Last Updated: April 14, 2023
1. Incident Response Policy
1.1. Policy Statement
PRAI ("the Company") has established this User Acceptance Policy to outline the guidelines and procedures for user acceptance of technology resources, systems, and applications. This policy ensures that employees and authorized users adhere to acceptable use standards and understand their responsibilities when utilizing the Company's technology resources.
This policy applies to all employees, contractors, and authorized users who have access to the Company's technology resources, systems, and applications.
1.3. User Responsibilities
1.3.1. Compliance with Acceptable Use Standards
Users must comply with the Company's acceptable use standards, including adhering to applicable laws, regulations, and policies. Users are responsible for using technology resources in a responsible, ethical, and lawful manner.
1.3.2. Account Usage and Password Security
Users must ensure the security and confidentiality of their user accounts, access credentials, and passwords. Passwords should be unique, regularly updated, and not shared with unauthorized individuals.
1.3.3. Prohibited Activities
Users are prohibited from engaging in activities that may jeopardize the security, integrity, or availability of the Company's technology resources. This includes unauthorized access, distribution of malware, introduction of vulnerabilities, or any actions that violate applicable laws or regulations.
1.3.4. Reporting Security Incidents Users must promptly report any suspected or actual security incidents, unauthorized access attempts, or other technology-related concerns to the designated personnel or IT department.
1.4. Compliance Monitoring
The Company reserves the right to monitor and audit technology resource usage to ensure compliance with this policy. Monitoring may include reviewing network traffic, system logs, and other relevant data.
2. Security Awareness and Training Policy
2.1. Policy Statement
PRAI ("the Company") recognizes that security awareness and training are crucial for maintaining a secure environment. This Security Awareness and Training Policy outlines the guidelines and procedures for providing security awareness programs and training to employees, contractors, and authorized users to enhance their understanding of security risks and best practices.
This policy applies to all employees, contractors, and authorized users who have access to the Company's technology resources.
2.3. Security Awareness Programs
The Company will conduct regular security awareness programs to educate employees and authorized users on security risks, threats, and best practices. These programs may include training sessions, workshops, newsletters, or other means of communication.
2.4. Training Requirements
Employees, contractors, and authorized users will receive training appropriate to their roles and responsibilities. Training topics may include password security, social engineering awareness, phishing prevention, data protection, and incident response procedures.
2.5. Training Evaluation and Effectiveness
The Company will periodically evaluate the effectiveness of security awareness and training programs. Feedback and metrics will be collected to measure the impact and identify areas for improvement.
2.6. Ongoing Awareness and Communication
The Company will maintain ongoing communication channels to promote security awareness and reinforce best practices. This may include regular security reminders, email notifications, or intranet resources.
2.7. Policy Compliance
Employees, contractors, and authorized users are expected to comply with this Security Awareness and Training Policy. Non-compliance may result in disciplinary action, up to and including termination or contract termination.
These employee-related policies will be reviewed and updated at least once a year or as required to ensure continued relevance and compliance with evolving security risks, laws, regulations, and industry best practices.
For any questions or concerns regarding these policies, please contact the Company's IT department at