Copyright Compliance Policy For Academics (A4A) Essay.

The Academics for Academics (A4A) is an NGO whose headquarter is at Sydney and Singapore and the management operate all the operations from there. A4A has been funding all the projects and activities using donations contributed by public. It has total ten staff members among which four of them are located in Singapore office and rest six are located in Sydney.

A4A was established to help private and public colleges and universities in Australia and southeast Asia. To become the member of the institution of A4A, for the interested universities and colleges it is mandatory to register with A4A. For the academic and experienced professionals who want to volunteer services like teaching a subject, supervising any research project or development of curricula for member institutions will have to register their interest to A4A. Only after the completion of recruiting process, these individuals can become members of A4A.A4A will provide meals, accommodations, travel expenses and medical expenses to its members.

Data involved in all the activities of the organization need to handled and stored in their information system. A4A need to be assuring that the data and information stored in the information system are secured and safe and does not violate any law. Information security policies have not been developed yet, as it is a very new organization established last year. A4A is currently in the developing process for the comprehensive Information Privacy Policy Sets (ISSP) for their information system. ISSP has been guiding all the individuals of the organization on the use of the technology and processes employed by A4A in a targeted and detailed manner, which is ‘resource-use’. This has been to provide common knowledge of the reasons on why employee could not or could use resources provided by the organization. This must assure the members of the organization that these reasons have not been to establish the foundation regarding administrative enforcement or legal persecution.

However various policies might fall outside the responsibilities of the organization or management that are issue-specific in A4A. In this case, representative unit could serve on the policy committees. Representative must give the contribution of their thoughts on the policies that can be implemented in the list of the policies of A4A. Bardach and Patashnik (2015) stated that Copyright Compliance Policy would be more efficient and effectively explained by the categories mentioned below in the column.

Overview of A4A

The Academics for Academics (A4A) is an NGO whose headquarter is at Sydney and Singapore and the management operate all the operations from there. A4A has been funding all the projects and activities using donations contributed by public. It has total ten staff members among which four of them are located in Singapore office and rest six are located in Sydney.

Scope of Copyrighted materials

It will identify the elements of policies that will help in achieving good security in the NGO.

It will explain the needs for information security in the NGO as it will necessary to make the management process faster and keep all the documents safe

Their permitted use and by whom

Specification of various categories of information security will also be included in this paper. Identification of roles and responsibilities of information security can also be included in this paper in order to protect data from getting unauthorized access or protecting system by proper encryption and using updated server.

Prohibited use:

The employees can be prohibited from forging the email header information or data, or attempting in order to impersonate another person.

Using computers owned by A4A to avoid security systems, or authentication system or escalating privileges or any user-based system should be prohibited in this section of the policy.

Employees must also be prohibited from installing software to the systems owned by A4A.

How the copyright materials are protected?

Identification of appropriate levels of security using proper guidelines and appropriate standards means different level of security based on priorities (Peltier 2016).

Maintenance of these policies

This document will help in establishing an overreach security policy and proper directions for A4A NGO. It is the expectation that individual departments will establish guidelines, operating procedures and standards in order to adhere to and reference this policy while addressing individual and specific needs.

What materials are copyright?

Who can use technology governed by the policy in A4A NGO and for what purpose explained in this section of the policy statement. Information systems of A4A NGO are an exclusive property for organization and users have no right to use it. There should be fair and responsible use information security as it should not focus on a particular individual or any category (Hu et al. 2012). Systems should be accessed for the purpose of A4A NGO only and not for personal use.

Who can use them?

This will define “fair and responsible use” of assets of the organization and equipment and it addresses key legal issues like privacy and protection of the personal information. Policy made, use for purpose not explicitly identifies misuse of equipments (Armstrong, Armstrong and Barton 2016). There should be allowance for the employee to use networks and systems for non-commercial personal e-mail in this policy.

Limitation of the use

The purpose of this policy is to limit the use of certain systems and websites that could be used in manner to harm the reputation of A4A and the information that are being saved in those systems. There should be proper portals and specific credentials for each important member in the A4A in which certain team works (Brown et al. 213).

The employees can be prohibited from forging the email header information or data, or attempting in order to impersonate another person. This prohibition may de-motivate the employees and create negativity about the A4A.

Using computers owned by A4A to avoid security systems, or authentication system or escalating privileges or any user-based system should be prohibited in this section of the policy. This will no-doubt beneficial for the A4A and protect it from any legal actions that government might take actions against the organization.

Employees must also be prohibited from installing software to the systems owned by A4A. There might be some simple software needed to work basic operational activities of the A4A, and this prohibition might stop employees from being able to perform effectively.

Technological Obsolescence

This section will focus on the relationship of the users with the system management. A4A may want to issue specific rules on using emails and electronic documents and storing those documents

Software:

Hardware:

Only hardware owned by the A4A should be used and employees should not be allowed to use external hardware devices. For file transfer and files storage, it is the responsibility of the employee to use devices, which are not corrupted and free from virus.

