LogoRegulatory Alerts
2021-11-01

COSOB IT Usage Charter

The Commission for the Organization and Supervision of Stock Market Operations (COSOB) issued this charter in November 2021 to regulate the use of IT resources and internet services by all staff members. The document establishes strict rules for professional usage, data confidentiality, software compliance, and security measures during travel and remote access. It further defines monitoring procedures to ensure compliance and outlines a three-tier sanction system for infractions ranging from minor misuse to serious breaches of confidentiality or dignity.

Commission d'Organisation et de Surveillance des Operations de Bourse logo

Algeria

Commission d'Organisation et de Surveillance des Operations de Bourse

Click to view thumbnail

COSOB IT Usage Charter November 2021 Commission for the Organization and Supervision of Stock Market Operations

Page 1/9 Table of Contents Introduction ...................................................................................................................................................................2 Scope of Application .....................................................................................................................................................2 Title I: Access and Use of IT Resources.....................................................................................................................3 1: Rules of Use, Security, and Good Conduct ......................................................................................................... 3 2: Confidentiality Conditions........................................................................................................................................ 4 3: Compliance with Legislation Regarding Software ....................................................................................................... 4 4: Preservation of IT System Integrity............................................................................................... 4 5: Security Measures to Apply During Travel.............................................................................................. 4 Title II: Use of Internet Services (web, email, mobile phone, social networks) .......................5 6: Use of Internet .................................................................................................................................................... 5 7: Use of Email.............................................................................................................................................................. 5 8: Mobile Phone ............................................................................................................................................................. 6 9. Social Networks ............................................................................................................................................................ 6 10: Prohibited Activities..................................................................................................................................................... 6 Title III. Control and Sanctions.........................................................................................................................................7 11: Purposes of Controlling the Use of Network Technologies............................................................................... 7 12: Control and Individualization Measures................................................................................................................ 7 12.1. Control Measures................................................................................................................................................. 7 12.1.1. Control of Internet Use......................................................................................................................... 7 12.1.2. Control of Email ......................................................................................................................... 7 12.2. Individualization Measures...................................................................................................................................... 8 13. Analysis and Control of Resource Use...................................................................................................... 8 14. Sanctions..................................................................................................................................................................... 8 15. Modification................................................................................................................................................................ 8 Appendix .................................................................................................................................................................... 9

Page 2/9 Introduction Most institutions today provide their employees with IT resources to carry out the missions entrusted to them. The main objective of this charter is to regulate the use of IT resources, limit criminal and civil liability, and preserve the IT resources of COSOB. It also aims to raise user awareness and prevent any form of abuse in the use of IT tools. A set of rules will be stated specifying the rights and obligations of users of the COSOB information system in accordance with current regulations. Finally, this charter may serve as a reference in case of conflict. Scope of Application This charter concerns the IT resources and internet services of COSOB as well as any other means of remote connection allowing access, via the Computer Network, to internal or external electronic communication or processing services. These mainly include the following resources: Desktop computers; Laptops; Single-function or multifunction printers; Scanner; Tablets; Mobile phones. It applies to all users regardless of status, and notably concerns permanent or temporary users (interns, service providers, suppliers, subcontractors, etc.) who use the commission's IT resources to which access to the information system is possible remotely directly or from the COSOB Network.

Page 3/9 Title I: Access and Use of IT Resources

  • The use of IT resources and the Network to access them is authorized only within the exclusive framework of the users' professional activity;
  • Any authorization ends upon the cessation, even temporary, of the professional activity that justified it. 1: Rules of Use, Security, and Good Conduct
  • Every user is responsible for the use of IT resources and the network to which they have access;
  • The use of these resources must be rational, to avoid saturation or diversion for personal purposes;
  • Every user must refrain from harming the institution's brand image through the improper use of IT tools;
  • The user must respect the instructions of the system administrator and the IT manager;
  • He must follow the rules in force within COSOB;
  • He must choose secure passwords: • Do not disclose them; • Do not write them on paper documents; • Never communicate them to a third party; • Never lend his account;
  • He must not use or attempt to use accounts other than his own or mask his true identity;
  • He must protect his files;
  • It is his responsibility to protect his data and databases by regularly using various backup methods;
  • He must not leave a document displayed on the screen after use; – He must not attempt to read, modify, copy, or destroy data without authorization; – He undertakes not to provide unauthorized users with access to systems or networks through equipment he uses;
  • He must not use external data storage media (floppy disk, flash drive, CD, etc.) without authorization;
  • He must not leave magnetic media (floppy disks, CDs, flash drives, etc.) lying around;
  • He must respect the procedures for connecting equipment to the COSOB Network;

