The purpose of this document is to ensure that User understands and acknowledges their responsibility to protect and safeguard South Carolina Department of Labor, Licensing and Regulation's ("LLR") non-public information to which User will have access, and to prevent the unauthorized access to, and use, and/or disclosure of, such information. This document also describes User's responsibilities regarding the access to, and use of, LLR-issued information systems and/or devices.
User understands and acknowledges the following statements of policy and the subsequent examples of unacceptable use:
- LLR-issued devices and systems are the property of LLR and will be used only for LLR- authorized purposes. Unauthorized use of, or access to, an LLR-issued device or system is strictly prohibited and may subject User to legal actions.
- LLR reserves the right to monitor, inspect, copy, review, and store, at any time, without prior notice, any and all usage of LLR computing resources.
- LLR may seize and inspect any data stored on any LLR-issued information system and device. User should have no expectation of privacy as to any communication and/or information stored within any LLR-issued information system or device.
- Data accessed, created, and stored is and remains the property of LLR.
- Users should take all necessary steps to prevent unauthorized access to or disclosure of LLR information.
- Users issued LLR equipment must follow LLR standards and any supplemental requirements imposed for specific information systems.
- If required by LLR, User shall complete LLR's privacy and security training prior to accessing any non-public data and/or LLR information systems, and User will complete privacy and security training as required thereafter.
- User will not share with any unauthorized individual any LLR-held, non-public information, in any form or format.
- User will access data, or use operating systems or programs, only after receiving authorization to do so. Any unauthorized attempt to access data, or to use operating systems or programs, may result in legal actions.
- User will immediately report to LLR any actual or suspected unauthorized access to any LLR information.
- Passwords and accounts should not be shared or written down.
- Passwords should not be given to information technology staff. Exceptions are reviewed for business need on a case by case basis.
- If for any reason a password is divulged or compromised, it should be changed immediately.
- If User suspects their password has been compromised, User will inform LLR immediately.
- Passwords must comply with LLR complexity requirements and must not use common words or personal information (e.g., username, social security number, children's names, pets' names, hobbies, anniversary dates, etc.).
- User must make an effort to avoid accessing sensitive systems or data from a public or untrusted network or computing device.
- Regardless of the physical location of User's workplace, User is subject to the requirements of this policy.
- LLR may periodically audit LLR system and device use to ensure compliance with this policy.
- If a User is found to be in violation of this policy, disciplinary actions, including but not limited to the restriction or loss of network privileges, may result.
Any activity that intentionally or unintentionally compromises a computer system's confidentiality, integrity, or availability is strictly prohibited. The action itself is unacceptable, without regard to motive. The following lists include examples of actions that are unacceptable and are prohibited. These lists are not all-inclusive.
The following examples of general use are prohibited:
- Any action that intentionally or unintentionally interferes with another User or computing device;
- Any action that intentionally or unintentionally circumvents system protection;
- Notwithstanding information technology support exceptions, divulging User's LLR password(s), allowing anyone to access User's LLR account, or using another User's LLR account;
- Using a false or pseudo identity;
- Using LLR computers, networks, software, email, or Internet access for commercial purposes that would be outside the normal scope of User's daily activities;
- Any unauthorized attempt to learn a privileged system password or continued knowledge of such a password, whether it is used or not, no matter how it is learned;
- Acquiring or attempting to acquire unauthorized access to any system through any means;
- Using a file in any way contrary to normal file protection;
- Reading files whose names, storage location, or contents indicate that they are of a personal or private nature, even if the file protection modes allow access.
The following examples of computer network use are prohibited:
- Scanning or probing other machines on the company network or on the Internet, including, but not limited to, port scans, vulnerability probes, and the use of network assessment tools, without the explicit knowledge and consent of the manager of that computer system.