Acceptable use policy for Information Technology equipment, networks and software within the Company.

version 2 - 3 May 2009 version 2

Purpose of this policy:

This policy has the intention to

Purpose of the equipment or software provided by the company:

The IT equipment provided by the company can be used for work-related tasks only.

Period covered by this policy:

The policy is to be implemented permanently. This means also ‘after hours’, during lunch time, in the evening, or while traveling etc.

Personal equipment or software:

It is not allowed to attach personal equipment to the company’s equipment or network, or use personal software on the company’s systems. Do not use personal computers for company work, even if your computer is not attached to the company’s network. Work related information needs to be stored on the company’s systems.


Only the company’s e-mail system can be used. Using external e-mail systems such as hotmail, yahoo, emirates internet, etc. is not allowed.
Information which could be legally, contractually, or commercially binding, should not be transmitted by e-mail to external parties unless it is also transmitted by other adequate medium.

IT Department:

The setup, and configuration of the equipment and networks must be done by the IT Department. The design is done in collaboration with the company’s management.

Local regulations:

The content which is stored in, or transmitted over the company’s systems must adhere to the local regulations of the country where the company’s systems are located.

Practical issues

Data transmission:

Data storage:

All data must be saved on the company’s servers. The PC’s local hard disks are not backed up, nor protected, and should contain only programs and PC configuration. In the case of Laptops or handhelds, see the separate chapter on this subject.

Installation of PCs and software

Installation of PCs and networks, and software, must be done by IT Department only. Only licensed software can be used.

Configuration of PC:

No user configuration please. No screensaver except the built-in ones. No changing of Desktop properties, appearance, cursors, wallpaper, effects etc.. (This helps to keep the PC in top condition, helps the IT Support team imagine what is on your screen when attending support calls, avoids installation of spyware, and gives a consistent and clean image to the IT environment)

Do not configure Windows File and Printer sharing on your PC.

Identification of users:

Use your own login username only. Do not give your password to anyone. Ask for a login username if you do not have one. Requests for new usernames should be done via the department heads to IT department.

Digital cameras:

Preferably, use company-provided card readers to transfer photographs to PC. Do not transfer card reader from one PC to another. Do not swap card readers between 2 PC which have been previously installed with card readers. In case it’s necessary to connect a camera to a PC, do not install the camera-manufacturer-provided software, and access the images on the camera only as an external drive.

Personal Digital Assistants:

Not to be connected to PC, either with wire or wireless, unless purchased by IT Department, in which case it needs to be installed on PC by IT Department.

USB Flash memory

USB memory sticks and drives are a primary source of virus distribution. Use only company-provided flash memory devices. Never use a company-provided USB drive on a personal or external company’s PC. In case of doubt, ask IT department to scan a USB drive.

Mouse and keyboard

Use only company-provided mice or keyboards. Do not change mice or keyboards between computers, unless advised by IT Department. Do not use wireless mice.

Virus detection:

If you see any indication on your computer or e-mail that a virus may be present, or if you receive a virus detection message, even if the message may seem false, you must inform the IT Department (for example by phone)



Most of our networks have a connection to the Internet. This is done with a proxy server plus firewall. Some of the users on those networks are configured to access the Internet. Access to the Internet is provided for business-related activities only. Requests for Internet access need to be sent via the department/project head to IT department.

Internet Relay Chat (IRC), Instant Messaging (IM), such as MSN-Messenger or ICQ, etc. is not allowed.

Peer-to-peer file transfer software is not allowed.

Voice over IP (VoIP) telephony (including Skype and similar services) is by default not allowed. When such type of communication is deemed necessary for business purposes, it should be requested to, and can potentially be installed by the IT department, depending on the bandwidth available at the concerned location. In such case, the solution will be built around the corporate, SIP-based communications systems.

Direct connection from the PC to the Internet is not allowed. This means that you should not access the Internet via an internal or external modem or 3G card connected to your PC, or GPRS/3G/Wireless-enabled mobile phone or PDA which may exchange Internet data via an infrared port or Bluetooth etc. An exception is made for portable computers while they are not connected to the office network. (See chapter on Laptops)

When connected to the Internet, do not download or install any utilities or software, however useful or business-related they may seem. This includes screen-savers, special cursors, date or calendar utilities. Many of them may contain spyware. If you suspect that spyware is present on you PC, call the IT Department, who will remove it.

Laptop computers

Laptop computers adhere to the same rules as all other equipment, with a few exceptions due to the portable nature of this equipment.

Laptop computers can connect directly to the Internet while they are not connected to the local site or office network. However, in that case, they need to have a firewall installed by the IT Department, kept up-to-date automatically or with the help of the user. If while working on the Internet, or in another company’s network, your firewall detects an unknown communication, either block it, or ask the IT Department what to do.

Unlike the fixed office computers, your Laptop can update its virus definitions via ‘LiveUpdate’ over the Internet. When connecting to the Internet, verify whether LiveUpdate’s virus definitions are up-to-date and/or whether the updates are downloaded automatically. If not, run LiveUpdate first, prior to any other activity.

Unlike on fixed office computers, you will have data stored on your local hard disk. Keep this data in specific folders (within My Documents for example). Back up relevant business data onto the company’s server when returning to the office. (Check the server’s available disk space prior to doing this). When out of the office for longer periods, back up new work, and other work which you may need during your trip, on portable media.

As a user of a laptop, when you move to a new project, please inform the IT department about this. Your existing username may have to be created on the new project, and the IT department needs to know the whereabouts of the computer.

Guidelines for sites and departments:

Purchase of office IT equipment:

IT equipment, software and related items (“IT Equipment”) must be purchased by the IT department only, or it’s purchase must be approved by the IT department.

This includes

This does not include

Purchase of industrial or surveying equipment

When purchasing plant or survey equipment which needs to be connected to the IT equipment, seek coordination from the IT department.

This includes

Provisioning of telecommunications lines:

Seek advice from the IT department about which lines are required for data communications. (Such as phone lines for modems, ISDN, ADSL and other DSL, wireless, radio lines etc.)

Relocating equipment

The IT Department needs to be informed when IT equipment needs to be moved. They will come and move the equipment, or will provide telephone advice if their presence is not required. Transport of equipment between site offices needs to be done or coordinated by the IT Department.

Backup of data:

Each site has a tape backup system. The backup is managed by the IT Department, and is done with the help of someone on site, mostly the site’s secretary, who needs to change and rotate the tapes on daily basis.

Third party PCs:

Subcontractors, consultants, or other business partners (or anyone else) cannot connect their equipment to the Company’s network. Connection can still be done, provided that this connection is configured by the IT Department on the 3rd party’s PC. Whether the equipment can be connected will ultimately depend on the type of software, protection and configuration found on the PC.

On some sites, include Dubai Head Office, a wireless network is available, with the intention of providing Internet access to visitors. To gain access to this network, details and a code can be provided by IT Department.