IT & Acceptable Use Policy

1. Purpose

This policy establishes the rules for the acceptable use of technology resources by Divergent Edge Strategies ("we", "our", "us") employees, contractors, and authorised third parties.

Our goals are to:

• Protect company and client data from security breaches
• Ensure responsible and lawful use of IT systems
• Maintain compliance with Australian cybersecurity laws, including the Privacy Act 1988 (Cth) and the Notifiable Data Breaches scheme

2. Scope

• All company-owned devices, networks, and applications
• All personal devices authorised for work use under our BYOD (Bring Your Own Device) arrangements
• All client-owned systems and equipment accessed while performing contracted services

3. Definitions

• Authorised User: Anyone granted permission to access company or client systems for legitimate business purposes
• Systems: Hardware, software, networks, cloud services, and storage devices used for work
• BYOD: Use of an employee’s personal device (e.g., laptop, phone) for approved company work

4. Policy Statement

• For legitimate business purposes only
• In a manner that protects confidentiality, security, and integrity of information
• In compliance with applicable laws, policies, and contractual obligations

5. Acceptable Use

• Access work-related files, applications, and communications tools
• Conduct authorised client or company work
• Communicate professionally with colleagues, clients, and stakeholders

6. Unacceptable Use

• Access or store illegal, offensive, or inappropriate content
• Share login credentials or allow unauthorised access
• Use systems for personal financial gain or unrelated business ventures
• Install unapproved software or alter system configurations without authorisation
• Circumvent security controls or monitoring systems

7. Security Requirements

• Use strong, unique passwords and enable Multi-Factor Authentication (MFA) where available
• Lock screens or log off when leaving devices unattended
• Store confidential data only in approved secure systems
• Encrypt sensitive data during transmission
• Report any suspected security breach immediately

8. Use of Client Systems

• Follow both Divergent Edge Strategies’ policies and the client’s IT security requirements
• Do not copy or remove client data unless authorised in writing
• Use client-provided accounts only for the specific purposes assigned
• Return or delete all client data upon completion of the engagement, as directed by the client

9. Monitoring

• Divergent Edge Strategies and/or the client may monitor use of their IT systems to ensure compliance
• Users have no expectation of privacy when using company or client systems

10. Breaches

• Revocation of system access
• Disciplinary action, up to and including termination of employment or contract
• Reporting to relevant authorities in the case of illegal activities

11. Responsibilities

• Management: Maintain secure systems, provide training, and enforce policy compliance
• Employees/Contractors: Use systems responsibly, follow security procedures, and report issues promptly
• Suppliers/Partners: Adhere to these standards when given system access

12. Review & Updates

This policy will be reviewed annually or upon changes in technology, law, or security risk.