Information Security Policy

Purpose

The purpose of this policy is to outline the acceptable use of computer equipment at Monetizr. These rules are in place to protect the authorized user and Monetizr. Inappropriate use exposes Monetizr to risks including virus attacks, compromise of network systems and services, and legal issues.

Scope

This policy applies to the use of information, electronic and computing devices, and network resources to conduct Monetizr business or interacts with internal networks and business systems, whether owned or leased by Monetizr, the employee, or a third party.



All employees, volunteer/directors, contractors, consultants, temporaries, and other workers at Monetizr, including all personnel affiliated with third parties, are responsible for exercising good judgment regarding appropriate use of information, electronic devices, and network resources in accordance with Monetizr policies and standards, local laws, and regulat

Ownership of electronic files

All electronic files created, sent, received, or stored on Monetizr owned, leased, or administered equipment or otherwise under the custody and control of Monetizr are the property of Monetizr.

Privacy

Electronic files created, sent, received, or stored on Monetizr owned, leased, or administered equipment, or otherwise under the custody and control of Monetizr are not private and may be accessed by Monetizr IT employees at any time without knowledge of the user, sender, recipient, or owner.



Electronic file content may also be accessed by appropriate personnel in accordance with directives from Human Resources or the President/CEO.

General use and ownership

Access requests must be authorized and submitted from departmental supervisors for employees to gain access to computer systems. Authorized users are accountable for all activity that takes place under their username.



Authorized users should be aware that the data and files they create on the corporate systems immediately become the property of Monetizr. Because of the need to protect Monetizr’s network, there is no guarantee of privacy or confidentiality of any information stored on any network device belonging to Monetizr.



For security and network maintenance purposes, authorized individuals within the Monetizr IT Department may monitor equipment, systems, and network traffic at any time.



Monetizr’s IT Department reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.



Monetizr’s IT Department reserves the right to remove any non-business related software or files from any system.



Examples of non-business related software or files include, but are not limited to; games, instant messengers, pop email, music files, image files, freeware, and shareware.

Security and proprietary information

All mobile and computing devices that connect to the internal network must comply with this policy and the following policies:

• Account Management

• Anti-Virus

• Owned Mobile Device Acceptable Use and Security

• E-mail

• Internet

• Safeguarding Member Information

• Personal Device Acceptable Use and Security

• Password

• Cloud Computing

• Wireless (Wi-Fi) Connectivity

• Telecommuting



System level and user level passwords must comply with the Password Policy. Authorized users must not share their Monetizr login ID(s), account(s), passwords, Personal Identification Numbers (PIN), Security Tokens (i.e. Smartcard), or similar information or devices used for identification and authentication purposes.



Providing access to another individual, either deliberately or through failure to secure its access, is prohibited.



Authorized users may access, use, or share Monetizr proprietary information only to the extent it is authorized and necessary to fulfill the users assigned job duties.



All PCs, laptops, and workstations should be secured with a password-protected screensaver with the automatic activation feature set at 10 minutes or less.



All users must lockdown their PCs, laptops, and workstations by locking (control-alt- delete) when the host will be unattended for any amount of time. Employees must log-off, or restart (but not shut down) their computer after their shift.



Monetizr proprietary information stored on electronic and computing devices, whether owned or leased by Monetizr, the employee, or a third party, remains the sole property of Monetizr. All proprietary information must be protected through legal or technical means.



All users are responsible for promptly reporting the theft, loss, or unauthorized disclosure of Monetizr proprietary information to their immediate supervisor and/or the IT Department.



All users must report any weaknesses in Monetizr computer security and any incidents of possible misuse or violation of this agreement to their immediate supervisor and/or the IT Department.



Users must not divulge dial-up or dial-back modem phone numbers to anyone without prior consent of the Monetizr IT Department.



Authorized users must use extreme caution when opening e-mail attachments received from unknown senders, which may contain viruses, e-mail bombs, or Trojan Horse codes.

Unacceptable use

Users must not intentionally access, create, store, or transmit material which Monetizr may deem to be offensive, indecent, or obscene.



Under no circumstances is an employee, volunteer/director, contractor, consultant, or temporary employee of Monetizr authorized to engage in any activity that is illegal under local, state, federal, or international law while utilizing Monetizr-owned resources.

System and network activities

The following activities are prohibited by users, with no exceptions:



• Violations of the rights of any person or company protected by copyright, trade secret, patent, or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by Monetizr.



• Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution from copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Monetizr or the end user does not have an active license is prohibited. Users must report unlicensed copies of installed software to IT.



• Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).



• Revealing your account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.



• Using a Monetizr computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws.



• Attempting to access any data, electronic content, or programs contained on Monetizr systems for which they do not have authorization, explicit consent, or implicit need for their job duties.



• Installing any software, upgrades, updates, or patches on any computer or information system without the prior consent of Monetizr IT.



• Installing or using non-standard shareware or freeware software without Monetizr IT approval.



• Installing, disconnecting, or moving any Monetizr owned computer equipment and peripheral devices without prior consent of Monetizr’s IT Department.



• Purchasing software or hardware, for Monetizr use, without prior IT compatibility review.



• Purposely engaging in activity that may;



• Degrade the performance of information systems;



• Deprive an authorized Monetizr user access to a Monetizr resource;



• Obtain extra resources beyond those allocated; or



• Circumvent Monetizr computer security measures.



• Downloading, installing, or running security programs or utilities that reveal passwords, private information, or exploit weaknesses in the security of a system. For example, Monetizr users must not run spyware, adware, password cracking programs, packet sniffers, port scanners, or any other non- approved programs on Monetizr information systems. The Monetizr IT Department is the only department authorized to perform these actions.



• Circumventing user authentication or security of any host, network, or account.



• Interfering with, or denying service to, any user other than the employee’s host (for example, denial of service attack).



• Using any program/script/command, or sending messages of any kind, with the intent to interfere with or disable a user’s terminal session, via any means, locally or via the Internet/Intranet/Extranet.



• Access to the Internet at home, from a Monetizr-owned computer, must adhere to all the same policies that apply to use from within Monetizr facilities. Authorized users must not allow family members or other non-authorized users to access Monetizr computer systems.



• Monetizr information systems must not be used for personal benefit.