ECSL COMMUNICATION POLICY

Here are the various aspects which come under the scope of IT and Communications policy.

• Workplace Communication /Employee Internal Communication

Refers to the exchange of ideas and communication within ECSL. Employees at  ECSL are encouraged to communicate with their superiors, peers, subordinates in a manner which is productive and contributes to achieving the goals of the ECSL

•   External and Social Media Communication

Lays down the provisions for dealing with communications outside the workplace, with regard to ECSL matters.  Since having inaccurate information reach the public can have serious legal and financial consequences for the ECSL,  all such matters shall strictly be routed through the ECSL spokesperson. Posting on social media websites requires exercising discretion in matters related to the ECSL.

• Electronic and Wireless

To facilitate swift communications, we at  ECSL provide cell phones and other wireless handheld devices to our employees. It becomes the responsibility of the respective employees to keep such devices safely password protected, with up to date antivirus programs and maintain email etiquette at all times.

IT And Communications Policy Template

• Employee Internal Communication

Effective internal communication is a tool which is of utmost importance to maintaining transparency within the ECSL amongst employees. There are different modes of internal communications you can look forward to at ECSL

• Meetings

Meetings are formal means of communication which happen constantly through all the departments. People handling functions which occur at multiple destinations and those who work independently, are required to meet on a regular basis.

In addition to this would be the regular meetings of the department heads with ECSL management, to ensure smooth functioning.

• ECSL Intranet /Internet Communication

All important communication from the ECSL to the employees will be handled through our intranet system. ECSL recommended intranet system includes ECSL enterprise email (both @ecsl.deyaar-sl.com and @nec.gov.sl) and approved ECSL social messaging platform (Facebook, WhatsApp, Twitter) . Information such as messages from the CEO’s desk, events lineup for the month/year ahead, important announcements, training requirements and modules and suggestion corners will all be found on our Intranet

• Leadership Meetings

We at ECSL believe in transparency in communication across the ECSL and the access of all the employees to the ECSL’s management. This leadership meeting is conducted once a 1130 hours every Wednesday

External And Social Media Communication

Employees may be contacted at different points of time by the media or outside sources with a request for information about the ECSL or its employees or policies. To avoid providing inaccurate or incomplete information, all outside queries regarding the ECSL need to be routed through the External relation and media and communication departments of the ECSL.  This would save the ECSL considerable loss financially and/or legally in the absence of an organised channel to handle outside queries.

When it comes to posting on social media, employees may/may not associate themselves with the ECSL. If they are allowed to associate themselves with the ECSL, the employees must clearly brand their online posts as personal and purely their own. The ECSL will not be held responsible for any repercussions the posts might generate.

Divulging sensitive ECSL information is strictly prohibited and will be penalised. Employees found guilty of such violation will stand the chance of losing their job and or other grave penalties. Employees may refer to the Social Media Policy section in this document for more details.

Electronic And Wireless Policy

ECSL has formulated the electronic policy in order to maintain the security of our data and technology infrastructure. The policy will apply to all employees, contractors and anyone else who has permanent or temporary access to our software and hardware.

We advise our employees to keep both their personal and ECSL issued electronic devices safely password protected and upgrading to an effective antivirus software. The employees must at all times ensure to login through secure networks only.

Cell Phone Policy

The cell phone policy applies to any device that can make or receive phone calls, leave messages, send text messages, surf the internet, download information and view and respond to emails whether the device is personal or ECSL owned. Cell phones given by the ECSL need to be kept switched on at all times during working hours, during work related travel and other times specifically mentioned by the ECSL.

Use of cell phones are discouraged

• While driving
• While operating equipment
• During office hours for gaming and entertainment
• For indulging in long personal calls during office hours
• During meetings
• From recording sensitive information pertaining to the ECSL

Employees can use cell phones for

• Making business calls
• Using productivity applications
• Checking important messages
• Scheduling and keeping track of appointments
• Making brief personal calls out of earshot of other employees

ECSL retains the right to monitor employees for inappropriate and excessive cell phone usage at work.

Employees may face disciplinary action if it is proven that

• They have caused a security breach
• They have violated confidentiality policy
• They have caused an accident due to reckless use of their cell phone

Internet Usage Policy

The electronic communication system must be utilised exclusively to facilitate the business of the ECSL. Employees are cautioned against using the internet for matters of personal gain and entertainment. Employees should further expect that all content created, transmitted, downloaded, received or stored in the hardware belonging to the ECSL is subject to perusal by the ECSL and that no element of privacy holds good here. This information maybe accessed without prior notice to the employee. This applies for password protected documents and any deleted content too.

