Electronic Resources Policy

Electronic Resources Policy

Scope

This policy requires all employees and independent contractors, collectively “Users”, of Charles River Associates (“CRA”) that have been granted access to or use CRA “electronic resources” to adhere to acceptable uses and to maintain steps to keep such electronic resources, safe and secure. The term “CRA electronic resources” means all electronic devices, software, systems and networks, directly or through a third party, used to transmit, receive, process or store CRA information or data. CRA electronic resources include, but are not limited to, computers, servers, tablets, smart phones, databases, PDAs, telephones, wireless devices, e-mail systems, voice messaging systems, and Internet connectivity. It also includes the use of non-CRA-owned electronic resources storing or connecting to CRA data. This policy applies whenever and wherever CRA electronic resources are accessed and used.

CRA allows reasonable and limited personal use of CRA electronic resources by Users. Users’ personal use must be occasional and brief, must not unduly burden CRA’s resources and systems, must comply with all laws and CRA policies, and must not interfere with normal business activities or the User’s ability to meet job expectations. In addition, users’ personal use for outside commercial ventures and/or personal financial gain is prohibited.

“Personal use” does not permit use of personal devices on CRA’s internal network.  Both the wired network and CRA internal wireless are intended for CRA-owned devices only.

No Right to Privacy: CRA reserves the right to store, monitor or access Users communications or other materials created, received, stored, transmitted or processed using CRA’s electronic resources, at any time and without notice to the extent permitted by law. Users of CRA’s electronic resources have no right to privacy in emails, text messages, internet usage, documents, files, voice files or other communications or materials created, received, stored, transmitted or processed using CRA electronic resources, including personal or password protected information.  Even messages sent or received on personal accounts and materials Users believe they have deleted are subject to CRA’s review.  In sum, you should not expect that anything created, sent, received, or done on CRA’s electronic resources will be private.

Access to CRA resources and systems, as defined above, are restricted to authorized personnel only.  Authorized personnel are those with approved access, based on what is needed to perform their duties.  Approvers are the appropriate IT director or data/system owner (such as the OIC).     

Some examples of complying with this policy include:

  • Taking appropriate measures to protect the security, confidentiality and integrity of CRA electronic data and information, as required under CRA policies and applicable laws.
  • Protecting UserIDs and passwords for CRA electronic resources.
  • Storing client provided data in network project folders or company provided project websites and only permitting data access to assigned project team members.
  • Restarting your computer at least weekly to enable the processing of system updates on your local machine.
  • Locking workstations when left unattended.
  • Using a privacy screen filter on your laptop if using CRA electronic resources in public places.
  • Obtain approval from IT before downloading or installing software on your computer.

Some examples of not complying with this policy include:

  • Using personal devices (laptops, desktops, tablets, personal phones) on our internal wired or internal wireless network.
  • Any attempt to circumvent CRA-imposed network access controls.
  • Using electronic resources in a manner that violates any law, any CRA policies, including confidentiality and the CRA Code of Business Conduct and Ethics;
  • Using electronic resources in a manner inconsistent with a respectful business environment or which violates CRA's Non-Discrimination and Non-Harassment Policy, for example, by sending offensive or harassing messages or downloading or viewing sexually explicit or other offensive material.
  • Creating or forwarding "chain letters," "Ponzi," or other "pyramid" schemes of any type, or sending of bulk "junk mail" or “email spam” and/or the unauthorized use, or forging, of email header information.
  • Downloading, copying or using software or other materials in violation of copyright laws or license restrictions and/or intentionally introducing malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
  • Downloading internet file sharing applications, or peer to peer file sharing applications, bit torrents, proxies, or anonymizers are not permitted on CRA systems. Work related exceptions will be handled on a case by case basis and justified in person or in writing.
  • Accessing data of which the User is not an intended recipient or logging into a server or account that the User is not expressly authorized to access;
  • Uninstalling or disabling CRA-provided security solutions, such as anti-virus tools, firewalls or password protection.

Safety

On occasion, Users may be required to use wireless devices to respond to client inquiries or conduct company business while traveling. To ensure the safety of our Users, CRA does not condone the use of any electronic resources (including SMS (text messaging) or mobile phone use) to conduct company business while the User is operating a motor vehicle. Users are strongly encouraged to pull off the road and stop the vehicle when any electronic resources usage is immediately required. Under no circumstances should Users place themselves or others at risk to use a wireless device. At all times, Users should use common sense when using a wireless device while in a motor vehicle. Users who are charged with traffic violations resulting from the use of their electronic resources while driving will be solely responsible for all liabilities that result from such acts.

Compliance

Any User who violates this policy will be subject to disciplinary action, up to and including discharge. CRA may amend and/or modify this policy at any time in its discretion. You are responsible for com- plying with such amended policy.

Immediately contact *!ITSHELP@crai.com or call (617)-425-3100 if you become aware of an electronic resource or data that has been lost, stolen or otherwise compromised. Give notice to the appropriate local authorities (for example, the police). You are required to cooperate with ITS and other CRA personnel in connection with any loss or theft incidents. If you have questions regarding the proper use of or concerns with electronic resources, please contact *!ITSHELP@crai.com or call (617)-425-3100, or your local ITS representative.

Review Date 4/12/18