Compliance

Compliance with Legal Requirements

Identification of Applicable Legislation

To avoid any legal or security breaches, CX Index will define, document, and comply with all relevant statutory, regulatory, and contractual requirements for each information system.

CX Index shall implement controls to comply with all relevant statutory, regulatory and contractual requirements for their information system.

CX Index may seek legal or other external advice regarding relevant legal and security information.

Care shall be taken to account for different requirements in different jurisdictions.  CX Index’s legal advisory services will determine differences from standing policy for those locations that have differing legal requirements, and will work with the Senior Management to create exceptions to general policy and specific policies for those jurisdictions.

Intellectual Property Rights

All users at CX Index will comply with the legal aspects of intellectual property protection and the rights and limitations of license agreements associated with proprietary software products.

The purpose of the policy is to ensure that users are aware of and comply with such restrictions as copyrights, trademarks, and design rights.  Users are responsible for not violating applicable copyright, intellectual property, or other licensing rights of electronic media or software that is not the property of CX Index.  Furthermore, users are responsible for not using CX Index intellectual property outside the limits of CX Index policy or licensing.  

Failure to abide by these policies will subject the user to disciplinary actions up to and including termination or criminal/civil charges.

Intellectual Property Standards and Training

Intellectual Property Rights Protection policies shall be included in all security awareness training.

The Senior Management, along with each system owner, shall establish, document and educate applicable users on:

• Maintaining appropriate asset registries
• Maintaining proof of ownership or licenses
• Implementing controls to restrict the amount of users to the appropriate licensed amount
• Implementing controls and checks to ensure that only licensed software is installed
• Policies and controls to assure that license conditions are met
• Policies and controls for disposing of or transferring software to others
• Use of appropriate audit tools

Using Software from Outside Sources

Users will not download or install any third party pirated software on CX Index systems.

Users will not download or install any non-approved software from the Internet.  The Senior Management will approve specific software for use from the Internet if there is a business need.

Copyrighted Material and Peer-To-Peer File Sharing at CX Index

CX Index respects the copyrights of those involved in creating and distributing copyrighted material, including music, movies, software and other literary and artistic works.   It is the policy of CX Index to fully comply with all copyright laws.

CX Index provides its employees access to computer systems and the Internet to allow them to do their jobs on behalf of CX Index.  Employees may make occasional use of CX Index’s computer systems and network for personal use.

When CX Index employees need to use copyrighted materials to do their jobs, CX Index will acquire appropriate licenses.

CX Index employees may not:

• store or otherwise make unauthorised copies of copyrighted material on or using CX Index computer systems, networks or storage media;
• download, upload, transmit, make available or otherwise distribute copyrighted material using CX Index’s computer systems, networks or storage media without authorisation; or
• use or operate any unlicensed peer-to-peer file transfer service using CX Index’s computer systems or networks or take other actions likely to promote or lead to copyright infringement.

Please note – this is not a policy against MP3 files, or electronic music and video files as such.   Rather, the policy is targeted at unauthorised – that is, unlicensed – electronic music and video files.

CX Index reserves the right to:

• Monitor its computer systems, networks and storage media for compliance with this and other company policies at any time, without notice and with or without cause; and
• Delete from its computer systems and storage media, or restrict access to, any unauthorised copies of copyrighted materials it may find, at any time and with or without notice.

Data Protection and Privacy of Personal Information

CX Index will comply with all applicable laws and regulations regarding the protection of personal data.  This will ensure that CX Index is collecting personal information (that information that can be used to identify living individuals) in a manner that complies with laws as well as processing and disseminating that data in a lawful manner.

The Senior Management or a nominated information protection officer shall document policies and procedures that comply with applicable laws and regulations for the handling of personal information for each such instance.

The Senior Management shall distribute policies and educate users, managers and service providers on their responsibilities for compliance.

Information owners shall inform the appropriate information protection officer about proposals to keep information in a structured file.  The information protection officer shall advise information owners on policies and procedures concerning their protection and storage of such data.

Confidential information entrusted to CX Index by clients, business partners, suppliers, and other third parties shall be protected in accordance with CX Index’s Security Policies and legal and regulatory requirements, and shall be protected with at least the same care as CX Index’s confidential information.

Prevention of Misuse of Information Processing Facilities

Users of CX Index information processing facilities will utilise these facilities for only management-authorised business purposes.  CX Index reserves the right to legally monitor facilities for compliance.  The purpose of this policy is to protect the availability and integrity of CX Index’s information processing facilities as well as protect CX Index against legal sanction against the misuse of computers.

The Senior Management should provide guidelines for the legal monitoring of computer facilities.

Managers of information processing facilities will monitor the use of such facilities.

If misuse is detected, it shall be brought to the attention of the person’s manager for disciplinary action.

An acceptable use policy will be communicated to users.  This policy will be included in the acceptance of policy letter that employees will sign during orientation.  The acceptable use policy will govern permitted and forbidden activities for their location.  In all cases, any activity not expressly permitted is forbidden.

Regulation of Cryptographic Controls

Cryptographic solutions are governed by various export controls and use laws and regulations, which vary from country to country.  CX Index will comply with all applicable agreements, laws, regulations or other instruments that control the use or access of cryptographic controls.