balanceWORKS

Security

Acceptable Use Policy for balanceWORKS

1. Introduction

This Acceptable Use Policy (AUP) for balanceWORKS is designed to protect Berkshire Associates Inc., our employees, clients and other partners from harm caused by the misuse of our systems and our data. Misuse includes both deliberate and inadvertent actions.

The repercussions of misuse of our systems can be severe. Potential damage includes, but is not limited to, malware infection (e.g. computer viruses), legal and financial penalties for data leakage, and lost productivity resulting from network downtime.

All users of balanceWORKS are responsible for the security of their logins and the data associated with them. As such, all users must ensure they adhere to the guidelines in this policy at all times. Should any users be unclear on the policy or how it impacts their role they should contact Berkshire’s Product Support at product.support@berkshireassociates.com.

2. Definitions

"balanceWORKS" includes all applications that are part of the balanceWORKS platform including balanceAAP, balanceTRAK, balanceREACH and also includes the API for the platform.

"Users" are everyone who has access to balanceWORKS. This includes permanent employees and also temporary employees, contractors, agencies, consultants, suppliers, customers and business partners.

"Systems" means all IT equipment that operates the balanceWORKS platform. This includes, but is not limited to, servers, data networks, networked devices, software, electronically-stored data, third party networking services, and all other similar items commonly understood to be covered by this term.

3. Scope

This policy covers all usage of balanceWORKS and is a universal policy that applies to all applications in the platform. For some Users, a more specific policy exists: in such cases the more specific policy has precedence in areas where they conflict, but otherwise both policies apply on all other points.

Some aspects of this policy affect areas governed by local legislation (e.g., employee privacy laws): in such cases the need for local legal compliance has clear precedence over this policy within the bounds of that jurisdiction.

Users responsible for administration of balanceWORKS for their organization, who monitor and enforce compliance with this policy, are responsible for ensuring that they remain compliant with relevant local legislation at all times.

4. Monitoring

Berkshire Associates Inc. can monitor the use of its IT systems and the data on it as required to maintain the system and keep it secure. This may include (except where precluded by local privacy laws) examination of the content stored within the database and files of any user, and examination of the access history of any users.

Berkshire Associates reserves the right to regularly audit networks and systems to ensure compliance with this policy.

5. Data Security

Users must take all necessary steps to prevent unauthorized access to confidential information. Users are expected to exercise reasonable personal judgement when processing information that is confidential.

Users must keep passwords secure and not allow others to access their accounts. Users must ensure all passwords comply with their organization’s password policy.

Users are responsible for all data, reports and other information that is exported from balanceWORKS to their own systems or devices. Because information on portable devices, such as laptops, tablets and other mobile devices, is especially vulnerable, special care should be exercised with these devices. Berkshire Associates Inc. will not be held responsible for the consequences of theft of or disclosure of exported information.

By default, balanceWORKS user accounts will automatically log out after 30 minutes of inactivity. Users designated as Administrators for their organization have the ability to increase or decrease this timeout period as desired to match their organization's IT security policies.

Users uploading files into balanceWORKS for processing must at all times guard against the risk of malware (e.g., viruses, spyware, Trojan horses, rootkits, worms, backdoors) being imported into balanceWORKS by whatever means possible and must report any actual or suspected malware files to Product Support immediately. Berkshire scans incoming data to help prevent malicious files from entering the system, but Users are ultimately responsible for the files they provide for processing.

6. Unacceptable Use

The activities below are provided as examples of unacceptable use of balanceWORKS and its Systems, however it is not exhaustive. Should a user need to contravene these guidelines in order to perform their role, they should consult with and obtain approval from their balanceWORKS administrator or Berkshire’s Product Support Team, when necessary.

  • All illegal activities, including activities that contravene data protection regulations.
  • Activities that have an intentional negative impact on the day-to-day functioning of the System.
  • All activities that are inappropriate including pornography, gambling, inciting hate, bullying and harassment.
  • Circumventing the IT security systems and protocols which Berkshire Associates Inc, or the User’s organization has put in place.
  • Using communication or file sharing functionality to proliferate the distribution of malware or other malicious activities.

7. Enforcement

Berkshire Associates Inc. will not tolerate any misuse of its systems and will terminate any user accounts found to have contravened the policy, including not exercising reasonable judgment regarding acceptable use. While each situation will be judged on a case-by-case basis, Users should be aware that consequences may include the termination of their account. The balanceWORKS administrators at an organization associated with a terminated account will be promptly notified with a summary of the infraction including user account, date/time and reason.

Berkshire Associates Inc. will not hesitate to cooperate with any criminal investigation and prosecution that may result from the use of balanceWORKS resources for any illegal activity.

Date Version Summary of Changes
07/12/2016 1.1 Initial Policy Draft
07/28/2017 1.2 Annual Policy Review
08/08/2018 1.3 Product names updated, annual review of policy
07/22/2019 1.4 Annual review of policy. Updated Data Security section to provide more detail about login timeouts and repsonsibility for malicious files.
08/12/2020 1.5 Annual review of policy.
08/6/2021 1.6 Annual review of policy, updated Unacceptable Use section for additional clarity.

Need more help?

If you are unable to find the answer to your questions or simply wish to speak to a support representative, email Product Support or give us a call at +1(800).882.8904.