Introduction

1. This policy is created for employees or the general public who will use the company's computer system, including connecting to the internet through the company's network, and must be strictly followed.
2. The company reserves the right to inspect, collect evidence, and take appropriate action if there is a violation of the computer system usage policy and internet connection.

Definitions

• Company: refers to Alucon Public Company Limited
• Employee: refers to employees of Alucon Public Company Limited
• IT Department: refers to the Information Technology department
• Prohibited Information: refers to any information, in any form, such as emails, Line messages, posts, pictures, clips, chat, games, music, movies, programs, files that contain inappropriate content such as:
  • Deceptive or false information that may cause panic or damage to the company and/or others
  • Content that humiliates or damages the company and/or others
  • Pornographic material
  • Gambling, drugs
  • National security threats or terrorism-related offenses that are harmful to the company and/or others, such as malicious threats, false information that may damage the economy, or false news that causes panic
  • Hacking or disrupting the system or data with malicious intent
  • Violation of copyright or intellectual property laws or other inappropriate or illegal content, including links or any material leading to such information indicating an intention to spread it, such as sending a URL link to pornographic images

General Section

1. The company's computer systems, computers, and connected devices are provided for services related to the company's operations only. They are not allowed to be used for activities unrelated to the company's business.
2. Access to the company's computer system and internet connection must follow the permission request procedures, as specified in the IT management guidelines (SP-ITD-001), with direct supervisors of those requesting access being responsible for the request.
3. Users must understand and comply with the computer system usage policy and internet connection, including any changes or updates.
4. If an employee violates the computer system usage policy and internet connection, they may be subject to legal action if the violation breaks the country's laws.

Section 1: Computer System and Internet Connection Usage Regulations

1. The company operates under Thai law. Therefore, the usage of the computer system and internet connection must comply with the Computer-Related Crime Act B.E. 2560 and other related laws. Employees can study the laws by contacting the IT department.
2. The company does not support or allow its employees to violate the Computer-Related Crime Act B.E. 2560 and other related laws.
3. The IT department will provide user IDs and passwords to employees involved in using the computer system and internet connection individually. Password usage rules include combining lowercase letters, uppercase letters, numbers, and symbols. Passwords should not be based on the user's name, surname, family member's name, close associates' name, or dictionary words, and should be at least 8 characters long with a password change interval of 60 days to ensure overall system security.
4. Employees should use network resources efficiently, such as not downloading large files unnecessarily and avoiding such activities during peak network usage times.
5. Employees' passwords are considered company property and must not be disclosed to others. All employees are responsible for protecting their passwords strictly.
6. Do not use computer programs to automatically save personal passwords (Save Password) for personal computers held by employees.
7. Do not record or note personal passwords in places easily observed by others.
8. Employees may be assigned to access other systems designated by the company. They must follow the system usage rules and keep usernames and passwords confidential unless authorized in writing by direct supervisors.
9. If a user ID and password cancellation is required, notify the direct supervisor to request cancellation immediately after ending use (in writing).
10. Computers and related equipment are company property, and employees must maintain them in working condition.
11. Unauthorized use of non-company computers or other equipment to connect to the company's network is prohibited unless authorized by management.
12. Shut down personal computers after daily tasks are completed, except for servers that must run 24/7.
13. Employees must not use computers for the following purposes:

• To commit illegal acts or cause harm to others
• To perform actions contrary to public order or good morals
• For non-company-related commercial activities
• To disclose confidential information obtained from company duties, whether company or third-party information
• To infringe the company's or others' intellectual property rights
• To access others' information without permission from the owner or rightful holder
• To receive or send prohibited information that causes or may cause damage to the company, such as chain letters or information from third parties that violate laws or others' rights to employees or others
• To disrupt the company's or other employees' computer network usage or make it unusable
• To express personal opinions about the company's operations on websites in a way that causes or may cause misunderstanding
• For any other actions contrary to the company's interests or that may cause conflict or damage to the company
• Including actions involving prohibited information as defined

14. For overall network security, employees must:

• Delete unnecessary information and prohibited information from their computers
• Cooperate and facilitate direct supervisors and network administrators in inspecting the security of personal computers and the network and follow their recommendations
• Handle and preserve personal computers and the network as would be expected in general computer usage
• Do not enter network facilities without permission

15. Company's Authority and Rights: The company grants the IT department authority and rights to maintain information security and take necessary actions, including:

• Acting within reasonable authority to ensure the system's effective operation and security. The company reserves the right to inspect company computers and employees' inappropriate usage. The company may need to record, monitor, or inspect files, email traffic, and internet usage as deemed necessary with management approval, so employees should not expect privacy when using company computers.
• Recording and monitoring computer system usage and network traffic, such as which websites were accessed and when
• Reserving the right to prohibit using unauthorized computer equipment or peripherals not supplied and certified by the IT department, such as USB drives, external drives, or other devices that may risk spreading computer viruses or unwanted instructions

Section 2: Email, Chat, and Other Electronic Communication Usage

1. Do not send prohibited information that damages the company or others.
2. Comply with the Computer-Related Crime Act B.E. 2560 when sending any information.
3. If prohibited information is sent in violation of the Computer-Related Crime Act B.E. 2560 or company regulations, report it directly to the supervisor or IT department staff.
4. Use polite language in emails, chats, and other electronic communications.
5. Do not send anonymous (Spam) emails or electronic communications.
6. Supervisors in each department have the right to inspect their subordinates' email content, with company management's approval, to request the IT department's action.
7. Use only the company-provided email for work purposes and for sending and receiving company information.

Section 3: Company Website and Internet Usage

1. Employees are prohibited from posting or uploading prohibited information on the company's website or other websites.
2. Employees are prohibited from downloading prohibited information, including:

• Violating the Computer-Related Crime Act B.E. 2560
• Containing viruses or unwanted instructions
• Unrelated to the company's activities

Section 4: Software and Program Usage

1. Employees must use only the programs and software specified by the company.
2. Employees are prohibited from installing any software, including computer games, on company computers or systems without direct supervisor and IT department approval.
3. Employees are prohibited from installing pirated or prohibited information-related software or programs.
4. Do not install additional computer programs or devices on company personal computers to allow others to use the company's personal computers or network.

Section 5: Penalties and Punishments

1. Employees who violate or do not follow the computer system and internet connection usage policy will be considered seriously violating company discipline and will be subject to the highest penalties according to the company's work regulations.
2. Employees who violate or do not follow this policy and cause damage to the company and/or others will be held civilly and criminally liable.