Company
Expertise
Divisions
Contact Us

Contractor General IT Use Policy

 
1. Purpose and Scope
This document outlines the standards and expectations for contractors who use company-provided IT systems, devices, and infrastructure. Additionally, but not superseding, all of a partner or client systems access are to be bound within these guidelines or those more restrictive as outlined by those companies or systems. The purpose is to protect company information, maintain system integrity, and ensure compliance with information security policies.
2. Acceptable Use
  • Company IT systems, including laptops, mobile devices, email, network access, and applications, are provided for business purposes only.
  • Personal use of company systems is not permitted.
  • Contractors must only access data, systems, and applications directly related to their assigned work.
  • Unauthorized sharing, copying, or transfer of company data is prohibited.
3. Security Requirements
  • Contractors must use unique, company-issued credentials and must not share passwords or access tokens.
  • Devices must be protected with passwords, encryption, and automatic screen locks.
  • All software must be approved and installed by the company IT department.
  • All websites accessed must be as explicitly directed or approved to complete your work assignment.
  • Contractors must not attempt to disable or bypass security controls, firewalls, antivirus software, or monitoring tools.
  • Sensitive data must only be stored and transmitted via company-approved systems (e.g., email, file shares, or secure portals).
  • All remote applications and websites should use Multifactor Factor Authentication(MFA) and if that is not possible due to a system limitation then two factor authentication is acceptable. If neither of these are used or there is an issue please escalate to your Trustpoint.One manager.
4. Remote Access
  • Remote access must use approved VPN or secure remote desktop connections.
  • Public Wi-Fi or unsecured networks should be avoided.
  • Devices must not be connected to other networks or systems that pose security risks.
5. Confidentiality and Data Handling
  • Contractors are expected to protect all company and client data as confidential.
  • No company information may be printed, copied, or transmitted outside of company systems without written authorization.
  • Upon contract completion or termination, all data, credentials, and devices must be returned or securely deleted.
  • The use of any AI, large language model technologies, agentic AI, meeting bots, transcription or recording capabilities, or other AI based technologies are strictly forbidden unless authorized in advance by Trustpoint.One.
6. Monitoring and Compliance
  • The company may monitor, log, and audit all activity on company systems.
  • Use of company IT resources implies consent to monitoring and acknowledgment of these guidelines.
  • Any suspected security incidents, data breaches, or lost/stolen devices must be reported immediately to IT Security.
7. Violations
  • Violations of this policy may result in termination of contract, removal of system access, and potential legal action.
Acknowledgment:
By using company IT systems, you agree to comply with these guidelines and all related security and compliance policies.
 
Last Updated: 11/13/2025