Policies

Acceptable IT Usage Policy. GROUP MERMTIONAL.

Document Summary. Title IT Security Policies Version 1.0 (Initial Version) Created On 24/05/2024 Last Modified 24/05/2024.

Use of Desktop. Employees are responsible for the proper use and care of their assigned desktop computers. Desktop computers should be used exclusively for work-related tasks during company hours, Employees are prohibited from using company desktops for personal activities unless explicitly permitted by management. Desktops should be locked when you leave from the desk to prevent unauthorized access. Employees are responsible for keeping their desktops clean and organized. Employees should report any issues or malfunctions with desktop computers to the IT department promptly. Employees are prohibited from attempting to repair or modify company desktops without authorization. Personal storage devices like USB drives and CDs cannot be used without approval..

Use of Software. Employees are required to use only approved software for work-related tasks. Unauthorized installation of software applications are strictly prohibited. Any software purchased or licensed by the company is the property of LuLu Group International and may not be used for personal purposes. Personal data should not be stored or transmitted using company owned software applications..

Use of Software. Only the IT Team should install software on PCs, and all installed software is owned by LULU Group. Software cannot be copied or shared over a network for use on other PCs without explicit permission. Don’t introduce unwanted or harmful software like viruses or worms into the system. No unauthorized use of copyrighted or patented materials, including pirated software. Violating software copyright may lead to prosecution or internal disciplinary action..

Use of Company Information. All users shall place Lulu Group information assets only in authorized storage locations. Ex. Lulu’s Microsoft OneDrive, SharePoint, or File Servers. Users are not allowed to save any data, which is the property of Lulu Group, to their personal storage, including physical storage devices and online cloud storage. When disposing of any information asset, all highly restricted, confidential, or internal or private information in hardcopy shall be either shredded or incinerated. Users must refrain from sharing any confidential or proprietary company information such as sensitive photos or videos of the workplace or work processes belonging to the company on social media accounts. Don’t use computers to share content that could be considered sexual harassment or violation of create a hostile workplace laws. Making fake offers from any LuLu group account is prohibited. Misuse of LULU Group computing facilities may lead to disciplinary or legal action, including termination. No indecent or offensive material. No illegal activities or contractual agreements without approval. No unauthorized use of company logos or disclosure of confidential information. Sharing of information to third parties (if necessary) should only be done via Outlook/OneDrive..

Use of Passwords. Users must ensure their chosen password adheres to the password complexity requirements. Passwords must be changed every 90 days, as defined in the active directory group policy. Passwords must be promptly changed if there's suspect of unauthorized disclosure. Passwords should not be written down in papers or sticky notes for convenience. Under no circumstances should passwords be shared/disclosed to anyone else. Up to 5 consecutive incorrect attempts are allowed. After that, the user's ID will be disabled for 30 minutes or can be re-enabled by the IT team..

Use of Email. Email accounts provided by LuLu group international are to be used solely for business-related purposes. Employees should not share their email passwords with anyone and should log out of their accounts when not in use. Multi-factor authentication (one time password) should be used for accessing the Office365 cloud environment, including email access. Employees should refrain from forwarding company emails to personal accounts or unauthorized recipients. Employees must exercise caution when sending confidential or sensitive information via email, Confidential information should be labeled as confidential, highly confidential, Employees only, recipient only, etc. as per sensitivity of the file. Customer credit card details should not be shared using email. Only the first 6 and last 4 digits, which are in the bill and merchant copy should be used for any business communications..

Use of Email. Use of company email for Illegal, offensive, or inappropriate activities is strictly prohibited. All emails sent from company accounts should adhere to professional standards, Company logo and/or disclaimers should be included in email signatures to maintain consistency. Employees should refrain from sending or forwarding chain letters, spam, or other unsolicited emails, Any email containing offensive, discriminatory, or harassing content is strictly prohibited. Be cautious of unsolicited emails and do not click on any links or download attachments from unknown or suspicious sources..

Use of Internet. Internet access provided by LuLu group international is intended for business-related activities only, Accessing websites containing illegal, offensive, or inappropriate content is strictly prohibited. Employees should not download or install unauthorized software or files from the internet. IT team will install approved applications for business users. Caution should be exercised when clicking on links or downloading attachments from unfamiliar or suspicious websites or emails. Employees should not share company credentials or access codes on websites or with third-party services without authorization..

Use of Internet. Internet usage must not disrupt, corrupt, degrade, or breach security on LULU Group’s information system. LULU Group’s computer systems cannot be used for personal web pages or servers. Misuse of LULU Group computing facilities may lead to disciplinary or legal action, including termination..

Remote Access. Only authorized personnel with genuine business requirement will have remote access privileges to LuLu environment from outside. Employees should follow approved methods for remote access include Virtual Private Network (VPN), secure remote desktop solutions, or cloud-based services. Remote access activities may be monitored for security and compliance purposes..

Use of Mobile Devices. Employees are encouraged to use mobile devices to access the organizational resources securely and efficiently for Intended business purposes only. If devices are left unattended, especially in public places, employees should take extra care to safeguard it from theft or unauthorized access. Department heads are responsible to monitor the use of mobile devices Employees must return the company provided mobile devices back to their designated locations after the use..

Use of Network. Access to the company network is granted to employees for business-related purposes only. Unauthorized access to network resources, including attempts to bypass security measures, is strictly prohibited. Employees should not access or share confidential information over unsecured networks, such as public Wi-Fi hotspots. Any use of network resources for personal gain or profit is strictly prohibited. Employees should use network resources responsibly and avoid activities that consume excessive bandwidth or degrade network performance. Employees must connect the devices to LuLu access points only; Connecting to public Wi-Fi is strictly prohibited. Use of programs or scripts to disrupt or disable someone’s computer session, whether it’s done locally or over any network are prohibited..

Protection from Virus/Malware. Users should not try to remove viruses on their own. If infection is suspected, users must stop computer use and contact the IT Team. Report any virus suspicious to IT support right away and ensure all files and CD’s from LuLu Group are scanned for viruses before sending..

Physical Security. Staff must not allow unknown or unauthorized persons to enter restricted areas alongside authorized individuals. Visitors visiting area where IT devices are placed including Backoffice, server room, etc. must always be accompanied by an authorized person until they leave. Staffs must not leave laptops, digital devices unattended without taking appropriate security measures..

User Activity Monitoring. All user activity and system logs are collected and monitored on a regular basis. 1 IT Security team regularly reviews logs and incidents, and reports violations to the management. 2.

[image] A close up of a blue and green wavy surface Description automatically generated.

Thank You. Smiling Face with No Fill.