Computer & Information Security

VHN's computer and communications systems include but are not limited to individual workstations provided to employees, centralized computer equipment, servers, laptops, cellphones, all associated software, and VHN's telephone, voicemail, and electronic mail systems. VHN has provided these systems to support its mission. Although limited personal use of VHN's systems is allowed, subject to the restrictions outlined below, no use of these systems should ever conflict with the primary purpose for which they have been provided, VHN's ethical responsibilities are with applicable laws and regulations. Each user is personally responsible to ensure that these guidelines are followed.
Information technology resources are owned by VHN and are intended for use in completing VHN's mission. Their use is governed by the policies within this Employee Handbook, including sexual harassment, patent and copyright, confidentiality, and disciplinary policies, as well as by applicable federal, state, and local laws.  All Employee and Guest Users should be aware that if an act of misuse has occurred, or if there is a reasonable belief that potential damage to systems is genuine and serious, VHN may access any account, file, or other data controlled by the alleged violator and share such information with persons authorized to investigate such incidents.

All data in VHN's computer and communication systems (including documents, other electronic files, e-mail, and recorded voicemail messages) are the property of VHN. VHN may inspect and monitor such data at any time. No individual should have any expectation of privacy for messages or other data recorded in VHN's systems. This includes documents or messages marked “private,” which may be inaccessible to most users but remain available to VHN administrators. Likewise, the deletion of a document or message will not prevent access to the item or completely eliminate the item from the system.

VHN’s systems must not be used to create or transmit material that is derogatory, defamatory, obscene or offensive, such as slurs, epithets, or anything that might be construed as harassment or disparagement based on race, color, national origin, sex, sexual orientation, age, physical or mental disability, medical condition, marital status, or religious or political beliefs. Similarly, VHN's systems must not be used to solicit or proselytize others for commercial purposes, causes, outside organizations, chain messages or other non-job-related purposes. Security procedures in the form of unique user sign-on identification and passwords have been provided to control access to VHN's host computer system, networks and voice mail system. In addition, security facilities have been provided to restrict access to certain documents and files for the purpose of safeguarding information. 

The following activities, which present security risks, should be avoided.

• Attempts should not be made to bypass or render ineffective security facilities provided by the company.

• Passwords should not be shared between users. If written down, passwords should be kept in locked drawers or other places not easily accessible.

• Document libraries of other users should not be browsed unless there is a legitimate business reason to do so.

• Individual users should never make changes or modifications to the hardware configuration of computer equipment. Requests for such changes should be directed to computer support.

• Additions to or modifications of the standard software configuration provided on VHN's PCs should never be attempted by individual users (e.g., autoexec.bat and config.sys files). Requests for such changes should be directed to computer support.

• Individual users should never load personal software (including outside email services) to company computers. This practice risks the introduction of a computer virus into the system. Requests for loading any new software should be directed to computer support.

• Programs should never be downloaded from bulletin board usenet/newsgroup service provider or copied from other computers outside the company onto company computers. Downloading or copying such programs also risks the introduction of a computer virus. If there is a need for such programs, a request for assistance should be directed to computer support or management. 

• Downloading or copying documents from outside the company and uploading them to our systems may be a security risk, and a request for such action should be directed to computer support.

• Users should not attempt to boot PCs from floppy diskettes. This practice also risks the introduction of a computer virus.

• VHN's computer facilities should not be used to attempt unauthorized access to or use of other organizations’ computer systems and data.

• Computer games should not be loaded on VHN's PCs.

• Unlicensed software should not be loaded or executed on VHN's PCs.

• Company software (whether developed internally or licensed) should not be copied onto media other than for the purpose of backing up your drive. Software documentation for programs developed and/or licensed by the company should not be removed from the company’s offices.

• Individual users should not change the location or installation of computer equipment in offices and work areas. Requests for such changes should be directed to computer support or management.
  
  

There are a number of practices that individual users should adopt that will foster a higher level of security. Among them are the following:

• Turn off your computer when you are leaving your work area or office.

• Exercise judgment in assigning an appropriate level of security to documents stored on the company’s networks based on a realistic appraisal of the need for confidentiality or privacy.

• Remove previously written information from mobile media before copying documents on such media for delivery outside VHN.

• Back up any information stored locally on your computer (other than network-based software and documents) frequently and regularly. Please contact computer support if you have any questions about the above policy guidelines.