Page 4/9

  • He must not, under any circumstances, move equipment and/or modify system configurations, unless authorized; – He must not leave his workstation without closing the session, leaving resources or services accessible; – He must use the user guides for IT equipment. 2: Confidentiality Conditions
  • User access to information and documents stored on IT systems must be limited to those belonging to them;
  • It is forbidden to access information held by other users;
  • The user must not disclose general or specific information;
  • The user must apply absolute professional secrecy to all data he may receive. 3: Compliance with Legislation Regarding Software
  • Any software installation is subject to current rules;
  • It is strictly forbidden to install software on a system without first ensuring that the license rights permit it;
  • It is strictly forbidden to make copies of commercial software, for any purpose. 4: Preservation of IT System Integrity
  • The user undertakes not to intentionally disrupt the proper functioning of IT systems and the Network;
  • In the event of a prolonged power outage, it is imperative to shut down the system. 5: Security Measures to Apply During Travel
  • The traveler must take all necessary security precautions according to current regulations;
  • It is strictly forbidden to use public or shared (computers, tablets, etc.) to access the professional email account of COSOB;
  • The traveler must keep his mobile phone or laptop and storage media on him at all times;
  • The traveler must inform the hierarchy and the Algerian diplomatic representation in case of inspection or seizure of IT equipment by foreign authorities during missions abroad;

Page 5/9

  • It is strictly forbidden to use equipment provided during a business trip abroad for professional purposes. Title II. Use of Internet Services (web, email, mobile phone, social networks)
  • In the context of their work within COSOB, employees may be required to use the Internet;
  • This service is accessible for strictly professional purposes. Nevertheless, reasonable and occasional use for personal purposes is permitted under certain conditions; 6: Use of Internet
  • The employer provides authorized workers with Internet access for professional purposes. The following rules apply to any employee authorized to use the Internet:
  • Internet use is limited to professional purposes. Exploration of the Internet for learning and personal development is, however, tolerated, but must in no way harm the proper functioning of the Network or the employee's productivity; The employer may, at any time, limit or prohibit this private use;
  • Internet access can only be done using one's own account (login name). The use of another account is therefore not authorized;
  • Internet access cannot be used for prohibited purposes, described in point 10 below;
  • It is strictly forbidden to access sites whose content is illegal, immoral, offensive, or inappropriate;
  • Publications involving COSOB on the internet must be validated before any publication;
  • No publication or communication is valid without prior agreement from COSOB. 7: Use of Email
  • The primary destination of the email system is exclusively professional. The employer tolerates, however, exceptional use for private purposes, provided that this use is occasional, takes place outside working hours, and does not hinder the proper conduct of COSOB's business or productivity;
  • Under no circumstances can email be used for any of the prohibited purposes described in point 10 below.

