The code of conduct describes a set of information security principles, applicable to all employees, internal and external.
- You are not allowed to leave the laptop unattended in car or hotel unless properly secured, e.g. using a cable lock
- Be aware of people peeking over your shoulder. If this cannot be avoided, use a privacy screen
- Avoid the use of public Wi-Fi networks. If you must, use a VPN client
For mobile devices that are used to store or process information classified as Confidential or Sensitive:
- Full disk encryption (BitLocker, FileVault or Veracrypt) must be enabled
- The device must be protected using a password, pin code and/or bio metrics
- Only authorized repair shops may be used
- Unlock codes or passwords may not be shared
- Remote device wipe is enabled
It is allowed to use own mobile devices ("BYOD") for work-related tasks (e.g. accessing email) only if they submit to the terms in this policy.
You have the responsibility to report a (suspected) information security incident as soon as possible to the Incident manager, following the Incident management process.
Examples of information security incidents include:
- Loss of a (mobile) device or data carrier;
- Malfunctioning security measure (such as a lock or alarm);
- Malfunctioning hardware or software;
- Data leak or breach of confidentiality;
- Breach of Policies or guidelines;
- Access violations
- Do not leave Confidential or Sensitive information unsupervised;
- Always lock your session (or log off) when you leave your desk;
- When printing Confidential or Sensitive information, immediately pick them up from the printer.
- You are free to use Internet for private matters during work time, within reasonable limits and as long as it does not violate any laws or company policies;
- You are allowed to use social media, as long as you realize you are speaking on behalf of our organization;
- You are not allowed to use file sharing tools to share confidential or sensitive information.
- The use/abuse of tools that are able to override security controls is prohibited;
- For all software (components) and media files (image, audio and video clips) you download, you must check the copyright/license agreement to make sure:
- Are you allowed to use it?
- Are you allowed to redistribute it?
- Always use trustworthy sources for downloads;
- When in doubt, contact the Security officer.
Updated 8 months ago