15. Acceptable Usage Policy.

Objective
The objective of this policy is to outline the acceptable use of computer equipment at al Baraka
Islamic Bank (the Bank). These rules are in place to protect the employee and the Bank.
Inappropriate use exposes the Bank to risks including virus attacks, compromise of network
systems and services, and legal Issues.

Applies to
All employees, contractors, consultants, temporary and other workers are subject to this policy
and required to abide by it.

Scope
This policy applies to employees, contractors, consultants, temporaries, and other workers at
the Bank including all personnel affiliated with third parties. This policy applies to all
equipment that is owned or leased by the Bank.

Policy
 The Information Technology Department shall maintain a list of all approved devices
for use in addition to all authorized personnel granted the permission to use such
devices should be maintained.
 Additionally, the following are examples of unacceptable uses for the Bank IT
resources:
o Usage policies prohibit copying, moving, or storing of cardholder data onto
local hard drives, and removable electronic media when accessing such data
via remote-access technologies unless specifically authorized.
o All devices must be labeled to determine owner, contact information and
purpose.
 Apart from the standard software any request for installation of specific
software’s/upgrades by any staff member must have an approval from his/her
reporting manager with proper business justification and due approvals as mentioned
elsewhere in this policy document.
 Users are not allowed to install any software license other than that which is
allocated to their designated Desktop / Laptop.
  Users are not allowed to download any unauthorized / pirated software available
over the Internet. If any user downloads and installs any unauthorized/ pirated
software on his/her computer he/she will solely be responsible for the act and will
be liable for any legal consequences arising out of same.
 IT department reserves the right to seek justification from any user for installation
of any particular software and may suggest alternate software in the best interest
of the Bank.
 Critical technologies usage:
o Acceptable network locations for the technology in use must be defined.
o Explicit approval from authorized parties for the use of critical technologies
must be provided.
o All technology used must be authenticated with user ID and password or other
authentication item (for example, token).
o Maintain a list of the Bank approved products. (Appendix-2)
 Remote Access:
o Automatically disconnect sessions for remote-access technologies after a
specific period of inactivity.
o Activation of remote- access technologies used by vendors and business
partners must be done only when needed by vendors and business partners,
with immediate deactivation after use.
o Maintain a list of waivers if any and procedures for granting such waivers.

Enforcement
Failure to comply with this policy will result in disciplinary action based on the Human Resources
Department policies and any other related policies at the Bank.

Communication
Information Security and Quality Assurance section shall communicate this procedure to The Bank’s staff
members.

Audit
Information Security and Quality Assurance section shall audit the proper execution of this policy.
For Questions
For questions or comments, please call IT Service Desk 17535300 ext.: 333.