Acceptable Use Policy

Document Number: POL-012.2

1 PURPOSE
The purpose of this document is to define the Acceptable Use Policy for Titan Technologies (Titan) .

2 SCOPE
This Acceptable Usage Policy covers the security and use of all Titan information and IT equipment. It
also includes the use of email, Internet, voice and mobile IT equipment.

3 APPLICABILITY
This policy applies to all staff, activities, and assets managed by Titan, including agents, contractors, or
other business partners when acquired or supported by Titan funding. This policy applies to all Titan
employees, contractors, and agents (hereafter referred to as 'individuals'). This policy applies to all
information, in whatever form, relating to Titan business activities worldwide and to all information
handled by Titan relating to other organizations with whom it deals. It also covers all IT and
information communications facilities operated by Titan or on its behalf.

4 DOCUMENT REFERENCES
4.1 PRO-012 Information Security Management Process
4.2 ISO 9001:2015
4.3 ISO 20000:2018
4.4 ISO 27001:2013
4.5 NIST 800-53r5

5 POLICY SUCCESSION
This policy supersedes and replaces all previous versions or policy statements. Where
inconsistencies exist, this policy shall at all times be superseded by applicable federal, state, or local
law.

6 POLICY
6.1 Computer Access Control – Individual's Responsibility
Access to the Titan IT systems is controlled by the user IDs, passwords and/or tokens. All User
IDs and passwords are to be uniquely assigned to named individuals and consequently,
individuals are accountable for all actions on the Titan IT systems. User must not:

 Allow anyone else to use their user ID/token and password on any Titan IT system.
 Leave their user accounts logged in at an unattended and unlocked computer.
 Use someone else's user ID and password to access Titan IT systems.
 Leave their password unprotected (for example writing it down).
 Perform any unauthorized changes to Titan IT systems or information.
 Attempt to access data that they are not authorized to use or access.

Version #: 2.0 Page 1 of 5

Date: 10/08/21 Titan Proprietary Data – For Internal Use Only
This document contains confidential and proprietary information of Titan Technologies. Unauthorized use, reproduction, or distribution is
strictly prohibited. Uncontrolled if printed. Before using this document, the reader is responsible for ensuring that this is the most current
version by comparing it with the online (master) version. Copyright© 2021 by Titan Technologies. All rights reserved.
 Acceptable Use Policy
Document Number: POL-012.2
 Exceed the limits of their authorization or specific business need to interrogate the system
or data.
 Connect any non-Titan authorized device to the Titan network or IT systems.
 Store Titan data on any non-authorized Titan equipment.
 Give or transfer Titan data, confidential information, or software to any person or
organization outside Titan without the authority of Titan.
 Leave messages containing confidential information on answering machines or voicemail.
 Have confidential conversations in public places or over insecure communication
channels, open offices, and meeting places.
Line managers must ensure that individuals are given clear direction on the extent and limits
of their authority concerning IT systems and data.
6.2 Internet and Email Conditions of Use
The use of Titan Internet and email is intended for business purposes and use only. Personal
use is permitted where such use does not affect the individual's business performance, is not
detrimental to Titan in any way, not in breach of any term and condition of employment and
does not place the individual or Titan in breach of statutory or other legal obligations. All
individuals are accountable for their actions on the Internet and email systems. Individuals
must not:

 Use the Internet or email for harassment or abuse.

 Use profanity, obscenities, or derogatory remarks in communications.
 Access, download, send, or receive any data (including images), which Titan considers
offensive in any way, including sexually explicit, discriminatory, defamatory, or libelous
material.
 Use the Internet or email to make personal gains or operate a private business.
 Use the Internet or email to gamble.
 Use the email systems in a way that could affect its reliability or effectiveness (e.g.,
distributing chain letters or spam).
 Place any information on the Internet that relates to Titan, alter any information about it,
or express any opinion about Titan, unless expressly authorized by the COO or CEO.
 Compromise the organization through impersonation or unauthorized purchasing.
 Send unprotected sensitive or confidential information externally.
 Forward Titan mail to personal (non-Titan) email accounts.
 Make official commitments through the Internet or email on behalf of Titan unless
authorized by the COO or CEO.
 Download copyrighted material such as music media files and video files (not an
exhaustive list) without appropriate approval.
 In any way infringe on copyright, database rights, trademarks, or other intellectual
property.
 Download any software from the Internet without prior approval from Titan IT Services.
 Connect Titan devices to the Internet using non-standard connections.

Version #: 2.0 Page 2 of 5

Date: 10/08/21 Titan Proprietary Data – For Internal Use Only
This document contains confidential and proprietary information of Titan Technologies. Unauthorized use, reproduction, or distribution is
strictly prohibited. Uncontrolled if printed. Before using this document, the reader is responsible for ensuring that this is the most current
version by comparing it with the online (master) version. Copyright© 2021 by Titan Technologies. All rights reserved.
 Acceptable Use Policy
Document Number: POL-012.2
6.3 Clear Desk and Clear Screen Policy

To reduce the risk of unauthorized access or loss of information, Titan enforces a clear desk
and screen policy as follows:

 Personal or confidential business information must be protected using security features

provided (e.g., secure print on printers).
 Computers must be logged off/locked or protected with a screen locking mechanism
controlled by a password when unattended.
 Care must be taken to not leave confidential material on printers or photocopiers.
 All business-related printed matter must be disposed of using confidential waste bins or
shredders.

