Acceptable use policy - codemagic-ci-cd/company-handbook GitHub Wiki

Overview

Security is everyone's responsibility. If this is not your first job, don't do anything that might get you in trouble at your previous workplace. When in doubt, stop and ask.

Policy Statements

  1. All workforce members must follow all established system access controls and procedures for remote access.

  2. Use of Nevercode computing systems is subject to monitoring by Nevercode IT and/or Security team.

  3. Employees may not leave computing devices (including laptops and smart devices) used for business purposes, including company-provided and BYOD devices, unattended in public.

  4. Device encryption must be enabled for all mobile devices accessing company data, such as whole-disk encryption for all laptops.

  5. Use only legal, approved software with a valid license. Do not use personal software for business purposes and vice versa.

  6. Employees may not post any sensitive or confidential data in public forums or chat rooms. If a posting is needed to obtain technical support, data must be sanitized to remove any sensitive or confidential information prior to posting.

  7. Anti-malware or equivalent protection and monitoring must be installed and enabled on all endpoint systems that are commonly affected by malware, including workstations, laptops and servers.

  8. All data storage devices and media must be managed according to the Nevercode Data Classification specifications and Data Handling procedures.

  9. Mobile devices (ex. laptops) are not allowed to connect directly to Nevercode production environments.

Your responsibilities for computing devices

Nevercode provides option for employees to use company-issued laptops and workstations. Nevercode currently also supports employees bringing their own computing devices.

Your laptops and/or workstations are yours to configure and manage according to company security policy and standards. You are responsible to

  • configure the system to meet the configuration and management requirements, including password policy, screen protection timeout, host firewall, etc.;

  • ensure the required anti-malware protection and security monitoring agent is installed and running; and

  • install the latest security patches timely or enable auto-update.

Ask your manager for help if needed.

You are also responsible for maintaining a backup copy of the business files local on your laptop/workstation to the appropriate location on Nevercode file sharing / team site (e.g. Notion). Examples of business files include, but are not limited to:

  • Documents (e.g. product specs, business plans)

  • Presentations

  • Reports and spreadsheets

  • Design files/images/diagrams

  • Meeting notes/recordings

  • Important records (e.g. approval notes)

DO NOT backup critical data such as customer data or PII to file sharing sites. If you have such critical data locally on your device, contact IT and Security for the appropriate data management and protection solution.