Code of Conduct for use of NEMA IT Services
NEMA IT services shall be used in a manner that supports the mission of NEMA, conducive to the overall business climate. NEMA IT services refer to all computers owned or operated by NEMA and includes hardware, software, data, and communication networks associated with these systems. NEMA IT services also include third party services that NEMA uses, such as email and office productivity services. The systems range from multi-user systems to personal computers, whether free standing or connected to networks.
Since NEMA IT services are vital to the operation and administration of the organization, the expectation of ethical conduct by users is the same as in all other areas of business. Users are expected to apply Standards of normal and professional ethics and considerate conduct in economical use of all NEMA IT services and resources. In addition, users are expected to be aware that their use of IT services are subject to all applicable NEMA regulations, Internet regulations, as well as federal, local, and international laws.
NEMA IT services shall be used through authorized user accounts. To be granted the use of a NEMA IT services, users must agree to abide by certain rules and regulations related to appropriate, legal, and ethical use of NEMA computing systems. In addition, the following guidelines apply:
1. Authorized Access & Usage
- Access NEMA IT services through authorized NEMA user account
- Limit the use of NEMA IT services to activities related to the mission of NEMA, including business operations, research, and service
- Unauthorized use of NEMA computing systems for personal profit is prohibited
- Use only legally obtained licensed data or software in compliance with license or purchase agreements and federal copyright or intellectual property laws
- Unauthorized software installation or configuration changes is prohibited
- Respect the privacy of others by refraining from inspecting, broadcasting, or modifying personal data files without the consent of the individual(s) involved
- Tampering with or obstructing the operation of NEMA IT services in any way, including disproportionate use of computer resources that hinders access to others, is prohibited
- Unauthorized access or use of another person's user account is prohibited
- Using NEMA computing systems as a means of unauthorized access to other user accounts or computer systems, inside or outside of NEMA systems is prohibited
- Use or creation of invasive software, such as viruses is prohibited
- Use of NEMA IT services to act in what may be perceived of as an obscene or harassing manner is prohibited
- Access to pornographic or hate related websites while using NEMA IT services is forbidden.
- Using NEMA IT services for games or gambling is forbidden. Examples of prohibited activities include Fantasy Football, college brackets, video games, etc.
2. Monitoring
NEMA has access to all company-provided electronic equipment, property, and NEMA IT services, and may from time to time, and without notice, inspect the condition of that equipment and the communications, content, data and imagery stored on it. If you access, view, create, or save any communications, content, data or imagery in company-provided digital equipment, you have no privacy rights as to it and any such communications, content, data, and imagery are subject to monitoring by NEMA. You must cooperate in such monitoring.
- NEMA IT Services usage is monitored and logged
- Internet activity is monitored and logged
- Use of any software or service for the intent of circumventing monitoring is forbidden
3. Confidentiality
Users shall make every reasonable attempt to protect the security and confidentiality of NEMA's IT services. Users shall not:
- Make unauthorized use of any information in files maintained, stored, or processed by IT services, or permit anyone else to make unauthorized use of such information.
- Seek personal benefit or permit others to benefit personally from any confidential information that has come to them by virtue of their work assignment.
- Exhibit or divulge the contents of any record or report to any person except in the conduct of their work assignment and in accordance with NEMA policies.
- Knowingly include or cause to be included in any record or report a false, inaccurate, or misleading entry.
4. Highly Sensitive Data
"Highly Sensitive Data" is confidential data such as passwords, credit card numbers, social security numbers, and NEMA Member sales data. Highly Sensitive Data should be encrypted and not stored or transmitted in plain text or print. Recommended encryption options include
password protected Excel file or encrypted database such as
KeePass. For more information, please see the NEMA Data Protection Policy.
5. NEMA Intellectual Property
NEMA maintains all rights over its intellectual property including e-mail, files, databases, and all works derived from NEMA’s IT services. Users are forbidden from sharing NEMA’s digital content to un-authorized persons.
6. Safekeeping NEMA Property
Users are responsible for properly using NEMA property such as computers, cell phones, and reservable resources such as projectors and GPS units. Users are responsible for compensating NEMA for property that are lost or damaged beyond normal wear and tear. Property damaged or lost due to criminal activity not related to negligence will be excused with copy of a police report.
Failure to abide by this Code may result in temporary or permanent denial of access to NEMA IT services and action being taken by the appropriate administrative or judicial body.
7. Privacy Policy
In the course of performing and providing services under this Agreement, users may have access to NEMA databases, applications, reports, document and/or other information in hardcopy or electronic form that contain or process Personally Identifiable Information (“Personal Data”) about individuals possessed or stored by NEMA. These individuals may include NEMA employees, temporary workers, contractors, consultants, students, customers or persons who participate in our industry trade association activities, or with whom we do business. NEMA’s Privacy Policy (https://www.nema.org/about/privacy-policy) announces that it respects the privacy of persons with respect to their personal data, and that we limit how NEMA uses that personal data. Personal Data includes, but is not limited to the individual’s name, email address, mailing address, telephone number, name of their employer, job title and/or job function, the IP address of their computers, photograph, personal health information, credit or banking information, political views, and any other information that may be personal identified with a natural person. Users acknowledge and agree that Personal Data, in whatever form, is of a very sensitive nature, and hereby undertakes to treat Personal Data as strictly confidential and to use it only within the limits expressly authorized by NEMA and in accordance with applicable law, rules and regulations. Contractor will use the Personal Data only in accordance with the applicable Data Protection and Privacy laws including the adoption of the required technical and organizational security measures. Users agree that it will not take, transfer, use or exploit, any personal data of individuals except as is necessary for the performance of their NEMA work.
8. Password Policy
- Password cannot contain the user's account name or parts of the user's full name that exceed two consecutive characters
- Must be at least 8 characters
- Cannot be a previous password
- Must be different from passwords used for other accounts
- Do not disclose password. Do not share with NEMA staff, including IT. If disclosed, change your password immediately.
- Do not write down password. Password must be memorized or stored in a password database (such as KeePass). If your password is forgotten, contact IT immediately.
- Must use Two-Factor Authentication for email service