Acceptable Usage Policy

This policy governs the proper use of all SSIS technology resources, including but not limited to computer systems, email, internet, mobile devices, and software. All students, staff, and affiliated personnel ("users") must adhere to these guidelines.

Document Update and Reference

• This Acceptable Usage Policy is a dynamic document and reflects the evolving landscape of information technology, data protection, and the associated risks. 

• Changes, updates, and amendments will be made as required to ensure the continued relevance and accuracy of the policy in safeguarding SSIS's IT infrastructure and data.

• All SSIS stakeholders, including employees, students, contractors, and agents, are advised to regularly refer to the most recent version of this document to stay informed about the latest guidelines and requirements.

1. Computer Access:

• Users must have unique login credentials and are responsible for all actions taken with those credentials.

• Users must not:

   - Share or borrow login credentials.

   - Leave systems unattended without locking them.

   - Access systems or data without proper authorization.

   - Connect unauthorized devices to the SSIS network.

   - Store SSIS data on unauthorized equipment or platforms.

   - Share SSIS data externally without proper permission.

2. Internet and Email Usage:

• Intended primarily for educational and school-related activities.

• Users must refrain from:

   - Harassing or abusive behavior.

   - Sharing or accessing inappropriate or offensive content.

   - Using resources for personal gain or non-academic activities.

   - Circumventing IT protocols, including sending spam or unauthorized broadcasting.

   - Sharing sensitive or confidential data without encryption.

   - Downloading unauthorized or copyrighted content.

3. Viruses and Malware Protection:

• MacOS and Windows operating systems handle security differently:

MacOS: While robust, it is vital to keep MacOS up to date to ensure it benefits from Apple's latest security patches and measures. Users should regularly check for system updates.

Windows: All SSIS Windows devices will have anti-malware software installed. The IT department will manage updates for both the Windows OS and the anti-malware software. Users should not attempt to disable or alter the installed security measures.

•  All users must:

   - Avoid downloading files or software from untrusted sources.

   - Refrain from clicking on suspicious links in emails or on websites.

   - Report any unusual system behavior to the IT department immediately.

4. Workspace Etiquette:

• Secure all sensitive information when not in use.

• Employ the screen lock feature on devices when away.

• Dispose of printed materials securely.

5. Off-site & Remote Usage:

•    Adhere to SSIS’s remote working guidelines.

•    Always secure equipment and data in public spaces.

•    Use only encrypted devices for storing sensitive data.

•    Prioritize device security with passwords, PINs, or other protective measures.

6. Mobile Storage & Software:

• Use only SSIS-authorized and encrypted storage devices for transferring data.

• Only use SSIS-approved software. Installation must be managed by the IT department.

• Do not store personal entertainment files on SSIS equipment.

7. Telecommunications:

• Primarily for school-related activities.

• Avoid personal calls unless in exceptional situations.

• No misuse, including private business, hoax, or threatening calls.

8. Contract Termination Protocol:

• Return all SSIS property upon contract termination.

• All data or intellectual property created during affiliation with SSIS remains the property of SSIS.

9. Monitoring & Data Privacy:

• All data on SSIS systems is SSIS property.

• Personal privacy is respected. However, in line with our commitment to security and legal responsibilities, SSIS retains the right to monitor system activities.

• Monitoring adheres to appropriate laws and regulations. As of this policy's last update, we follow the principles laid out in Vietnam's data protection laws. These principles include:

1. 1. 1. 1. 1. Consent: Personal data can only be collected and processed with the explicit consent of the individual.

            2. Purpose and Minimization: Data must only be collected for legitimate, clear, and specific purposes. Collection must be limited to what's necessary for these purposes.

            3. Accuracy and Up-to-date: Data collected should be accurate, complete, and kept up-to-date. Inaccurate or incomplete data should be corrected or deleted.

            4. Data Security: Adopt appropriate physical, technical, and organizational measures to protect personal data from unauthorized access, use, or disclosure.

            5. Rights of the Data Subject: Individuals have the right to access, correct, or delete their personal data. They can also object to processing or request a restriction on processing.

            6. Transparency: Data subjects should be informed about the collection, processing, and use of their personal data.

            7. Accountability: SSIS must demonstrate compliance with these principles and regularly review and update data protection measures.

•   In case of a data breach, SSIS will notify relevant Vietnamese authorities in accordance with local laws and regulations.

•   All members of SSIS, including students, staff, and affiliated personnel, are expected to adhere to these principles and the associated practices laid out by the school to ensure compliance.

10. Reporting & Breaches:

• Report potential security breaches promptly.

• SSIS will investigate any suspected policy breaches. Misconduct may result in disciplinary actions.