Acceptable Computer Use Policy
All data that Is created on the KPLC corporate system remains property of KPLC.
General Use and Ownership
a) Employees are responsible for exercising good judgment regarding the reasonableness of
personal use. Individual departments in consultation with IT department are responsible for
creating guidelines concerning personal use of Information Systems.
b) IT Controls & Security recommends that any information that users consider sensitive or
vulnerable be password protected or encrypted.
c) For security and network maintenance purposes, authorized individuals within KPLC may
monitor equipment, systems and network traffic at any time, as per data and Network Access
policy in ICT Policy document fourth Edition of March 2015.
d) KPLC reserves the right to audit networks and systems on a periodic basis to ensure
compliance with this policy.
Security and Proprietary Information
i) Employees should take all necessary steps to prevent unauthorized access to any KPLC
corporate information including customer or supplier information.
ii) Keep passwords secure and do not share accounts. Authorized users are responsible for the
security of their passwords and accounts.
iii) All PCs, laptops and workstations should be secured with a password-protected screensaver
with the automatic activation feature set at 5 minutes or less, or by logging-off (control-alt- delete
for Windows users) when the host will be unattended.
iv) Because information contained on portable computers is especially vulnerable, special care
should be exercised. Protect laptops in accordance with the "Laptop Security Tips".
v) All hosts used by employees that are connected to the KPLC Internet/Intranet/Extranet, whether
owned by the employee or KPLC, shall be continually executing approved virus-scanning
software with a current virus database.
vi) Employees must use extreme caution when opening e-mail attachments received from unknown
senders, which may contain viruses, e-mail bombs, or Trojan horse code.
Unacceptable Use
Under no circumstances is an employee of KPLC authorized to engage in any activity that is illegal
while utilizing KPLC owned resources.
The list below is by no means exhaustive, but attempts to provide a framework for activities which
fall into the category of unacceptable use:
�System and Network Activities
i) Violations of the rights of any person or company protected by copyright, trade secret, patent or
other intellectual property, or similar laws or regulations, including, but not limited to, the
installation or distribution of "pirated" or other software products that are not appropriately
licensed for use by KPLC.
ii) Unauthorized copying of copyrighted material including, but not limited to, digitization and
distribution of photographs from magazines, books or other copyrighted sources, copyrighted
music, and the installation of any copyrighted software for which KPLC or the end user does not
have an active license is strictly prohibited.
iii) Introduction of malicious programs into the network or server (e.g. viruses, worms, Trojan
horses, e-mail bombs, etc).
iv) Revealing your account password to others or allowing use of your account by others. This
includes family and other household members when work is being done at home.
v) Making fraudulent offers of products, items, or services originating from any KPLC account.
vi) Effecting security breaches or disruptions of network communication. Security breaches include
but are not limited to: accessing data which the employee is not an intended recipient of or
logging into a server or account that the employee is not expressly authorized to access, unless
these duties are within the scope of regular duties. For purposes of this section, "disruption"
includes but is not limited to: network sniffing, pinged floods, packet spoofing, denial of service,
and forged routing information for malicious purposes.
vii) Port scanning or security scanning is expressly prohibited unless prior permission is sought and
granted.
viii) Executing any form of network monitoring which will intercept data not intended for the
employee's host, unless this activity is a part of the employee's normal job/duty.
ix) Circumventing user authentication or security of any host, network or account.
x) Interfering with or denying service to any user other than the employee's host (for example,
denial of service attack).
xi) Using any program/script/command or sending messages of any kind with the intent to interfere
with or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/
Extranet.
xii) Providing information about, or lists of, KPLC employees or KPLC customers to parties outside
KPLC.
