WebsiteDashboard

Code of conduct

Suggest Edits

Summary

The code of conduct describes a set of information security principles, applicable to all employees, internal and external.

Principles

Remote working

  • You are not allowed to leave the laptop unattended in car or hotel unless properly secured, e.g. using a cable lock
  • Be aware of people peeking over your shoulder. If this cannot be avoided, use a privacy screen
  • Avoid the use of public Wi-Fi networks. If you must, use a VPN client

Protection

For mobile devices that are used to store or process information classified as Confidential or Sensitive:

  • Full disk encryption (BitLocker, FileVault or Veracrypt) must be enabled
  • The device must be protected using a password, pin code and/or bio metrics
  • Only authorized repair shops may be used
  • Unlock codes or passwords may not be shared
  • Remote device wipe is enabled

Usage of own devices

It is allowed to use own mobile devices ("BYOD") for work-related tasks (e.g. accessing email) only if they submit to the terms in this policy.

Reporting incidents

You have the responsibility to report a (suspected) information security incident as soon as possible to the Incident manager, following the Incident management process.

Examples of information security incidents include:

  • Loss of a (mobile) device or data carrier;
  • Malfunctioning security measure (such as a lock or alarm);
  • Malfunctioning hardware or software;
  • Data leak or breach of confidentiality;
  • Breach of Policies or guidelines;
  • Access violations

Clean desk and clear screen policy

  • Do not leave Confidential or Sensitive information unsupervised;
  • Always lock your session (or log off) when you leave your desk;
  • When printing Confidential or Sensitive information, immediately pick them up from the printer.

The use of Internet and social media

  • You are free to use Internet for private matters during work time, within reasonable limits and as long as it does not violate any laws or company policies;
  • You are allowed to use social media, as long as you realize you are speaking on behalf of our organization;
  • You are not allowed to use file sharing tools to share confidential or sensitive information.

The use of software and tools

  • The use/abuse of tools that are able to override security controls is prohibited;
  • For all software (components) and media files (image, audio and video clips) you download, you must check the copyright/license agreement to make sure:
  • Are you allowed to use it?
    • Are you allowed to redistribute it?
    • Always use trustworthy sources for downloads;
  • When in doubt, contact the Security officer.

Updated 9 months ago

What’s Next