Overview
Cluster 2 Security Unit (C2SU) systems used to support the delivery of its services must be accessed for genuine business purposes only, and all individuals accessing the C2 Security Support tool have a responsibility to use this resource and information assets in a professional, lawful and ethical manner. Appropriate controls are required in order to clarify the boundaries of acceptable and unacceptable behaviour.
If you break any of the rules in this AUP, you may find yourself facing disciplinary action, or, in the most serious cases, criminal investigation.
Scope
This Acceptable Usage Policy (AUP) covers usage of the online tool owned by C2SU and defines what you may not do when using it.
This policy does not cover the use of departmental IT systems and devices for business use. For this, individuals must refer to their respective departmental AUP.
Applicability
This policy applies to all registered users and agents (hereafter referred to as ‘individuals’) who use the online C2 Security Support tool and all information, in whatever form, relating to its security business activities, and to all information handled by C2SU relating to other organisations with whom it deals.
System Access Control – Individual’s Responsibility
Access to the tool is controlled a User ID (work email) and passwords. All passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all their actions on the tool.
Individuals shall not:
- Allow anyone else to use C2 Security Support tool account log in credentials (user ID and password) on any IT system.
- Leave their C2 Security Support tool user accounts logged in an unattended and unlocked computer.
- Use someone else’s C2 Security Support tool user account log in credentials (user ID and password) to access the tool on any IT systems.
- Leave their password unprotected (for example writing it down).
Note: Using this tool does not affect your individual rights under data protection legislation. By using this system, you agree to allow selected authorised C2SU staff access to, and review, all information created, stored, sent or received by them through this C2 Security Support tool.
Conditions of Use
Use of C2 Security Support tool ‘contact us’ and email is intended for business purposes only.
All users, regardless of their permissions group, shall not:
- Access C2 Security Support tool for anything other than legitimate business purposes only. Individuals are provided with authorised access to the system and its data assets to assist them in the performance of their employment and all users have a responsibility to use the system and data assets in a professional, lawful and ethical manner.
- Use the C2 Security Support tool to perform inappropriate activities that are detrimental to their respective organisation and/or the C2SU. This includes:
- Malicious, harassing, abusive or threatening communication;
- Inciting hate, bullying and harassment;
- Behaviour that is discriminatory in any sense (e.g. on the grounds of sex, sexual orientation, gender, race, age, religious beliefs or disability).
- Defaming another person or organisation
- Introduce malicious programmes or code into the C2 Security support tool (e.g. viruses, spyware or malware)
- Perform any unauthorised changes to C2 Security Support tool system or information.
- Attempt to access data that they are not authorised to use or access.
- Exceed the limits of their authorisation or specific business need to interrogate the system or data.
- Store data from C2 Security Support tool on any non-authorised (personal) equipment.
- Give or transfer C2SU data or software to any person or organisation outside without the authority of C2SU.
- Attempt to tamper with the configuration of the system.
- Send any communications that contains:
- Libellous remarks
- Anything inflammatory, offensive, or which amounts to harassment;
- Spam or phishing attempts
- Any material which is illegal and/or detrimental to the government’s reputation, including copyright infringement, pornography, illegal software and media.
- Use the system for the purposes of harassment or abuse.
- Use profanity, obscenities, or derogatory remarks in communications.
- Access, download, send or receive any data (including images) through the Security Portal, which C2SU considers offensive in any way, including sexually explicit, discriminatory, defamatory or libellous material.
- Use the C2 Security Support tool to make personal gains or conduct a personal business.
- Use the C2 Security Support tool in a way that could affect its reliability or effectiveness, for example distributing chain letters or spam.
- Use the C2 Security Support tool for information classified SECRET and TOP SECRET. This includes uploading, inputting, communicating, storing and processing SECRET and TOP SECRET data.
- Make official commitments through the C2 Security Support tool on behalf of C2SU unless authorised to do so.
- In any way infringe any copyright, database rights, trademarks or other intellectual property.
General Security Requirements
All individuals, regardless of their role, shall:
- Ensure that all passwords comply with the C2 Security Support tool Password Policy.
- Only use the C2 Security Support tool user access accounts and permissions assigned to them.
- Not use the C2 Security Support tool to access, store or communicate any information that is classified above OFFICIAL (N.B The classification tier OFFICIAL includes the sensitive handling caveat, OFFICIAL-SENSITIVE).
- Comply with instructions issued by designated information owners and system administrators within C2SU.
Monitoring and Filtering
All data that is created and stored on C2 Security Support tool system is the property of C2SU and there is no official provision for individual data privacy.
Exemptions, Exceptions and Breaches
All individuals must take every effort to comply with the entirety of this AUP policy set, however, in the case that either some aspect of the policy set is not applicable, or that a system or member of staff is unable to comply with it, C2SU must be notified as soon as possible.
If there has been a deliberate malicious attempt to breach any aspect of this Policy, C2SU will investigate the breach together with the respective Department’s Senior Security Advisor/Security Advisor, in accordance with local security breach policies.
Breaches of this Policy may lead to local disciplinary action or in severe cases the withdrawal of C2SU resources (i.e. access to C2 Security support tool revoked).
Document Maintenance
This document will be reviewed on a regular basis (e.g. annually) or upon significant changes in circumstance.
To ensure that this document stays relevant and current, any errors, oversights, updates identified, or any recommendations or suggestions to the improvement of the security portal and its services, please forward to SecuritySupportTool@cluster2security.gov.uk.