6.4 Working Off-site

It is accepted that laptops and mobile devices will be taken off-site. The following controls
must be applied:

 Working away from the office must be in line with Titan Telework Policy.
 Equipment and media taken off-site must not be left unattended in public places and not
left in sight in a car.
 Laptops must be carried as hand luggage when traveling.
 Information should be protected against loss or compromise when working remotely (e.g.,
at home or in public places).
 Particular care should be taken using mobile devices such as laptops, mobile phones,
smartphones, and tablets. They must be protected at least by a password, PIN and/or
encryption, if available.

6.5 Mobile Storage Devices

Mobile devices such as memory sticks, CDs, DVDs, and removable hard drives must be used
only in situations when network connectivity is unavailable or there is no other secure method
of transferring data. For most staff the use of external storage devices is prohibited. Only
Titan authorized mobile storage devices with encryption enabled can be used to transmit
sensitive or confidential data.

6.6 Software

Employees must use only approved software on Titan computing devices or on computers
authorized by Titan IT. Authorized software must be used following the software supplier's
licensing agreements. All software on Titan computers must be approved and installed by
Titan. Individuals must not:

 Store personal files such as music, video, photographs, or games on Titan IT equipment.
 Record, transcribe, or digitally monitor government systems/programs without the
expressed written consent of the government/customer.
Version #: 2.0 Page 3 of 5
Date: 10/08/21 Titan Proprietary Data – For Internal Use Only
This document contains confidential and proprietary information of Titan Technologies. Unauthorized use, reproduction, or distribution is
strictly prohibited. Uncontrolled if printed. Before using this document, the reader is responsible for ensuring that this is the most current
version by comparing it with the online (master) version. Copyright© 2021 by Titan Technologies. All rights reserved.
 Acceptable Use Policy
Document Number: POL-012.2
6.7 Viruses

Titan has implemented centralized, automated virus detection and virus software updates
within Titan. All Titan managed endpoints have antivirus software installed to detect and
remove any virus automatically. Individuals must not:

 Remove or disable antivirus software.

 Attempt to remove virus-infected files or clean up an infection, other than by the use of
approved Titan anti-virus software and procedures.

6.8 Telephony (Voice) Equipment Conditions of Use

The use of Titan voice equipment is intended for business use. Individuals must limit the use
of Titan voice facilities for sending or receiving private communications on personal matters,
except in exceptional circumstances. Individuals must not:

 Use Titan voice for conducting private business.

 Make hoax or threatening calls to internal or external destinations.
 Accept reverse charge calls from domestic or international operators, unless it is for
business use.

6.9 Actions upon Termination

All Titan equipment and data, for example, laptops and mobile devices including telephones,
smartphones, USB memory devices, badges, and CDs/DVDs, must be returned to Titan at the
termination of employment, unless alternative arrangements are approved by the COO or
CEO. All Titan data or intellectual property developed or gained during the employment
period remains Titan property. It must not be retained beyond the termination or reused for
any other purpose.

6.10 Monitoring and Filtering

All data created and stored on Titan computers are the property of Titan. There is no official
provision for individual data privacy; however, Titan will avoid opening personal emails
whenever possible. IT system logging will occur where appropriate, and investigations will be
commenced where reasonable suspicion exists of a breach of this or any other policy.
Titan has the right (under certain conditions) to monitor activity on its systems, including
Internet and email use, to ensure systems security and effective operation and protect against
misuse. Any monitoring will be carried out following audited, controlled internal processes
and US Law.
It is the responsibility of all Titan staff to report suspected security policy breaches without
delay to line management. All potential violations of information security policies will be
investigated. Where investigations reveal misconduct, disciplinary action may follow in line
with Titan disciplinary procedures.

Version #: 2.0 Page 4 of 5

Date: 10/08/21 Titan Proprietary Data – For Internal Use Only
This document contains confidential and proprietary information of Titan Technologies. Unauthorized use, reproduction, or distribution is
strictly prohibited. Uncontrolled if printed. Before using this document, the reader is responsible for ensuring that this is the most current
version by comparing it with the online (master) version. Copyright© 2021 by Titan Technologies. All rights reserved.
 Acceptable Use Policy
Document Number: POL-012.2

RECORD OF CHANGES
*A-ADDED, M-MODIFIED, D-DELETED
A* CHANGE
VERSION NUMBER OF FIGURE, TABLE
DATE M TITLE OR BRIEF DESCRIPTION REQUEST
NUMBER OR PARAGRAPH
D NUMBER
0.1 02/22/21 All – Original Document A Original Document N/A
Incorporated review comments from
1.0 02/26/21 All M CR 29
COO and CPO
Modified section 3 to clarify
applicability, Modified section 4 with
2.0 10/08/21 Sections 3, 4, 6.1, 6.2 M corrected references, Modified 6.1 CR 42
and 6.2 to clarify language and
include components from 800-53
2.1 02/07/23 Section 6.6 M Added second bullet CR 56

Version #: 2.0 Page 5 of 5

Date: 10/08/21 Titan Proprietary Data – For Internal Use Only
This document contains confidential and proprietary information of Titan Technologies. Unauthorized use, reproduction, or distribution is
strictly prohibited. Uncontrolled if printed. Before using this document, the reader is responsible for ensuring that this is the most current
version by comparing it with the online (master) version. Copyright© 2021 by Titan Technologies. All rights reserved.