personal communications, browse the Internet and make personal phone calls subject to certain conditions. Personal use is a consideration and not a right. It must not be overused or abused. We may withdraw permission for it at any time or restrict access at our discretion.
Personal use must meet the following conditions:
Back to top

Prohibited use of our systems

Misuse or excessive personal use of our Channels or inappropriate Internet use will be dealt with under our Disciplinary Procedure. Bear in mind that misuse of the Internet can in some cases be a criminal offense.
Creating, viewing, accessing, transmitting or downloading any of the following material will usually amount to gross misconduct (this list is not exhaustive):
  • pornographic material (that is, writing, pictures, films and video clips of a sexually explicit or arousing nature);
  • offensive, obscene or criminal material or material which is liable to cause embarrassment to us or to any of Members or Contributors;
  • a false and defamatory statement about any person or organization;
  • material which is discriminatory, offensive, derogatory or may cause embarrassment to others (including material which breaches our Equal Opportunities Policy, Anti-harassment and Anti-Bullying Policy);
  • confidential information about TIOF or any of our Members or Contributors (except as authorized in the proper performance of your responsibilities);
  • unauthorized software;
  • any other statement which is likely to create any criminal or civil liability (for you or TIOF); or
  • music or video files or other material in breach of copyright.
Back to top

Monitoring

Our systems enable us to monitor telephone, e-mail, Internet and other communications methods. In order to carry out legal obligations in our role as an employer (when applicable), your use of our systems including (but not limited to) the telephone and computer systems (including any personal use) may be continually monitored by automated software or otherwise.
We reserve the right to retrieve the contents of communications or check Internet usage (including pages visited and searches made) as reasonably as necessary in the interests of the organization, including for the following purposes (this list is not exhaustive):
  • to monitor whether the use of the communication channels or the Internet is legitimate and in accordance with this Policy;
  • to find lost communications or to retrieve communications lost due to computer failure;
  • to assist in the investigation of alleged wrongdoing; or
  • to comply with any legal obligation.
Back to top