Acceptable Use Policy
White Spot Limited
Revised February 2012
This document serves to complement the governing Privacy Policy and Personal & Business Conduct
Policy and applies to all employees and contractors of White Spot Limited who are authorized to use
White Spot Limited’s Systems. The purpose of this policy is to ensure the efficient use of Company
resources and to protect the Company and its employees from misuse of those resources.
This Acceptable Use Policy (AUP) governs the use of White Spot Limited’s Systems (hardware, software,
bandwidth, electronic media, service applications & general network infrastructure). By using the
Systems, you acknowledge that you have read, understand and agree to this Acceptable Use Policy as
set out in this document.
This document may be revised from time to time and it is your responsibility to ensure that you comply
with the latest edition of the AUP at any given time. The latest version of this document can be found
at www.whitespotonline.com.
If you have any questions regarding the proper use White Spot Limited’s Systems please do not hesitate
to contact the Systems Department.
All violations of these guidelines must be reported to the White Spot Systems Department.
Failure to follow the guidelines set out in this document will result in disciplinary action, which could
include termination of employment with White Spot Limited.
I fully understand and agree to follow the guidelines listed above.
Print Name:
Signature:
White Spot Limited (WSL) provides a variety of Systems for the use of our employees. The guidelines
are put in place to ensure professionalism & efficiency is maintained in the use of our organizational
tools, network security is maintained, and PCI compliance is assured.
Network Access Accounts
Network Access Accounts allow users to logon to WSL Systems, including (but not limited to) the
electronic mail system, network file storage, proprietary software systems and online resources (e.g.
intranet, ftp site). If someone were to gain access to a user’s account password, they could tamper with
that user’s files and email.






Login names and passwords must be kept secret and not be communicated to any third party. If
passwords are written down they must be stored securely and accessed by authorized users
only.
Users should change passwords regularly and avoid easily guessed passwords.
White Spot’s Systems Department must be notified immediately upon termination of
employees in a user’s employ or upon compromised accounts.
Accounts are to be used only by the authorized owner of the account for the authorized
purpose. Users may not share their account number or password with another person or leave
an open file or session unattended or unsupervised. Account owners are ultimately responsible
for all activity under their account.
Users must not access anyone’s computer, software or data, without the knowledge and
consent of that person. This includes, but is not limited to, accessing data not intended for the
users, or logging into or making use of a server or account a user is not expressly authorized to
access.
Use or distribution of tools designed for compromising security, such as password guessing
programs, cracking tools, packet sniffers or network probing tools is strictly prohibited.
Bandwidth
Bandwidth encompasses all network technologies that allow for the transmission of information from
one location to another. These technologies include, but are not limited to, provisioned ISP’s (e.g. DSL,
Cable), virtual private networks, and wireless access points.





Bandwidth provisioned must be used exclusively for the direct benefit to the productivity of the
Company. Users are prohibited from non-business activities that generate heavy network traffic
(e.g. streaming music/video, bit-torrent downloads, file sharing) as they may incur financial cost
and/or interfere with others’ legitimate use of the Services.
Diligent effort must be made to conserve system resources.
White Spot has the right to monitor transmissions across the WSL network and to disclose the
same in accordance with the governing Privacy Policy.
Users may not run any program that monitors or intercepts network packet data or any program
that compromises the privacy of network traffic.
Associating any device to network access points utilizing the provisioned bandwidth, including
wireless, is prohibited.
Email
Email is a Company supplied resource and is intended for business use only. White Spot Limited owns
and asserts copyright over all materials created by its employees as part of their employment including
that sent through the email system; therefore, users of the White Spot’s electronic mail system must not
assume privacy or confidentiality. The Company does not intend to routinely monitor the contents of
these systems. However, users should expect that if questions arise regarding appropriate use of these
tools, they will be investigated fully.
Appropriateness of Use
Users are responsible for the appropriateness and content of material they transmit or publish on the
system. Users must not:





Use abusive, threatening, or otherwise objectionable language in either public or private
messages
Join non-business related mailing lists
Falsify information or originator by means or use of another user’s accounts or passwords
Users may not "spam" people via email. This is defined as unsolicited (unwanted,
unrequested) email and includes 'virus alerts' that have not been authenticated or 'get rich
quick' chain mails. If in doubt and especially if the message urges to 'pass it on', don't.
Subscribe to mailing lists, bulletin boards, chat groups and commercial on-line services.
Personal email accounts should be used for this purpose.
Legal & Regulatory Compliance
Users of the electronic mail system are responsible for any misuse that originate from the user’s
individual email account, even activities committed by any friend, family, co-worker, employee, guest or
anyone with access to the account. Users must ensure that others not gain unauthorized access.