What constitutes appropriate internet usage

• To complete jobs assigned
• To seek information on that, which can improve the work quality of the employee

Inappropriate internet usage

• Download or upload obscene, offensive and/or illegal material
• Send confidential information to unauthorised recipients
• Invade another person’s privacy
• Upload any kind of pirated software
• Visit potentially dangerous websites which can compromise the safety of the ECSL network
• Performing unauthorised/illegal actions hacking or purchasing prohibited items
• Forwarding any content which is discriminatory and obscene/inappropriate

The ECSL  advises using strong passwords and logging into accounts only from safe devices and to maintain their work devices locked at all times. Failure to adhere to the guidelines may result in disciplinary action and/or lead to employment termination

Cyber Security Policy

The security of our data is of utmost importance and we wish to maintain maximum security in the protection of any sensitive information pertaining to  ECSL. Employees need to ensure that they do not disclose ECSL confidential data intentionally or unintentionally to anyone who is not a part of our ECSL.

Examples of Confidential Data

• Classified financial information
• Voter Data
• Data pertaining to partners and vendors
• Patents, formulas and new technologies

Use Of Personal Devices

ECSL does not encourage logging into ECSL accounts from any personal devices since it would put ECSL information at severe risk. In case it becomes inevitable to do so, employees are advised to keep such devices in a safe place. It must at all times be borne in mind that all devices whether personal or ECSL owned need to be password protected, appropriate antivirus installed, regularly installed with security updates and logged in through safe networks.

Email Security

Email is a routine communication method within the ECSL as well as with investors, business partners and our customers.

Many times emails can carry malicious content which might compromise the security of the ECSL. Employees are advised to always maintain discretion with respect to

• Opening mail with attachments wherein the content is not clearly explained
• Unknown senders and email addresses
• Inconsistent emails
• Mails with clickbait titles (offering prize money or advice)

Managing Passwords

To prevent ECSL email accounts from being hacked, every employee is required to follow these safety practices

• Ensure password is at least 8 characters long with a mix of alphabets, numerals and special characters
• Do not write down passwords and leave them easily accessible
• Do not share or exchange credentials
• Change password every (number) of days/month (period of time)

Transferring Data

The data transfer stage is an easy mode for cyber crime to occur. Keeping in mind some best practices will bring down the risk considerably.

• Avoid transferring employee and customer confidential data to other devices
• Share confidential data over ECSL network and not over public WiFi systems or private networks
• Ensure that the recipients of the data are authorised people or ECSL with adequate security policies in place
• Report scams, privacy breaches or hacking attempts

Working Remotely

Even when working remotely, the employee must follow the cybersecurity policies and procedures

Employees observed to disregard the cybersecurity policy and procedures will face progressive discipline

Social Media Policy

Social Media refers to the various online media such as blogs, chatrooms, social networks and forums. Every employee has an opportunity to express themselves online and the ECSL supports/does not support it because of the nature of work involved. It is extremely important to mention here that the employee is prudent about what information makes its way online to social media

Highlights of the policy

• When employees neglect their duties and spend time online, there will be a decrease in productivity which reflects on their performance. This is not acceptable behavior and (Name of the ECSL) will penalize the employee
• All our employees when expressing an opinion should identify themselves clearly, issue a disclaimer clause stating any/all opinions stated there are their own and do not in any way represent that of the ECSL
• Corporate logos and/or trademarks must not be used by any individual in any such communication unless with specific approval
• Avoid making or responding to any derogatory, defamatory, or offensive statements.

Certain employees are designated to handle the social media accounts of the ECSL and will be communicating on behalf of ECSL as its representatives. The policy holds good for these employees with additional points to be borne in mind such as

• Be respectful, polite, and patient while engaging in communication on behalf of the ECSL
• Avoid speaking outside your area of expertise
• Always follow the data protection policy as well as the confidentiality policy
• Avoid deleting or ignoring certain remarks. Criticism must be responded to in a polite and apt way
• Never post abusive, offensive, or discriminatory content
• Correct or remove any false or misleading information as soon as possible.

It must be noted that any and all such social media posting will be monitored closely. We may have to take disciplinary action against individual(s) leading to termination too for those who do not follow policy guidelines.

Asset Usage Policy

Our asset management policy highlights the best practices of our ECSL. It is aimed to foster operational excellence and eliminate situations where people could deviate from doing their best always. In this manner people and equipment reach their full potential. It also reduces the chances of unplanned maintenance.

This policy applies to all employees, consultants and contractors with access to ECSL information assets that are owned, leased or licensed to ECSL.

Ownership and Use

• Personnel will be held responsible for all activity under their personnel (ECSL name) id
• Personnel with accounts will access only systems, applications, files and data to which they have been granted access
• All information pertaining to ECSL shall only be stored, transmitted, or shared through services authorized by the ECSL
• Only approved and authorized electronic equipment maybe connected to ECSL information assets.

Asset Recovery

ECSL assets are issued to certain employees based on their work profile. These could be laptop, mobile phones, data cards, pen drive, etc.  The respective employees are responsible for the general maintenance and upkeep of the same. In the event that it is found that the asset is lost or damaged due to negligence on the part of the employee, the ECSL reserves the right to recover the cost of repairing or replacing the same as may be necessary.

The enforcement of this policy is the responsibility of the secretariat and the directors. All staff at ECSL are required to adhere to the this policy.