Data Security User Responsibilities Policy

Introduction
OASIS Open recognizes the importance of data security in protecting our information assets and technology infrastructure. This policy outlines the responsibilities of all users of OASIS’s information systems and networks, including staff, OASIS members, third party vendors, and any other users accessing our technology resources.  Adherence to these responsibilities is essential for maintaining the security and integrity of our systems and data.

Scope
This policy applies to all users who have access to OASIS’s information systems, networks, and data. It covers all forms of technology resources owned or managed by the organization.

User Responsibilities

General Conduct

  • Secure Authentication: Safeguard login credentials and not share them with others. Use strong, unique passwords and change them regularly.
  • Data Protection: Handle all data, particularly sensitive or confidential information, with care and only access data necessary for your role.
  • Device Security: Ensure that any personal devices used for work purposes meet the organization’s security requirements.
  • Software Updates: Keep all software, including operating systems and applications, up to date to protect against vulnerabilities.

Acceptable Use

  • Internet and Email Use: Use the organization’s internet and email services appropriately and professionally, avoiding access to inappropriate websites or the transmission of offensive material.
  • Prohibited Activities: Do not engage in activities that could compromise the organization’s cybersecurity, such as installing unauthorized software on the organization’s systems,, disabling security features, or participating in hacking activities.

Incident Reporting

  • Immediate Reporting: Report any suspected cybersecurity incidents, phishing attempts, or security vulnerabilities immediately to the designated contact point within the organization.
  • Cooperation: Cooperate with any investigations or requests for information related to cybersecurity incidents.

Compliance and Legal Obligations

  • Policy Adherence: Comply with all relevant policies, procedures, and legal obligations regarding cybersecurity and data protection.
  • Training Participation: Participate in cybersecurity awareness and training programs provided by the organization.

Enforcement and Sanctions
Violations of this policy may result in disciplinary action, up to and including termination of access to OASIS resources, employment or contracts, legal action, and in the case of illegal activities, referral to law enforcement authorities.

Policy Review and Update
This policy will be reviewed periodically and updated as necessary to reflect changes in technology, cybersecurity threats, and legal and regulatory requirements.

Contact Information
For questions regarding this policy or to report a security incident, please contact OASIS’s Executive Director.