TAYOA Technology Tools Management Policy
1. Introduction and Purpose
1.1. Purpose The purpose of this policy is to establish clear guidelines for the responsible, secure, and effective use of all TAYOA-owned or managed technology resources. Technology is a critical asset that enables TAYOA to achieve its mission of empowering youth and women in Tanzania. This policy aims to:
- Protect the confidentiality, integrity, and availability of TAYOA’s data and systems.
- Ensure all technology assets (hardware and software) are managed efficiently and securely.
- Promote legal and ethical behavior in the use of technology.
- Ensure compliance with relevant Tanzanian laws, including the Personal Data Protection Act of 2022.
1.2. Scope This policy applies to all TAYOA personnel, including board members, employees (permanent, temporary, or part-time), volunteers, interns, contractors, and any other individuals granted access to TAYOA’s technology tools and information systems.
2. Hardware Management
2.1. Asset Assignment All technology hardware (including laptops, desktops, mobile phones, tablets, printers, and network devices) provided by TAYOA remains the property of the organization. Hardware is assigned to individuals for business purposes, and users are expected to be responsible custodians of these assets.
2.2. User Responsibilities Users are responsible for:
- Physical Security: Keeping assigned devices safe from theft, damage, or loss. Laptops and mobile devices must not be left unattended in public places.
- Condition: Maintaining the equipment in good working condition. Any damage, loss, or theft must be reported immediately to your supervisor and the designated IT contact.
- Unauthorized Modifications: Users must not install or remove hardware components or make unauthorized repairs to TAYOA equipment.
2.3. Return of Assets All TAYOA hardware must be returned upon termination of employment or contract. The equipment will be inspected, and all organizational data will be securely wiped.
3. Software Management
3.1. Authorized Software Only software that has been approved and legally licensed by TAYOA may be installed on TAYOA devices. This includes operating systems, productivity software (e.g., Microsoft Office, Google Workspace), and specialized program software.
3.2. Prohibition of Unauthorized Software The installation and use of personal, unlicensed, or pirated software on TAYOA equipment is strictly prohibited. Unauthorized software poses significant security risks and can lead to legal liabilities.
3.3. Cloud Services All cloud-based services (e.g., Dropbox, OneDrive, Asana) used for storing or processing TAYOA data must be approved by management to ensure they meet our security and data protection standards.
4. Acceptable Use Policy
4.1. General Use TAYOA’s technology resources are provided for business-related activities. Incidental and occasional personal use is permitted, provided it does not interfere with work responsibilities, consume significant resources, or violate any other terms of this policy.
4.2. Prohibited Activities Users are strictly prohibited from using TAYOA’s technology for:
- Any illegal activity, including copyright infringement, hacking, or fraud.
- Transmitting, downloading, or storing obscene, harassing, discriminatory, or otherwise offensive material.
- Sending spam or unauthorized mass communications.
- Engaging in political lobbying or campaigning not sanctioned by TAYOA.
- Circumventing security measures on any system.
5. Data Security and Management
5.1. Access Control and Passwords
- Access to TAYOA systems is granted based on the principle of “least privilege,” meaning you will only have access to the data and systems necessary for your job role.
- All users must maintain strong, confidential passwords. Passwords must be a minimum of 12 characters and include a mix of uppercase letters, lowercase letters, numbers, and symbols.
- Passwords must never be shared.
- Multi-Factor Authentication (MFA) must be enabled on all accounts where it is available, including email and the ERP system.
5.2. Data Handling
- Confidential Information: All beneficiary data, financial records, donor information, and employee records are considered confidential. This information must be handled with the highest level of care.
- Storage: Confidential data should only be stored on TAYOA’s secure servers, approved cloud services, or on encrypted devices. Storing sensitive data on personal devices is prohibited unless explicitly approved and secured by TAYOA.
- Transfer: Sending sensitive data via unencrypted email is prohibited. Use secure, password-protected methods for sharing confidential files.
- Disposal: Paper documents containing sensitive information must be shredded. Digital files must be securely deleted according to TAYOA’s data retention policy.
5.3. Security Incident Reporting Any suspected or actual security incident must be reported immediately to your supervisor and the designated IT contact. This includes, but is not limited to:
- A lost or stolen laptop or mobile phone.
- Suspected malware or a virus on your device.
- Receiving a suspicious or phishing email.
- Unauthorized access to your account or TAYOA systems.
Prompt reporting is crucial to mitigating potential damage.
6. Policy Enforcement
Violation of this policy may result in disciplinary action, up to and including termination of employment or contract, and may also lead to legal action. TAYOA reserves the right to monitor its technology systems to ensure compliance with this policy.
7. Acknowledgment
I have read, understood, and agree to abide by the TAYOA Technology Tools Management Policy. I understand that my use of TAYOA’s technology resources is subject to the guidelines and restrictions outlined in this document.
