Effective: October 1, 2013
STATEMENT OF POLICY
CBC/Radio Canada owns and has control over the use of all of its technology assets including its networks, infrastructure, workstation computers, laptops, mobile devices, technical equipment and software, including the information stored within these assets. CBC/Radio-Canada has the right to protect these assets from malfunction, reduced performance and improper use and to maintain data confidentiality, integrity and availability. CBC/Radio-Canada reserves its right to implement technology security controls in the form of policies, rules and procedures, guidelines, directives and standards; and to limit, extend or terminate access to its technology when needed. Any use of or connection to CBC/Radio-Canada technology assets will constitute consent to the terms and conditions of this policy.
Employees have an obligation to protect and use technology assets responsibly and in conformity with applicable federal and provincial laws. In addition, employees are expected to comply with this policy and to use technology assets for the purpose of performing job-related activities. Although some limited personal use will be tolerated, it must be lawful and must not interfere with or detract from employees' assigned tasks.
Employees must immediately report any unlawful or inappropriate use (Appendix A), suspected compromise, or loss of a technology asset to their local technology support team or the Shared Services Contact Centre.
CBC/Radio-Canada may monitor its technology assets for the purpose of troubleshooting, capacity planning, cost control and the enforcement and consistent application of this policy. CBC/Radio-Canada may also, during the course of investigating misuse of its technology assets, access and view information related to an employee’s use of these technology assets. This applies to both CBC/Radio-Canada business and personal use of the technology assets. Although CBC/Radio-Canada does not expect to unreasonably interfere with individual privacy, employees should not expect to have personal privacy rights in or associated with the use of CBC/Radio-Canada technology assets.
This policy applies to all CBC/Radio-Canada employees, including permanent, temporary, casual or contract employees using technology assets owned by CBC/Radio-Canada and personal technology assets connected to the CBC/Radio-Canada network.
INTERPRETATION AND APPLICATON
All questions pertaining to the interpretation or application of this policy should be referred to the Director, Project Delivery and Risk Management, Information Technology.
The responsibility for this Policy resides with the Vice-President Technology.
This Policy replaces the existing Information Technology Policy 2.5.1: Corporate Information Technology (IT) Security and Employee Use of IT Assets.
- Human Resources Policy 2.2.21 - Code of Conduct
PERSON RESPONSIBLE FOR ITS APPLICATION
Vice-President Technology and Chief Regulatory Officer
DEPARTMENT RESPONSIBLE FOR UPDATING THIS WEBPAGE
APPENDIX A - UNLAWFUL & INAPPROPRIATE TECHNOLOGY ASSET USE
All use of CBC/Radio-Canada technology assets must be lawful or aligned to job functions. Improper use includes, but is not limited to, the following:
- Accessing, downloading, viewing or distributing offensive material including, but not limited to, pornographic, sexually oriented, discriminatory or harassing messages, unless authorized and required for journalistic or programming purposes.
- Sharing of information related to password-protected accounts, user identity and other security access controls that may be put in place without the explicit authorization.
- Using privileged Group IDs, Shared IDs, Generic IDs or delegated access outside of its intended use. A common employee userid and password must be used for day-to-day system access except when performing specialized administrative functions for which the privileged access has been provided.
- Conducting illegal activities, gambling or soliciting for personal gain or profit.
- Sending, forwarding or replying to unauthorized mass emails, chain letters, and petitions unrelated to CBC/Radio-Canada business activities.
- Reproducing or distributing copyrighted works, including, but not limited to, images, music, video, text, or software, in contravention of Intellectual Property Rights.
- Intentionally interfering with the normal operation of CBC/Radio-Canada's technology assets and the services they provide or modifying technology assets to remove corporate or vendor-imposed limitations such as password protection, anti-virus, encryption of information etc.
- Removing, bypassing or in any other way making ineffective any security feature or device designed to protect CBC/Radio-Canada from security threats.
- Damaging the integrity of CBC/Radio-Canada’s technology assets including, but not limited to, intentional spreading of viruses, and gaining or attempting to gain unauthorized access to any workstations, networks, mobile devices, applications, or data.
- Using CBC/Radio-Canada technology assets as a conduit for unauthorized access attempts on other IT systems, not necessarily owned by CBC/Radio-Canada.
- Downloading or installing any application or software on a CBC/Radio-Canada technology asset that provides remote access capability or has been explicitly banned for use.
- Installing any license controlled software or application for which a license has not been purchased.
- Establishing personal accounts (such as mobile accounts) with application service provider stores that are tied to a CBC/Radio-Canada corporate credit card.
- Implementing technology services (networks, remote services, applications, etc.) within the CBC/Radio-Canada network without explicit authorization.
- Implementing externally hosted or managed technology services such as cloud technologies and software-as-services without explicit authorization.