Cincom Systems' customers are the foundation of our success. This acceptable IT use policy statement is designed to provide our employees with the agility and flexibility to meet customer needs with accuracy and speed, while also protecting our IT systems, data, and records. This document defines the baseline of expectations for Cincom employees in interacting with all Cincom computing systems, platforms, Virtual Private Network (VPN) connections and partner sites as well. Every employee is expected at a minimum to ensure their activities on all Cincom IT systems don't jeopardize the confidentiality of customer data, financial data generated from Cincom operations, product and project development plans, and costing data of projects. As Cincom engages in confidential projects with governments globally in addition to the U.S. Department of Defense, any employee using data on these projects are required to have a valid DoD clearance in good standing. As Cincom's business is heavily dependent on these projects it is expected that employees will take every possible action to protect the sensitivity and privacy of all information and data sources within the Cincom IT systems. Employees with security clearances are expected to abide by all guidelines of the use of confidential government data on projects. This includes abiding by all vault processes and procedures for confidential government data, across all national ministries of defense served on Cincom projects. Employees are also expected to use Cincom IT systems during business hours for company work only; Internet use for personal activities needs to be completed off the premises given the highly secured nature of the Cincom IT system architecture and platform. Employees who fail to abide by these guidelines or willingly violate them will be subject to immediate dismissal and possible disciplinary actions. If government data from the U.S. Or other nations are compromised, Cincom and the governments whose data has been compromised will engage in legal proceeding to retrieve and protect all assets, in addition to holding a formal investigation of the activities that led to the breach.
The purpose of this IT Acceptable Use Policy is to provide guidelines to Cincom employees who rely on the many systems, applications and data files in the fulfillment of their daily activities. As Cincom has led the transformation of many businesses to bring the power of their mainframes to the desktop, there is the corresponding responsibility of our employees to manage data intelligently and securely on their desktop systems as well. Cincom employees are required to protect all Cincom IT equipment, operating systems, software of all types including data and analysis completed. As Cincom relies on government projects across many different nations, interacting with their departments and ministries of defense, employees are required to sign an agreement to protect information assets, data, analysis and any intellectual property generated on behalf of customers globally. This will be protected through Federal and State statues that also extend to intellectual property and all form of data that resides on Cincom IT systems, networks and platforms globally. Cincom reserves the right to audit any system, network or data use profile at any time to ensure the security of customers globally.
All Cincom IT systems must be specifically used only for customer-based projects and completion of support and serving software coding and development. Employees have no expectation of privacy when using Cincom IT systems, and this includes personal use of the systems as well. Cincom reserves the right to audit all activity, inspect all systems, and also review the contents of computer files, electronic mailboxes, computer and WebEx conferencing systems, in addition to auditing all printed output bot through printer monitoring and actual hardcopy output.
Cincom reserves the right to initiate these audits based on the following activities becoming apparent through network and security analysis:
1. When it is considered necessary to protect the security, research and programming outcomes of the company, and integrity of computing resources.
2. When there is justifiable cause to believe that a policy has been violated or system been used for illegal, unethical or immoral activities.
3. When analysis of computing resources shows unusual or excessively large amounts of download activity on a given account, including significant upload activity of large amounts of data.
4. When the integrity of the computing architecture is potentially compromised through the use of unsecured devices across VPN connections not designed for security by Cincom IT security technicians and staff.
Part II: Ethical, Legal, and Moral Implications of the Policy
The ethical, moral and legal implications of the Cincom IT policy are designed to protect the confidentiality of customer data globally while also setting the foundation for support of a geographically-dispersed workforce. The ethical implications of corporate use policies increasingly need to put responsibility for compliance back to the employee given the highly distributed nature of IT systems today (Siau, Nah, Teng, 2002). Cincom has done this both from an ethical and legal standpoint. The foundation of any effective IT Acceptable Use Policy is making compliance a personal responsibility of each employee (Welebir, Kleiner, 2005). This is precisely what Cincom has done. By concentrating on the ethical aspects of their IT Acceptable Use Policy, Cincom holds the employee ethically responsible for staying in compliance.
The moral aspects of their acceptable use policy are not as clear, as they openly state all activity can and will most likely be monitored given their close associated with governments globally. Compounding this moral dilemma for Cincom is the fact they are handling massive amounts of confidential data. The moral aspects of monitoring every personal interaction through their systems is, according to the guidelines, covered by their right to manage their IT systems and assets as they see fit. The morality of looking into each And every interchange (which Cincom has the technology to do) raises the issue of employee privacy. Cincom has made it clear from a moral standpoint they have the right to 100% of all activity on their systems. Employees are given this acceptable use policy when they first start working for the company. Cincom is setting the foundation of their moral stance on IT use by taking these steps to clearly define expectations early on. The use of acceptable use policies is critically important for establishing a moral and legal precedent to protect company assets over the long-term (Martin, 2009). From an ethical standpoint Cincom has defined a very clear set of boundaries for employees to adhere to and abide by, setting the foundation for strong legal precedents as well (Lichtenstein, Swatman, 1997).
The legal implications of the Cincom IT Acceptable Use IT Policy are clear. While many companies have taken a more relaxed approach to defining Internet access, this can often result in a myriad of potential legal threats to their core business (Hickins, 1999). As Cincom is heavily involved in government contracting and subcontracting with national defense ministries and departments of defense globally, the no-access approach to personal use of the Internet is a legally prudent move for the company to make. The potential for the authorized use and distribution of protected information is going to be significantly minimized by this decision. The legal precedent of now allowing for personal use of the Internet is very defensible, even in telework configurations and scenarios (Joice, Verive, 2006). Cincom's various departments have often discounted and complained about this move, yet it is clear that for the legal protection of the company and its customer relationships long-term this is critical to their success. The result has been impressive: not a single breach of customer data has ever been experienced by the company over four decades of working with international governments and the U.S. Department of Defense.
Appendix A: Description of Cincom Systems
Cincom Systems is a leading provider of enterprise…