Purpose

To describe the ways in which Mercy Ships, Inc., the non-profit organisation registered in the State of Texas, USA (Mercy Ships) defines and authorizes the use of information technologies that acquire, transmit, develop, process and/or store the information assets of Mercy Ships global operations.

This policy outlines both generally acceptable uses and explicitly unauthorized uses of information assets within Mercy Ships.  In the event that any member of personnel remains unsure as to whether certain uses and/or behaviors are appropriate or are being adhered to they should consult with the Director of Global Client Services or Vice President of Information Services to seek further clarification. 

Scope

This policy applies to all members of the personnel of Mercy Ships, including the members of Mercy Ships Community of Faith LLC, engaged either full-time or part-time, whether as employees or volunteers, including those personnel serving as crew members on board the ships managed by Mercy Ships; and to any outside clients or other persons who utilize the Information Services provided, managed or controlled by Mercy Ships.

Policy Statement

General Use And Ownership 

• The proprietary information of Mercy Ships that is stored on electronic media and/or computing devices whether owned or leased by Mercy Ships, a member of personnel or a third party, remains the sole property of Mercy Ships. 
• Members of personnel are responsible to ensure through legal or technical means that proprietary information is protected in accordance with the Data Protection Policy and Information Security Policy. 
• Members of personnel are responsible to promptly report the theft, loss or unauthorized disclosure of the proprietary information of Mercy Ships.
• Members of personnel may access, use or share the proprietary information of Mercy Ships only to the extent it is authorized and necessary to fulfill their assigned job duties. 
• Members of personnel are responsible for exercising good judgment regarding the reasonableness of personal use. 
• The manager responsible for a department is responsible to ensure that the members of that department are provided with clear guidelines concerning personal use of Internet/Intranet/Extranet systems. In the absence of such guidelines, or in the case the departmental guidelines are not clear, then the members of the department shall consult their supervisor or manager for guidance.
• For security and network maintenance purposes, authorized individuals within Mercy Ships may monitor equipment, systems and network traffic at any time. 
• Mercy Ships reserves the right to audit networks, systems and user activity on a periodic basis to ensure compliance with this policy.

Security And Proprietary Information

• All mobile and computing devices that connect to the internal network must comply with the Information Security Policy. 
• System level and user level passwords must comply with the Password Policy. Providing access to another individual is prohibited, whether by deliberately providing that individual one’s own password, or through failure to secure that password. 
• All computing devices shall be secured with a password-protected screensaver with the automatic activation feature set to 10 minutes or less. 
• Members of personnel are responsible to lock the screen or log off devices when the device is left unattended.
• Postings by employees from a Mercy Ships email address to newsgroups should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Mercy Ships, unless posting is in the course of business duties. 
• Members of personnel shall avoid opening e-mail attachments received from unknown senders, which may contain viruses and malware.

Strictly Prohibited Activities

The following activities are strictly prohibited for all members of personnel, unless the member has been expressly permitted by the Director of Information Security, Vice President of Information Services or these activities are defined responsibilities of the members assigned job role within their approved Job Description (e.g., systems administration staff may have a need to disable the network access of a host if that host is disrupting production services). 

While comprehensive, but by no means exhaustive, this list merely attempts to provide a framework for activities which fall into the category of unacceptable use and/or behavior. 

 At no time shall members of personnel engage in any activity that is illegal under local, state, federal, national or international law while using the information services owned, operated and/or managed by Mercy Ships.

• Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” digital media or other software products that are not appropriately licensed and approved for use by Mercy Ships’ Information Services department. 
• Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Mercy Ships or the end user does not have an active license is strictly prohibited. 
• Accessing Mercy Ships’ data, servers or accounts for any purpose other than conducting authorised Mercy Ships business.  
• Exporting of software, technical information, encryption software or restricted technology, in violation of international or regional export control laws, is illegal.
  • Legal guidance should be consulted prior to export of any material or location that is in question. 
• Introduction of malicious programs onto the network, servers or other computing devices (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.). 
• Installation or connection of unauthorised hardware and/or software on Mercy Ships business networks, servers or managed corporate devices.  
• While connection of personal devices on the Personal Wifi Network at all locations is permissible, any device found to contain inappropriate or illegal material as described within this policy is also strictly prohibited.
• Revealing your user account password to others or allowing use of your user account by others is prohibited.
  • This includes family and other household members when work is being done at home or within your cabin. 
• Using a Mercy Ships computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws within the member’s local jurisdiction. 
• Making fraudulent offers of products, items, or services originating from any Mercy Ships account.  
• Accessing of Internet sites that contain obscene, hateful, pornographic, nudity, gambling, abusive drugs or other inappropriate material.
• Effecting security breaches or disruptions of network communication is prohibited.
  • Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access. 
  • Network “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes. 
• Network scanning, Port scanning or security vulnerability scanning is expressly prohibited. 
• Executing any form of network monitoring which will intercept data the member is not authorised to access. 
• Circumventing user authentication or other security features of any host, network or account. 
• Introducing honeypots, honeynets, or any similar technology on to the Mercy Ships’ network. 
• Interfering with or denying services to any other user of Mercy Ships’ network. (for example, denial of service attack). 
• Using any program, script, command, or sending messages of any kind, with the intent to interfere with, or disable, another user’s access, via any means is prohibited.  
• Providing information about, or lists of, Mercy Ships employees to parties outside of Mercy Ships authorised communication channels. 
• Sending unsolicited email messages, including the sending of “junk mail” or other advertising material to individuals who did not specifically request such material (email spam). 
• Any form of harassment via email, telephone, text or chat, whether through language, frequency, or size of messages. 
• Unauthorized use, or forging, of email header information. 
• Solicitation of email for any other email address, other than that of the poster’s account, with the intent to harass or to collect replies. 
• Creating or forwarding “chain letters”, “Ponzi” or other “pyramid” schemes of any type.  
• Posting the same or similar non-business-related messages to large numbers of newsgroups, social media sites or personal networking sites