This policy outlines the requirements for access to and use of Carbon Link information technology and
systems. Specific information related to the implementation of this policy can be found in Carbon Link’s Plans
and Procedures guiding the use of and access to Carbon Link information technology.
Scope : – This policy applies to all users of Carbon Link information including without limitation, owner(s) and
successors in title, partners, clients and customers, affiliates, employees, contractors, suppliers and
subcontractors engaged directly or indirectly through Carbon Link and specifically relates to;
- Information Security and the use of and access to Carbon Link information assets and systems
- Information Privacy and the collection and handling of personal information related to employees and
prospective employees of Carbon Link.
- Information & Communication Technology (ICT) resources and the use of any devices, applications,
software and networks owned by Carbon Link. This includes mobile phones, laptops, computers,
printers, scanners, USB memory sticks, email, internet use and online applications.
- Social Media and all forms of related tools that allow user participation and interaction.
Carbon Link technology platforms include without limitation, network, operating system, data library, data vault,
(whether hosted internally or externally), applications, enterprise systems, in printed and/or electronic form,
scientific research and derivative reports and information related to customers of Carbon Link.
Use and Access of Carbon Link Information Assets and Systems
- Access to Carbon Link technology platforms will only be available via an authentication process which
confirms the identity of users according to unique user ID’s and passwords.
- Access authorization control and change management related to addition, deletion or modification of
user credentials must be recorded by an authorized representative of Carbon Link’s information
- Each user must have a single, unique identification and account and a personal, secret password.
Sharing of access, user ID’s and personal, secret passwords is prohibited. User accounts will be
suspended following cessation or termination of the user relationship with Carbon Link.
- Carbon Link technology platforms must only be used for conducting Carbon Link’s business or for
purposes authorized in writing by Carbon Link management at General Manager level or above.
- Access to communication and technology systems is restricted on a “need to know” basis, according to
protocols determined by Carbon Link. Users must not attempt to access systems or information to
which they do not have authorization or which they do not need to do their job.
- Storing of any non-business related and private files is prohibited. Usage of Carbon Link information
systems to store, process, download, or transmit data that can be construed as biased (politically,
religiously, racially, ethnically, etc.) or supportive of harassment is strictly prohibited
- Access control systems will be implemented to secure Carbon Link information technology and systems
including without limitation, automatic log-off after a period of inactivity, disabling access after a series
of failed login attempts, maintaining auditable records of user access and periodic re-validation of
access rights for users.
Computer Software and Applications
- Only licensed software may be installed and operated on Carbon Link technology platforms. Users must
not install or direct others to install illegal or unlicensed copies of computer software into any computer
system of Carbon Link and further, users must not remove/delete/deactivate any software or antivirus/spyware programs installed by Carbon Link.
- Users must protect Carbon Link’s data stored in computers against virus attacks by scanning all media
with authorised anti-virus software before usage.
- Users must not use any program/script/command, or send messages of any kind with the intent to
interfere with another user’s terminal session (authorised actions by Carbon Link’s information
technology team to maintain data integrity excepted).
Sharing of Information and Data
- Information stored or retrieved by users on or from Carbon Link technology platforms is deemed
confidential information and should not be used for purposes other than intended
- The primary requirement for protecting confidential information in all computer media is that access
to it may only be given to people on a “need to know” basis
- Confidential data or information that is no longer required should be erased
- Confidential information must be protected against unauthorised access
- Each user is accountable to minimise the possibility of theft of Carbon Link owned/leased computer
workstations and the information they contain.
- Users must not add, remove, replace, or substitute any computer components (including detachable)
without prior written approval from Carbon Link.
- Users must not reconfigure or change the set-up of LAN PC workstations without the knowledge and
approval of Carbon Link’s information technology team.
- Carbon Link will only collect personal information it needs for the particular function or activity it is
- Sometimes Carbon Link may collect personal information from a third party or publicly available source
to enable Carbon Link to complete its activities. (eg; reference checking for a job application process)
- Carbon Link will take all reasonable steps to protect the security of any personal information held, be
it stored in electronic or hard copy format.
- Carbon Link will take steps to protect the security of the personal information it holds from both
internal and external threats by regularly assessing the risk of misuse, interference, loss, and
unauthorised access, modification or disclosure of that information and taking measures to address
those risks. Further, Carbon Link will conduct regular internal and external audits to assess whether we
have adequately complied with or implemented these measures.
Use of Personal Information
Carbon Link will only use personal information it needs for the particular function or activity it is carrying out.
Email addresses will be stored electronically in accordance with standards and authorities applicable to the
state(s) in which Carbon Link conducts its enterprise. An email address will only used for the purpose for which
it is provided and for the furtherance of Carbon Link’s business activities and will not added to any unauthorised
mailing list or disclosed to other organisations.
Disclosure of Personal Information
Carbon Link will not disclose information except;
- Where legally required to do so as required under the Act or where disclosure is mandated under
statutory obligations, in connection with prevention of an offence or via judicial mandate
- To service providers who manage Carbon Link’s information technology and/or human resources
- With the approval of the individual to whom the relevant personal information applies, or where such
an individual would reasonably expect Carbon Link to
- Where unauthorized attempts are made to access, tamper or interfere with files related to Carbon
Link’s enterprise and only to the extent reasonably essential to arrest and mitigate such threats.
Carbon Link has no responsibility for the privacy policies or practices of third-party sites linked to or from its
Acceptable Use of Carbon Link ICT
- ICT resources are provided for business purposes to enhance effectiveness and efficiency at work. Users
must use the ICT resources professionally and appropriately at all times.
- Carbon Links ICT resources must not be used for unlawful, offensive or otherwise improper activities.
Users are responsible for ensuring they maintain the integrity and security of ICT Resources and protect
confidential data stored on them. This includes maintaining complex access passwords and maintaining antivirus
software and keeping software applications updated. It also includes not sharing passwords or login information
with others and not copying sensitive information into an unsecure environment (such as onto USB or copying
over public WiFi). Users should delete suspicious looking emails without opening them, as well as block junk,
spam and scam emails.
- Carbon Link recognises the benefits of using social media for the promotion, development, and delivery
of services. Carbon Link does not discourage people from communicating online in many ways,
including through social media, professional networking sites, blogs, online news sites and personal
web sites. However, all employees need to use good judgment about what material appears in a social
forum, and in what context.
- At all times while you are using social media you are to ensure you meet the Carbon Link code of
conduct outlined in its policies and procedures. If you are using social media during work hours as a
part of your role at Carbon Link you need the prior approval of your Manager.
- Employees participating in private social media activity must uphold the Carbon Link code of conduct
even when material is posted anonymously or using an ‘alias’ or pseudonym. They should bear in mind
that even if they do not identify themselves online as a Carbon Link employee, they could nonetheless
be recognised as such because social media sites are public forums.
- Employees should not rely on a site’s security settings to guarantee privacy, as material posted in a
relatively secure setting can still be copied and reproduced elsewhere. Further, comments posted on
one site can also be used on others under the terms and conditions of many social media sites.
- Employees who participate in social media communication deemed to be discriminatory or against the
interests of Carbon Link will be subject to disciplinary action.
- Carbon Link will remove, or request the employee to remove, any material where there is a breach of
the Carbon Link code of conduct or this Social Media Policy.
Ownership and Access
Carbon Link retains ownership of all ICT resources provided. Carbon Link may monitor use of Carbon
Links ICT resources and users are required to permit access if it is requested. Carbon Link may restrict
a user’s access to ICT Resources if they believe that this policy may be breached.