Security Policy

Information Security Policy

Scope

  1. This policy applies to employees, contractors, consultants, temporaries and other workers at Solution Exchange, including all personnel affiliated with third parties, which are collectively referred to hereafter as the Solution Exchange work force. This policy further applies to all equipment that is owned or leased by Solution Exchange LLC.

Policy

  1. General Use and Ownership

    1. All data (including email) created or maintained on corporate systems remains the property of Solution Exchange LLC.

    2. Because of the need to protect the company’s network, management does not guarantee the confidentiality of information stored on any network device belonging to Solution Exchange.

    3. The Solution Exchange work force is responsible for exercising good judgment regarding the reasonableness of personal use of company provided computing equipment and facilities. The Solution Exchange work force should be guided by company policies on personal use and, if there is any uncertainty, the Solution Exchange work force should consult his/her supervisor.

    4. For security and network maintenance purposes, authorized individuals within Solution Exchange may monitor equipment, systems, and network traffic at any time.

    5. Solution Exchange reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.

  2. Security and Proprietary Information

    1. The information contained on Internet/Intranet/Extranet-related systems should be classified as either confidential or not confidential, as defined by corporate confidentiality guidelines, details of which can be found in Human Resources Guide for Employees in the Human Resources section of the MRC. Examples of confidential information include but are not limited to: company private, corporate strategies, competitor sensitive, trade secrets, specifications, customer lists, and research data. Employees should take all necessary steps to prevent unauthorized access to this information.

    2. Keep passwords secure and do not share user ID accounts. Authorized Solution Exchange work force members are responsible for the security of their passwords and user ID accounts, and will be required to change their passwords on a scheduled basis.

    3. Account (user ID) restrictions are an important aspect of computer security. Enhancing computer systems account security with additional restrictions will help prevent the compromise of Solution Exchange’s entire corporate network. All personnel who have or are responsible for any form of access that supports or requires the use of an account ID on any system that resides at any Solution Exchange facility and has access to the Solution Exchange network must enable additional Account restrictions.

    4. Special care should be exercised in protecting laptop computers and personal digital assistants (PDAS) from theft or accidental damage.

    5. Do not leave a laptop or PDA unattended or in a non-secure area at any time when off company premises. Never leave a laptop in a vehicle.

    6. Laptops and PDAs are not to be left on a desk after office hours and should be locked in a desk drawer or cabinet when not in use.

    7. Do not place a laptop computer in checked baggage when traveling.

    8. Sensitive and confidential data stored on PDA and similar devices should be password protected..

    9. Laptops and PDAs should be adequately protected from accidental damage when traveling. Never place a laptop or PDA unprotected in a bag or suitcase unless specifically designed for such use. PDAs should not be carried in pockets or purses without adequate protection.

    10. The Solution Exchange work force must exercise care to safeguard the valuable electronic equipment assigned to them. Loss due to neglect will result in the individual assigned the equipment paying for a suitable replacement.

    11. Postings by the Solution Exchange work force from a solutionxchg.com email address to newsgroups must contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Solution Exchange, unless the posting is in the course of business duties.

    12. It is the responsibility of the Solution Exchange work force with remote access privileges to the Solution Exchange corporate network to ensure their remote access connection has appropriate security controls in place.

    13. Any personal computer connected to the Solution Exchange network in any capacity, whether owned by the Solution Exchange work force or Solution Exchange LLC. shall be continually executing approved virus-scanning software with a current virus database.

    14. The Solution Exchange work force must use extreme caution before opening email attachments received from unknown senders, which may contain viruses, e-mail bombs, spyware or Trojan horse code.

    15. Diskettes, CDs, DVDS, and data tapes must be stored out of sight when not in use. If they contain sensitive customer or other confidential data they must be locked away when not in use.

  3. Unacceptable Use

    1. The following activities are, in general, prohibited. The Solution Exchange work force may be exempted from these restrictions during the course of their legitimate job responsibilities with the appropriate advance approvals from senior management.

    2. Under no circumstances is any member of the Solution Exchange work force authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing Solution Exchange-owned resources. The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use.

  4. System and Network Activities

    1. The following activities are strictly prohibited, with no exceptions:

    2. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by Solution Exchange

    3. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Solution Exchange or the end user does not have an active license is strictly prohibited.

    4. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.

    5. Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, spyware, e-mail bombs, etc.).

    6. Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.

    7. Using a Solution Exchange computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws.

    8. Making fraudulent offers of products, items, or services originating from any Solution Exchange account.

    9. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the individual is not an intended recipient or logging into a server or account that the individual is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged email routing information for malicious purposes.

    10. Port scanning or security scanning is expressly prohibited unless prior notification to I.T. is made.

    11. Executing any form of network monitoring which will intercept data not intended for the individual’s host, unless this activity is a part of the individual’s normal responsibilities.

    12. Circumventing user authentication or security of any host, network, or account.

    13. Interfering with or denying service to any system other than the individual’s own computer (for example, denial of service attack).

    14. Using any program, script, or command or sending messages of any kind with the intent to interfere with or disable a user’s terminal session via any means locally or via the Internet, Intranet or Extranet.

    15. Providing information about or lists of Solution Exchange employees to parties outside Solution Exchange.

    16. Transmitting or requesting receipt of any content that is offensive, harassing, or fraudulent.

    17. Conducting a personal business using company resources.

  5. Email and Communications Activities

    1. The following activities are strictly prohibited, with no exceptions:

    2. Sending email blasts to more than 10 individuals external to Solution Exchange who did not specifically request such material. Official Solution Exchange Marketing department email campaigns are excluded from this restriction as long as precautions are taken to safeguard the solutionxchg.com domain name from being blacklisted by an ISP (Internet Service Provider).

    3. Any form of harassment via email, telephone, or paging, whether through language, frequency, or size of messages.

    4. Unauthorized use or forging of email header information.

    5. Solicitation of email for any other email address, other than that of the poster’s account, with the intent to harass or to collect replies.

    6. Creating or forwarding “chain letters” or email- “pyramid” schemes of any type.

    7. Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

Enforcement

  1. Violations may result in disciplinary action in accordance with company policy. Any act that violates local, state, federal or international laws may result in the violator’s arrest and prosecution. Additionally, Solution Exchange may seek compensatory damages if the violation results in losses to the company in any respect, whether monetary or not.

Revision History

  1. The managing partners are responsible for the administration of this policy.