IT Acceptable Use Policy
************************

The IT Acceptable Use Policy defines the rules and expectations for using information technology
systems, devices, accounts, and digital services provided or authorized by Maryland Productions
(MP) and Event Revolution (RV). These systems are essential to daily operations and must be used
responsibly, securely, and professionally.

Improper use of IT systems can expose the company to security risks, data loss, legal liability,
and operational disruption.


Purpose
=======

- Protect company data, systems, and intellectual property.
- Ensure reliable and secure operation of IT systems.
- Define acceptable and prohibited uses of company technology.
- Reduce cybersecurity and operational risks.
- Establish accountability for system access and usage.


Who This Policy Applies To
==========================

This policy applies to:

- Employees (full-time and part-time)
- Freelancers and independent contractors
- Temporary staff and interns
- Project Managers and Crew Leads
- Anyone granted access to MP/RV IT systems

Compliance with this policy is a condition of employment or engagement.


Covered Systems & Resources
===========================

This policy applies to all company-authorized systems, including:

- Computers, laptops, tablets, and mobile devices
- Company email accounts
- File storage systems (cloud or local)
- Inventory and project management systems
- Internal communication tools
- Network and internet access
- Software licensed to MP/RV
- Personal devices accessing company systems (BYOD)

Access is granted for business purposes only.


Acceptable Use
==============

Permitted Use
-------------

Users may:

- Use IT systems to perform assigned job duties.
- Access systems relevant to their role.
- Communicate professionally with clients and coworkers.
- Store and share work-related files in approved locations.
- Use limited personal internet access when it does not interfere with work or security.

All use must align with company interests.


User Responsibilities
=====================

All users must:

- Use systems only with authorized accounts.
- Keep credentials confidential.
- Follow system-specific SOPs.
- Log out or lock devices when unattended.
- Protect devices from loss or damage.
- Report issues or suspicious activity promptly.

Users are responsible for actions taken under their credentials.


Prohibited Use
==============

The following activities are strictly prohibited:

- Sharing passwords or accounts.
- Accessing systems without authorization.
- Installing unauthorized software or hardware.
- Circumventing security controls.
- Using systems for illegal activities.
- Accessing, storing, or distributing offensive or inappropriate content.
- Using systems for excessive personal use.
- Attempting to access data outside one’s role.

Prohibited use may result in immediate disciplinary action.


Email & Communication
=====================

- Company email must be used for official business.
- Communications must be professional and respectful.
- Do not send confidential information to unauthorized recipients.
- Phishing or suspicious emails must be reported.
- Automatic forwarding to personal email accounts is prohibited unless approved.

Email is an official company record.


Software & Licensing
====================

- Use only software licensed or approved by MP/RV.
- Do not copy, share, or misuse licensed software.
- Do not bypass licensing or activation mechanisms.
- Report software needs to the system owner or manager.

Licensing violations expose the company to legal risk.


Data Handling
=============

- Store company data only in approved systems.
- Do not download sensitive data to personal devices unless approved.
- Follow data classification and retention requirements.
- Do not delete or alter records improperly.

Data protection is a shared responsibility.


Security & Monitoring
=====================

- Systems may be monitored to ensure security and compliance.
- Users should have no expectation of privacy on company systems.
- Monitoring is conducted in accordance with applicable laws.

Security monitoring protects users and the company.


BYOD (Bring Your Own Device)
============================

- Personal devices accessing company systems must meet security requirements.
- Devices must be password-protected and kept up to date.
- Company data may be removed from personal devices if access ends.
- MP/RV is not responsible for personal data loss on BYOD devices.

BYOD access may be revoked at any time.


Termination of Access
=====================

- System access is revoked immediately when:
  - Employment or engagement ends
  - Access is no longer required
  - Policy violations occur
- Users must return company devices promptly.

Failure to return devices or data may result in legal action.


Enforcement
===========

Violations of this policy may result in:

- Loss of system access
- Disciplinary action
- Removal from jobs
- Termination of employment or contract
- Legal action when appropriate

Severity depends on the nature and impact of the violation.


Acknowledgement
===============

All users may be required to acknowledge this policy in writing. Failure to read or acknowledge this
policy does not exempt individuals from compliance.


Related Policies
================

- :doc:`data_security`
- :doc:`client_confidentiality`
- :doc:`code_of_conduct`
- :doc:`equipment_responsibility`