All employees are responsible for exercising good judgement regarding appropriate use of information, electronic devices, and network resources in accordance with company policies and standards, and local laws and regulations.
IT Resources are to only be used for business purposes in serving the interests of the company, and of our clients and customers during normal operations.
This policy applies to the use of information, electronic and computing devices, and network resources to conduct company business or interact with internal networks and business systems, whether owned or leased by Encore, employees, or a third party.
Read, Understand, and Comply with this policy.
Acknowledge the policy during onboarding through the assigned Encore Company Policies course on KnowBe4.
Approve and enforce compliance with this policy.
Answer all questions or comments related to this policy.
Manage and review this policy at least annually.
Collect evidence as required.
Encore’s proprietary information stored on electronic and computing devices whether owned or leased by Encore, employees, or a third party; remains the sole property of Encore.
For business needs and based on approval, if Bring Your Own Devices ("BYOD") arrangements are in place, i.e., Personally-owned workstations or mobile devices are used for business purposes, users must not create or store confidential or sensitive information on personally-owned workstations.
You have a responsibility to promptly report the theft, loss, or unauthorized disclosure of Encore’s proprietary information to the Service Desk (servicedesk.encore.ca).
You may access, use or share Encore’s proprietary information only to the extent it is authorized and necessary to fulfill your assigned job duties.
All employees are responsible for exercising good judgment regarding the reasonableness of personal use. Encore is responsible for creating guidelines concerning personal use of Internet/Intranet/Extranet systems. In the absence of such policies, and if there is any uncertainty, employees should consult their supervisor or manager.
For security and network maintenance purposes, authorized individuals within Encore may monitor equipment, systems, and network traffic at any time.
Encore reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.
System-level and user-level passwords must comply with Encore’s password guidelines, which are found in our Password Policy.
Providing your access to another individual, either deliberately or through failure to secure your password, is prohibited.
All computing devices are secured with a password-protected screensaver with the automatic activation feature set to 10 minutes or less. You must lock the screen or log off when the device is unattended.
All emails sent externally by employees from an Encore email address (@encore.ca or @zii.travel) should contain a disclaimer stating that the opinions expressed are strictly their own and not necessarily those of Encore’s unless the external email is within scope of business duties.
Employees must use extreme caution when opening email attachments received from unknown senders, to avoid viruses or malware.
The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., IT Department employees may have a need to disable the network access of a host if that host is disrupting production services),
Any exception to this policy must be documented, justified, then approved by the Director of IT in advance. Exceptions will be evaluated on a case-by-case basis to ensure that they do not compromise the overall security and compliance objectives of Encore.
Under no circumstances are employees authorized to engage in any activity that is illegal under local, state, federal, or international law while utilizing company-owned resources.
The lists below are by no means exhaustive but provide a framework for activities that fall into the category of unacceptable use.
The following activities are strictly prohibited, with no exceptions:
Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use by Encore.
Subscribing to, downloading and/or installing any software (including cloud-based software) for work purposes (even if it is trial based) without authorization of both your Manager and IT Management. This authorization needs to acquired via a Service Desk Ticket.
Unauthorized copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Encore or the end user does not have an active license is strictly prohibited.
Introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).
Revealing your account password to others or allowing the use of your account by others. This includes family and other household members when work is being done at home.
Using a Encore computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user's local jurisdiction.
Making fraudulent offers of products, items, or services originating from any Encore account.
Making statements about warranty, expressly or implied, unless it is a part of normal job duties.
Effecting security breaches or disruptions of network communication.
Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorized to access unless these duties are within the scope of regular duties.
Executing any form of network monitoring which will intercept data not intended for the employees' host, unless this activity is a part of the employees' normal job/duty.
Circumventing user authentication or security of any host, network, or account.
Introducing honeypots, honeynets, or similar technology on the Encore network.
Interfering with or denying service to any user other than the employees' host (for example, denial of service attack).
Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user's terminal session, via any means, locally or via the Internet/Intranet/Extranet.
Providing information about, or lists of, company employees to parties outside Encore.
Revealing or publicizing Encore’s confidential or proprietary information, which includes, but is not limited to: financial information, new business and product ideas, marketing strategies and plans, databases and the information contained therein, customer lists, technical product information, computer software source codes, computer/network access codes, and business relationships.
When using company resources to access and use the Internet, users must realize they represent the company. Whenever employees state an affiliation to Encore, they must also clearly indicate that "the opinions expressed are my own and not necessarily those of Encore".
Sending unsolicited email messages, including the sending of "junk mail" or other advertising material to individuals who did not specifically request such material (email spam).
Any form of harassment via email, telephone, or paging, whether through language, frequency, or size of messages.
Unauthorized use, or forging, of email header information.
Solicitation of email for any other email address, other than that of the poster's account, with the intent to harass or to collect replies.
Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.
Use of unsolicited email originating from within Encore's networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by Encore or connected via Encore's network.
Any non-corporate devices (i.e., USB drives) should not remove corporate or client-sensitive data unless otherwise approved by management.
The ability to export data via USB ports is restricted.
The Information Security Office will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits. All those found in policy violation may be subject to disciplinary action, up to and including termination.
“BYOD” – means Bring Your Own Device, referring to the practice of allowing Employees of Encore to use personally owned computers, smartphones, or other devices for work purposes.
“Customer” – means a person, or corporate entity, who purchases or receives products or services from Encore.
“Disruption” – means, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.
“Employee” – means all salaried and hourly paid Employees including the Steering Committee, Contractors, Consultants, Temporaries, Interns, Agents and other workers at Voyages Encore Travel Inc., including all personnel affiliated with third parties. Can be referred to by the pronoun ‘their’, ‘they’ or ‘them’.
"Encore" – for the purpose of this policy, refers to Voyages Encore Travel Inc. and Encore Travel Americas.
“IT Resources” – for the purposes of this Policy, means Encore’s computing and network resources.
“Junk Mail” – means unsolicited email, or other advertising material sent to individuals who did not specifically request such material. Also known as “Spam”.
“Pirated” – means software reproduced or replicated without permission from the owner or creator, usually in contravention of a patent or copyright.
“Spam” – means unwanted, unsolicited digital communication that is sent out in bulk. Spam is typically sent via email.
“Steering Committee” – means the Chief Executive Officer; Chief Technology Officer; Head of Strategy, Growth & Corporate Development; Head of Product; Head of Commercial Strategy; and Head of Travel Technology & Operations.
“Their”, “They” or “Them” – means the person or entity previously referred to.