1.1 Purpose of the document IDEMIA Cloud is hosting %3CCustomer%3E owned data in a secure cloud environment. End users play a key role in ensuring that this overall environment remains secure by upholding the Acceptable Use Policy for IDEMIA IDEMIA Cloud. This document describes limitations to how IDEMIA Cloud services may be used by end users. The purpose of this policy is to outline the acceptable use of IDEMIA Cloud services, devices, and applications by its end users. These rules are in place to protect IDEMIA Cloud End Users, customers, and IDEMIA. Inappropriate use exposes IDEMIA Cloud End Users, customers, and IDEMIA to risks including virus attacks, compromise of network systems and services, and legal issues. 1.2 Scope This policy applies to the use of IDEMIA Cloud services, devices and applications by its end users. All users are responsible for exercising good judgment regarding appropriate use of IDEMIA Cloud services, devices and applications in accordance with %3CCustomer%3E policies and standards, and local laws and regulation. 1.3 Policy 1.3.1 General Use and ownership a. Users have a responsibility to promptly report the theft, loss or unauthorized disclosure of %3CCustomer%3E information they would witness while using the service. b. Users may access, use or share %3CCustomer%3E proprietary information only to the extent it is authorized and necessary to fulfill their assigned job duties. c. Users may use IDEMIA Cloud services, devices and applications in compliance with rules and processes defined by %3CCustomer%3E. d. IDEMIA reserves the right to audit networks and systems included in IDEMIA Cloud services, including end users workstations, on a periodic basis to ensure compliance with this policy. This right does not cover any network or equipment owned by %3CCustomer%3E 1.3.2 Security and Proprietary Information e. All computing devices that connect to the IDEMIA Cloud network must comply with current CJIS Security Policy. f. When a new version of CJIS Security Policy is released, all computing devices that connect to the IDEMIA Cloud network must adhere to the new policy within a period of no more than 12 months. g. End user passwords must comply with the Password Policy defined by %3CCustomer%3E. h. Providing access to another individual, either deliberately or through failure to secure its access, is prohibited. 1.3.3 Unacceptable Use The following activities are, in general, prohibited. Under no circumstances is an end user of %3CCustomer%3E authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing IDEMIA Cloud services, devices and applications. The lists below are by no means exhaustive, but attempt to provide a framework for activities which fall into the category of unacceptable use. 1.3.3.1 System and Network Activities When using IDEMIA Cloud services, devices and applications, the following activities are strictly prohibited, with no exceptions: i. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by %3CCustomer%3E. j. Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which %3CCustomer%3E or the end user does not have an active license is strictly prohibited. k. Accessing data, a server or an account for any purpose other than conducting %3CCustomer%3E mission, even with authorized access, is prohibited. l. Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.). m. Revealing your account password to others or allowing use of your account by others. n. Using a IDEMIA Cloud computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction. o. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the user is not an intended recipient or logging into a server or account that the user is not expressly authorized to access, unless these duties are within the scope of regular duties. For purposes of this section, "disruption" includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes. p. Port scanning or security scanning is expressly prohibited without written authorization from IDEMIA. q. Executing any form of network monitoring which will intercept data not intended for the user’s host. r. Circumventing user authentication or security of any host, network or account. s. Interfering with or denying service to any user other than the user’s host (for example, denial of service attack). t. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.