Email is neither private nor secret. Personal emails can easily be forwarded to other parties
to whom they were not originally intended and the message manipulated or misconstrued.
This can result in liability of the sender for issues arising such as harassment, defamation or
discrimination. Emails are discoverable documents that may be required to be produced for
legal proceedings.
Communications may not be encrypted so as to avoid security review.
Use of the Services for any activity that violates Local, Provincial, Federal or International
law, order or regulation, is a violation of this Agreement. Prohibited activities include, but
are not limited to:
- Posting, storing, transmitting or disseminating unlawful material, including without
limitation, child or other pornography, any content, data or other material which is
libellous, obscene, hateful, unlawful, threatening, reaction or ethnically offensive,
defamatory or which in any way constitute or encourages conduct that would constitute
a criminal offense.
- Disseminating material which violates copyright or intellectual property rights.
- Fraudulent activities; including but not limited to: impersonating any person or entity, or
forging anyone’s digital or manual signature.
Business Continuity
It is the user’s responsibility to make every effort to conserve system resources and ensure that his/her
activities do not interfere with the legitimate use of the electronic mail system for others.


WSL reserves the right to limits the number of email messages that users can send, the size of
those messages and the amount of email storage allotted per individual email user.
White Spot is not responsible for the forwarding of email sent to any account which has been
suspended or terminated. Such email will be returned to sender, ignored, deleted, or stored
temporarily, at WSL’s sole discretion.
Mobile Devices
We understand how critical the convenience of email on the go is but this connectivity also comes with
responsibility to protect company information. This section applies to personal or business owned
mobile devices (e.g. phones & tablets.) If you opt to configure your device to receive and send
company specific electronic mail, calendar, and contact updates via mail.whitespot.ca synchronization
through Microsoft Exchange ActiveSync you are bound to the following conditions.
Passcode Required
You will need to set up a passcode that will need to be entered to unlock your device in order to
prevent unauthorized users from accessing information on the device.
Automatic Lock
After 5 minutes your device will automatically lock and a passcode will be required to unlock
your device (see above.)
Remote Wipe
White Spot Limited has the right to remotely erase all data on your device and reset it to factory
default.
Automatic Wipe after 10 Incorrect Passcode Attempts
Your device will be erased of all data and reset to factory default if an incorrect passcode is
entered 10 times consecutively.
Data Storage
Data storage is a Company supplied resource and is intended for business use only. White Spot Limited
owns and asserts copyright over all materials stored and users must not assume privacy or
confidentiality. The Company does not intend to routinely monitor the contents of network storage.
However, users should expect that if questions arise regarding appropriateness, they will be investigated
fully.


Users shall not seek information on, obtain copies of, or modify files or other data belonging to
other users, or attempt to gain unauthorized access to the system.
Users will not store unlawful information on networks and systems (e.g. screensavers, graphic &
music files)




Operating or requesting others to operate any company equipment for personal business, or
other non-work related reasons.
Make unauthorized use of any information in files maintained, stored, or processed by WSL, or
permit anyone else to make unauthorized use of such information.
Make excessive use of resources such as network file storage, leading to a denial of service to
others, especially when compounded by not responding to requests for action
Diligent effort must be made to conserve system resources.
Hardware
Hardware includes (but is not limited to), PCs, laptops, modems, printers, network servers, cabling and
firewalls. At any given time, White Spot Systems Department must provided physical and/or remote
access any hardware owned by WSL.




Using hardware for any use other than the productivity of the management and or staff is
prohibited.
Any attempt to breach the security of any machine is forbidden.
Users agree not to relocate any equipment or perform any hardware maintenance or upgrades
as they could negate warranties in place. Maintenance to WSL owned hardware must be done
by a technician approved by the White Spot Systems Department.
Users must not connect any unauthorised hardware devices to the System (e.g. wireless
modem, external drives)
Software
Software owned/licensed by WSL is to be used for business purposes exclusively.




Users must not install or store any unauthorized software on WSL Systems. Any unauthorized
software will be deleted without notification or recompense.
Users must not duplicate any WSL owned/licensed software
Users agree to comply with the applicable terms and conditions of all end user license
agreements agreed to by WSL
User must not, by their actions or inactions, aid the distribution of computer viruses, malware or
other malicious software
PCI (Payment Card Industry) Compliance
WSL has a responsibility to safeguard the credit card and banking information it uses for the purposes of
conducting business transactions.




PAN (Primary Account Number) detail must not be sent via electronic mail
PAN (Primary Account Number) detail must not be stored on WSL data storage
PAN (Primary Account Number) detail must be masked on all banking slips
PAN (Primary Account Number) information recorded for the purpose of future transactions
must be secured and access limited to appropriate individuals




Banking cards left onsite by guests must be secured
Firewall configurations must meet WSL standards
Access to banking point of sale equipment must be limited to staff assigned to conduct the
business transactions
All banking terminals must have a properly applied security sticker and risk management
procedures followed
Information Security and Confidentiality
Many staff members handle a variety of proprietary and private company information, and others
associated with the company, as well as confidential information regarding company business. This
material may include but is not limited to, payroll figures, personal data (such as personal employee
information), confidential files, or financial information. The security and confidentiality of this
information is critical.


Disclosure and discussion of confidential information obtained from departmental records,
either during or after employment with the Company, is strictly prohibited unless such
disclosure is a normal requirement of an employee’s position or has been so authorized.
Your are responsible for the security of any portable device holding Company information (e.g.
CDs, memory keys, PDA’s, phones, laptops)