This policy outlines DDC OS’ posture on corporate email governance and usage.
Email is a vital tool for undertaking business and all communications performed using this medium are considered information assets that belong to DDC OS.
Email is a primary attack vector for “bad actors” and “cyber criminals” in every industry, due to its widespread use, and the value of the information breached from a successful attack. Consequently, DDC OS will provide resources where required to maintain the confidentiality and integrity of this information asset and ensure enforcement of this policy, even by means of disciplinary action if necessary.
The objective of this policy is to achieve a zero-breach stance on the DDC OS corporate email system, which will safeguard our reputation and protect our information assets.
This policy applies to all DDC OS employees, contractors and agency workers and other individuals that have been granted use of the DDC OS email system.
For the avoidance of doubt, all DDC OS email addresses are in scope of this policy including, but not limited to, individually assigned email addresses (ie email@example.com), shared or departmental mailboxes and email distribution groups.
The use of DDC OS’ email system is for individuals that have been granted access to the system, to conduct work related purposes, on behalf of DDC OS.
DDC OS’ email system must not be used for conducting personal activities of any manner, unless approved by exception from the Director of IT. Even in the case of an exception being granted, personal activities conducted on DDC OS’ email system should be kept to a minimum.
DDC OS employees shall have no expectation of privacy in anything they store, send, or receive on the DDC OS’ email system. DDC OS will monitor messages without prior notice. DDC OS is not obliged to monitor email messages but will do so at any point it chooses. Examples of monitoring on DDC OS mailboxes will undertake are (but will not be limited to) the following:
Threats to information security
DDC OS takes all threats to information security seriously. Threats as a result of attack vectors against our email systems are of a particular concern, when considering the sensitivity of information contained in a DDC OS mailbox.
Whilst DDC OS has invested considerably in technical controls to prevent unauthorised access to email data, such technical controls will not make our email systems impregnable.
Our last line of defence in the case of an email attack vector being exploited will always be our users of the email system. To this extent, we request that you are diligent at all times when using email communications, regardless of the device you are operating, and always follow these guidelines:
All exceptions for allowing minimal personal use of corporate email on a per individual basis, must be approved in writing by the Director of IT.
Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Policy Owner and Maintenance
This policy is owned and maintained by the Compliance Officer.
This policy is approved by the CEO and COO.
John Callachan CEO Simon Keeler COO