Laptop Usage Policy

This document of Vandey Consultancy Services Private Limited (“Company”) serves to outline the policy on the use and storage of company provided laptops (“Policy”). 

Purpose
Laptop computers provide important functionality, allowing employees to have their computing resource at hand in meetings/workplace or even at home in certain time pressing situations so as to enable employees to be maximally functional and productive while away from office premises.

 

This Policy describes the controls necessary to minimize information security and laptop damage risks. Laptop computers may be viewed as an essential and convenient business tool, but their very portability makes them particularly vulnerable to physical damage or theft.  The impact of such a breach includes not just the replacement value of the hardware and software but also the value of organizational data on them, or accessible through them.

Scope 
This Policy and the procedures herein affect all employees who use laptops for official purposes.    Employees are also advised that in addition to the terms and conditions of laptop usage as reflected in this Policy, employees shall also have to adhere to any terms of their respective employment agreement which mandate or restrict any action in this regard.

An employee using company provided laptops is responsible for the security of that laptop, regardless of whether the laptop is used in the office, at one's place of residence, or in any other location such as a hotel, conference room or while travelling. This Policy contains certain guidelines and restrictions on the usage of the laptop that are required to be strictly adhered to by all employees while using these laptops.

 

A. Intended Use of Laptops

Laptop shall be the property of the Company at all times and the employee will not have any right or interest in the said asset except using such asset during the employment or for such duration as may be decided by the Company. Employee must ensure that the laptop is being used only for official purposes and in the course of the rightful discharge of their duties and not for generating, transmitting, corresponding any content that is contrary to Company policies.  This may lead to the employee being subject to disciplinary or any other appropriate action as per Company policies. 

 

B. Laptop Security Controls

All laptops acquired for employees on behalf of the Company shall be deemed to be Company property. Each employee issued with a laptop shall be responsible for the security of that laptop, regardless of whether the laptop is used in the office, at the employee’s place of residence, or in any other location such as a hotel, conference room, car or airport. Employee shall ensure security of the laptop in each of the following domains as per the stated guidelines. Laptops must compulsorily be protected by a username and password.  
 

C. Physical Security & Theft Prevention

To ensure physical security of laptops and data therein, all employees are required to undertake the following actions:

  1. The physical security of Company provided laptops is the employee’s personal responsibility. He/she is therefore required to take all reasonable precautions, be sensible and stay alert to the risks. 

  2. Keep your laptop in your possession and within sight whenever possible, just as if it were your wallet, handbag or mobile phone.  Be extra careful in public places such as airports, railway stations or restaurants.  It takes thieves just a fraction of a second to steal an unattended laptop.

  3. Never leave the laptop unattended when using it outside the office.

  4.  Lock the laptop away out of sight when you are not using it, preferably in a strong cupboard, filing cabinet or safe.  This applies at home, in the office or in a hotel.  

  5. Never leave a laptop visibly unattended in a vehicle.  If necessary, lock it out of sight in the trunk or glove box but it is generally much safer to take it with you. 

  6. Carry and store the laptop in a padded laptop computer bag or strong briefcase to reduce the chance of accidental damage. 

  7. Employees may not take the laptop for repair to any external agency or vendor at any point of time.

  8. In case of any failure, employees are required to report the same to the management.

  9. In case of the loss of laptop- be it on, or off Company premises, due to negligence of the employee, the Company may recover the cost of the laptop from the employee. It is the Company’s discretion to impose further penalties on account of loss of sensitive Company information.

  10. If there is damage on account of the above the employee may be liable to pay the damages at cost to the Company/the same may be deducted from their monthly salary.

  11. Company maintains the right to conduct inspections of any computer equipment, including all laptop it owns or manages without prior notice to the Employee who is at the time the user or custodian of such computer equipment. Employee will submit the laptop for random audit by Company in order to check the physical presence as well as the functional usability of the asset.

  12. In case of leaving the employment or being terminated for any reason, employee will hand over the asset to Company in good condition failing which Company is authorized to charge penalty against the employee.

D. Data Security Controls

Employees are expected to ensure the security of the data within their laptops. In this regard you are to adhere to the following:

  1. You are personally accountable for all network and systems access under your user ID, so keep your password absolutely secret.  Never share it with anyone, not even members of your family, friends, or IT staff.

  2. Corporate laptops are provided for official use for authorized employees.  Do not loan your laptop or allow it to be used by others such as family and friends.  

  3. Avoid leaving your laptop unattended and logged-on.  Always shut down, log off or activate a password-protected screensaver before walking away from the machine.

E. Virus Protection

  1. Email attachments are now the number one source of computer viruses.  Avoid opening any email attachment unless you were expecting to receive it from that person.  

  2. Always virus-scan any files downloaded to your computer from any source (CD/DVD, USB hard disks and memory sticks, network files, email attachments or files from the Internet).  Virus scans normally happen automatically if your virus definitions are up to date, but you can also initiate manual scans if you wish to be certain.

