Context:
Thungela’s business processes depend on the efficient, effective and secure operation of the supporting Information Technology (IT) networks, devices, data and application systems. Everyone who has access to these resources needs to use them in a manner that is consistent with our values, particularly Integrity and Respect.
Acceptable use means respecting the rights of other IT users; the integrity of physical and digital assets, licences and contractual agreements; and maintaining compliance with applicable legal and regulatory requirements.
This Policy specifies requirements for the use of all computing and network resources within Thungela.
Does this apply to me?
This Policy applies to all users of technology and information assets owned or managed by Thungela. Individuals covered by the Policy include (but are not limited to) employees, contractors, external individuals and third-party supplier organisations.
Technology and information assets include all Thungela owned, licensed, or managed hardware and software, and use of the Thungela network via a physical or wireless connection, to both corporate and guest networks, regardless of the ownership of the device connected to the network.
This Policy applies to the use of Thungela computing resources at any time and in any location.
This is a Policy that applies to Thungela nationally, unless any aspect of the Policy is not permitted by local law or regulation.
What do I need to know?
Principals
You will be permitted to use just the technology and information assets that are required to perform your role, such as certain application systems, servers, software and databases, telephony, email and voice mail systems, and the Internet. You can expect privacy of your personal data and protection from abuse and intrusion by others sharing these resources. However, Thungela reserves the right to access and review information transmitted and stored on company devices and IT networks as may be required to ensure the security of its information assets.
In turn, you are responsible for knowing and understanding this Policy and other Thungela Policies and Procedures that apply to make an appropriate use of technology resources. You are responsible for exercising good judgment in adhering to the statements in this Policy regarding the use of Thungela technological and information resources.
Just because an action is technically possible does not mean that it is appropriate or permitted.
- You must use only the technology and information assets and user accounts for which you have authorisation to access.
- You are solely responsible for your own access details (user names and passwords) and must protect your passwords against unauthorised use or access.
- You are individually responsible for the appropriate use of all resources assigned to you, including the computer, network resources, software and hardware.
- You must not allow any unauthorised person to access Thungela computers, networks or information.
- Thungela is legally bound by contracts and licences regarding the use of computers and software. You are expected to comply with all such agreements when using such resources.
- You must not attempt to install software unless you have been explicitly authorised to do so by IM.
- You must not attempt to access restricted portions of the network, operating systems, security software or other administrative applications without appropriate authorisation by the system owner or administrator.
- You must not engage in deliberate activity to degrade the performance of information resources, deprive an authorised user of access to Thungela resources, obtain extra resources beyond those allocated, or circumvent Thungela security controls unless you have been specifically authorised to do so by the Information Management (IM) Security department.
- You must not store corporate information or files on devices or technology other than those specifically authorised by Thungela.
- You must only use your Thungela email address when emailing on company business.
- You must not store or share corporate information or files with personal email addresses.
- Only approved cloud storage services can be used for storing information and sharing with authorised users. This ensures that sensitive information is protected and that critical information is backed up.
- The use of portable storage devices, such as USB sticks or external hard drives is strongly discouraged. If used, the USB stick must be encrypted using a method approved by IM Security.
- Any security issues discovered or suspected must be reported to the Global IM Security for follow-up investigation. Additional reporting requirements can be located within the Monitoring and Reporting section of this Policy.
Legal and Regulatory Compliance
You are expected to uphold all applicable laws and regulations. As a user of Thungela’s computing and communication resources you must:
- Not engage in activity that may harass, threaten or abuse others. You must not intentionally access, create, store or transmit material that Thungela may deem to be offensive, indecent or obscene, or that is illegal according to local, national or international law.
- Abide by all applicable copyright laws and licenses. Thungela may have entered into legally binding agreements or licences with providers of software and network resources, which require individuals using them to comply with those agreements.
- Not use, copy or distribute copyrighted works (including but not limited to web page graphics, sound files, film clips, trademarks, software and logos) unless you have a legal right to use, copy, distribute or otherwise exploit it.
Unacceptable Use
The following are deemed to be unacceptable uses of Thungela’s resources:
- Use of Thungela’s computing and communication services, and facilities in any way that is in violation of Thungela’s Code of Conduct.
- Use of Thungela’s computing and communication services, and facilities in a way that is considered offensive, defamatory, obscene or harassing, including, but not limited to the following subject matter
- sexual images (including pornography);
- race, national origin or ancestry;
- gender, sexual orientation or marital status;
- physical or mental disability;
- political beliefs; or
- any other category protected by international, national or local laws.
Privacy and Personal Principles
- Always respect the privacy and personal rights of others when using Thungela’s computing and communication resources.
- Do not access or copy another user's email, data, programs or other files.
- Thungela reserves the right, in the limited circumstances described in the Monitoring paragraph below, to review email, networks and other files.
- Be professional and respectful when using Thungela resources to communicate with others. Using them to libel, slander, or harass any other person is in violation of Thungela’s Code of Conduct.
- External law enforcement agencies may request access to files through legally binding requests. All such requests must be approved by Legal.
What do I need to do?
Compliance with this Policy is mandatory; direct any questions about its content or application to the IM Security team.
Communication of the Policy
This Policy will remain available to all internal users for reference, and any changes or updates to this Policy will be communicated as required.
Monitoring and Reporting
Monitoring
information transmitted and stored on Thungela’s computer resources and networks, as may be required, to ensure the security of Thungela’s information assets. These include:
- Investigating theft, fraud, corruption or any other matter of business integrity.
- Investigating technology performance deviations and system problems.
- Determining if an individual is in violation of this Policy or Thungela’s Code of Conduct.
- To ensure that Thungela is not subject to claims of illegality or misconduct.
Consequences of breach
In cases where employees violate this Policy, Thungela will take the appropriate action based on the severity of the breach, which may include restriction, possible loss of privileges, suspension, or termination of employment or engagement (as applicable).
Please direct any questions or additional reporting measures to IM Security.
An annual report of Acceptable Use Policy violations will be made to the Main Board Audit Committee.