Page 6/9 8: Mobile Phone

  • Under no circumstances can the mobile phone be used for any of the prohibited purposes described in point 10;
  • Inventory personal mobile phones or those owned by COSOB that are used to access the professional email of COSOB;
  • Take the necessary precautions for the use of mobile phones according to the same security policy guidelines observed during the use of PCs and laptops;
  • Change the password for the professional email of COSOB after each connection to a public wifi network or after travel;
  • Clear history after each connection to a public wifi network;
  • Do not leave the mobile phone or hand it over to another person;
  • In case of theft or loss of the mobile phone, report to the IT service to change the various identifiers.
  1. Social Networks
  • Under no circumstances can the social network be used for any of the prohibited purposes described in point 10 below;
  • COSOB reserves the right to prohibit, restrict, block, or suspend access to any social network site or part of a social network site for its employees;
  • Social network users must not disclose sensitive personal information, i.e., personal address, financial information, phone number, etc.;
  • Do not use COSOB emails to create accounts on social networks;
  • Employees must use passwords different from those used to access COSOB resources and documents;
  • Be wary of shared links or attachments, especially via direct messaging services offered on social networks. 10: Prohibited Activities It is strictly forbidden to use the email system, Internet access, and more generally, the IT infrastructure of COSOB for:
  • The dissemination of confidential information related to the employer;

Page 7/9

  • Accessing sites whose content is illegal, immoral, offensive, or inappropriate;
  • The dissemination or downloading (pirating) of data or software protected by intellectual property rights, in violation of applicable laws;
  • Participation in a secondary professional activity;
  • Sending messages whose content is likely to harm the dignity of others;
  • Sending or receiving requested messages comprising large volume attachments except for professional needs;
  • Intentionally propagating a virus;
  • Using the "chat" service and games; This list is not exhaustive; Title III. Control and Sanctions 11: Purposes of Controlling the Use of Network Technologies
  • The employer is attached to the principle of respecting the privacy of workers in the workplace. The objectives targeted by this control are, in particular:
  • Prevention and repression of illegal or defamatory acts;
  • Security and/or proper technical functioning of IT systems, the COSOB Network, as well as the physical protection of COSOB installations;
  • Good faith respect for the principles and rules of use of Network technologies, as defined by this charter. 12: Control and Individualization Measures 12.1. Control Measures 12.1.1. Control of Internet Use
  • The employer automatically maintains a general list of Internet sites visited via the COSOB network, indicating the duration and time of visits. This list does not directly mention the employee's identity. It must be regularly evaluated by the employer, within the framework of the objectives aimed at in point 12. 12.1.2. Control of Email
  • Based on general indicators (such as frequency, number, size, attachments, etc.) of electronic messages, certain control measures may be taken by the employer regarding these messages, within the framework of the objectives cited in point 12;

Page 8/9

  • If the employer considers that there is abnormal or prohibited use of the email system, he will proceed, within the framework of the objectives cited in point 12, to identify the worker concerned, in compliance with the individualization procedure described in point 12.2 below. 12.2. Individualization Measures
  • By "individualization," we mean the processing of data collected during a control, with a view to attributing them to an identified or identifiable employee;
  • Appropriate sanctions will be taken as soon as individualization is done.
  1. Analysis and Control of Resource Use
  • For maintenance and technical management needs, the use of hardware or software resources as well as exchanges via the Network may be analyzed and controlled in compliance with applicable legislation.
  1. Sanctions
  • Infractions to this IT charter are sanctioned in accordance with the provisions of Title III of the COSOB internal regulations (cf. Appendix).
  1. Modification
  • The content of the IT charter may be modified, according to the same rules of its elaboration.

Page 9/9 Appendix Category of Sanction List of Infractions First Degree Offense 1 Sending or receiving messages comprising large volume attachments except for professional messages and with hierarchy agreement. 2 Intentional propagation of a virus 3 Use of the "chat" service and games 4 Abusive use of COSOB IT resources 5 Accessing information held by other users 6 Disruptions to the proper functioning of IT systems and the Network 7 Modification of the workstation system configuration 8 Moving IT equipment 9 Improper handling during IT equipment connection 10 Failure to return data 11 Failure to back up data Second Degree Offense 1 Dissemination of confidential information related to the employer 2 Accessing sites whose content is illegal, immoral, offensive, or inappropriate 3 Dissemination or downloading (pirating) of data or software protected by intellectual property rights, in violation of applicable laws 4 Participation in a secondary professional activity 5 Installation of pirated software 6 Harming the institution's image through improper use of IT tools Third Degree Offense 1 Sending messages whose content is likely to harm the dignity of others 2 Publication of information involving COSOB without prior agreement from COSOB

Share