  3. Report any security incidents (such as virus infections) promptly to the IT Help in order to minimize the damage

  4. Respond immediately to any virus warning message on your computer, or if you suspect a virus (e.g. by unusual file activity) by contacting the IT Help.  Do not forward any files or upload data onto the network if you suspect your PC might be infected.

F. Data Backups

  1. You will be personally responsible for storing your data in one drive. 

  2. Remember, if the laptop is stolen, lost or damaged, or if it simply malfunctions, it may be impossible to retrieve any of the data from the laptop.  Saving the data in one drive will save you a lot of heartache and extra work.

G. Use of Unauthorized Software /Content

  1. Employees are required to ensure that they do not download, install or use unauthorized software programs.  Unauthorized software could introduce serious security vulnerabilities into the Company networks as well as affecting the working of your laptop.  Software packages that permit the computer to be ‘remote controlled’ (e.g. PCAnywhere) and ‘hacking tools’ (e.g. network sniffers and password crackers) are explicitly forbidden on Company equipment unless they have been explicitly pre-authorized by Company management for furtherance of legitimate business purposes of the Company.

  2. All software or other programs that are downloaded onto the Company provided laptop, whether or not they are so downloaded in accordance with the business needs of the Company, or the directions of the Company management in this regard, shall immediately become the sole and exclusive property of the Company, and henceforth can only be used in accordance with the directions of the Company in this regard. Further, any programs or software that were pre-installed at the time of the possession of the laptop being handed over to the Company, cannot be altered or removed, whether permanently or temporarily, in any manner whatsoever save and otherwise than in accordance with the directions of the Company in this regard.

  3.  The employee shall not install any unauthorized accessories/software like messengers, chatting software or any malicious software, which may cause problems to the functioning of the Laptop and strictly adhere to Company’s software.

  4.  If there is damage on account of the above the employee may be liable to pay the damages at cost to the Company/the same will be deducted from their monthly salary.

  5. As you might expect, Company will not tolerate inappropriate materials such as pornographic, racist, defamatory or harassing files, pictures, videos or email messages that might cause offence or embarrassment to either the Company, its employees or any third party.  No employee should ever store, use, copy or circulate such material on the laptop and should not visit or attempt to visit any dubious websites.  The Company’s IT staff shall routinely monitor the Company network and systems for such materials and track use of the Internet by all employees. Such IT staff shall report serious/repeated offenders and any illegal materials directly to Company management, and appropriate disciplinary processes will be initiated against such employees by the management.

  6. Employees are also advised that any information in digital or electronic form that they come across in the laptop computer systems provided to them, whether at the time of receiving such systems or at any time thereafter, shall be compulsorily treated by employees as confidential information (“Confidential Information”). Such Confidential Information can exist in any electronic form, including but not limited to documents, memoranda, spreadsheets, databases, encrypted data, passwords, lists of any nature, source code, object code, algorithms, software programs, emails and other communications, designs, blueprints, business projections and plans, financial data, customer and client names and contacts, supplier names and contacts, price lists and quotations, contractual documents, term sheets and executed agreements with vendors/suppliers and customers, and so on. Employees cannot use such Confidential Information in any manner whatsoever save and otherwise than in strict accordance with the directions of the Company in this behalf. Any unauthorized usage by the employee of such Confidential Information, or any act of omission or commission of the employee which results in such unauthorized usage of Confidential Information by any third party, shall expose the employee concerned to liability and consequent action by the Company and/or its management.

  7. Further, in the event any employee is unsure of the status of any digital/electronic information that he or she may discover on any laptop system provided to such employee, the employee must forthwith and without any further delay communicate the existence of such information to the Company’s IT team on the assumption that all such information is potentially Confidential Information, and thereafter follow the instructions of the IT team in this regard. Under no circumstances shall the employee attempt to process such Confidential Information in any manner whatsoever for his or her own personal usage, and any delay in contacting the IT team in this regard shall be regarded as dereliction of duty by the employee.

H. CONSEQUENCES OF BREACH

  1. Any action of the employee that are inconsistent with this Policy shall be treated as serious professional misconduct on the part of the employee, and the employee concerned shall be subject to any disciplinary proceeding, or action, by the Company, which the management of the Company may deem appropriate under the existing circumstances. Such action may also include any rights of termination or any other rights that the Company may have under the terms of the employment agreement entered into by the Company with the employee concerned. 

  2. Employees are further advised that in the event any such employee fails to adhere to the requirements of laptop usage and restrictions on usage of Confidential Information, he or she shall be subject to any penal liability under the provisions of the Information Technology Act, 2000 (the “Act”), including but not limited to Section 43 of the Act. 

  3. The Company shall bear expenses for laptop maintenance and repairs arising out of the normal wear and tear However, in the event of any damage to the laptop arising out of the negligence, misuse or abuse of the laptop by the employee, the employee shall be solely liable to make the payment for all the expenses arising therefrom.  The Company shall have the right to reclaim such expenses and deduct the same from your monthly salary.