Database:

There is the need of data encryption in some cases, which needs a data encryption policy in A4A and it should be documented. The applied data encryption policy should be at database- level or server-level as it is required for this organization. A server certificate should be obtained from the trusted Certificate Authority (CA)

Password Policy:

Information related to the strong password creation, password change and password protection statement should be stated in this section of the policy.

Network:

Use of A4A’s computer resources and network should support the missions of the organization in learning, teaching, and research. Users (employees) are responsible to protect and properly use information resources and respect the other’s right. Appropriate use of the resources and information guidelines should be stated in the policy.

Authentication/Access:

It may include guidelines about authorized employee monitoring and the electronic and physical security of those emails and electronic documents (Infnedo 2012). This section should identify specific responsibilities of the users and system administrators so that role of every individual is pre-identified.

Level of Access

Each section of work will be divided in teams and there must be team leaders. These team leaders should have access to their team member’s passwords and the manager should have access to the passwords of each team leaders.

This section will identify the repercussions and penalties for the violation of usage and system management policies. There should be particular penalties for each category of the violation. There should be proper instructions on how to report violation of any other employee that can be anonymously or openly. As they may fear that violator who is a powerful individual in the organization and can retaliate against them who report the violations (Vance and Siponen 2012). In this scenario, anonymous submission will be the most appropriate option for reporting the violations made by any employee.

Related to materials solely copyrighted to A4A

If there violation of the policies, which are solely copyrighted to A4A an individual should be given warning first. If violation related to the reputation of A4A and the very personal information, which are very important for the organization and should not be exposed to others than that individual or employee of A4A should be terminated from his services to the A4A.

Related to materials jointly copyrighted to A4A

For the violation of the policy, which are jointly copyrighted there should be proper penalty like suspension for few days or certain amount of money which the violator will have to pay for the A4A.

Related to the materials copyrighted to an individual

First, that individual should be informed about the violation. He should be introduced to the policy stating what activity of him violated the policy. There should be arrangement of several programs for increasing awareness among the individual related to the policy and the activities, which could violate those policies.

Monitoring of compliance

This policy should contain a timetable for periodic review including its procedures. In order to ensure that all users have guidelines that will reflect the current needs and technologies of the organization, this section must provide an outline of specific methodology for the modification and review of the ISSP (Chen Ramamurthy and Wen 2012).

Frequency of review and update

There should be fixed period for reviewing the policies and updating it if any action or policy seems uncomfortable or not appropriate for the members of A4A. This period may be once in a month or once in two months.

Following are the circumstance when a violator of the policy will not be accountable for not adhering the policies mentioned above:

Relevant policies at right time: Policies can be different for the teachers (employees) and the students who are reading in that organization. The policy should be presented in well documentation before joining the organization.

Contextually availability of relevant policies: Relevant policies should be available for each individual connected to the A4A organization.

Intrusions in the database during file transfer: there may be uncertainties during file transfer process by an unauthorized intruder which may lead in the loss of information or expose of the information for which an individual cannot be treated as responsible for this incident.

Intrusion due to the employee’s irresponsibility: Responsibility is one of the major factors that should be kept in mind before involving to any organization as irresponsibility may also lead to uncertainties in the form of data breach and intrusion.  

There may be various possible approaches to manage and create an effective and efficient ISSP. One of the common approaches is to list all the independent objectives in the document, where each has been tailored to the particular issue regarding the situation. Another approach may be the creation of single document that covers all the issues in the organization covering the course of effect on each employee of the organization. Another approach that may be applicable is the generation of the modular document of ISSP identifying uniquely the administration policy and creation during the maintenance of every requirement of the issues.

Modular policy is the recommended approach in this scenario because it has been resulting in the document relying on the modules or sections as per the template standard for appearance and structure. Particular aspects have been standardized including contents those are customized for each issue that can be a problem in managing the management in A4A. This result has been managed in a manner that each of them has been retrieved from the general template, which can be managed physically and easy in using (Crossler et al. 2013). The approach made in this paper is balancing the effectiveness and development of policies for the policy management. It has been individual module in which each policy is created and then updated by the people who have experienced and responsible for that particular experience.

The new world of technology is experiencing the growth of information technology and need of information security as in practical sector and in the academic discipline in the educational area. There is vast increment in the number of members joining the new technology and being covered in the area of information security by using those technologies (Beckers et al. 2013). It can be very crucial to define that mechanism of the policy of A4A is to secure the information and data that involved during the management of A4A in order to protect the assets and the organization from being ruined. This policy has been built with the same attention and care that is needed in every sections of the information security in order to benefit both the organization and privacy to the employees (Fenz et al. 2014).

The statement of purpose emphases on the scope, applicability of the policy and definition of the technology addressed in the A4A including the responsibilities of the organization towards the privacy of the employee and the informational assets of the organization. Under authorised uses, policy for the user access control of the employees of different categories, fair and responsible use of the internet and systems of A4A. Protection of privacy is also included in this section. Prohibited uses highlights on how employees use the assets of the organization including system and information like misuse or disruptive use, any  criminal use act by any employee, harassing and offensive materials faced by an employee because of the other employee  including copyright, license or any other intellectual property of A4A. Various different restrictions have been proposed in this section. System management includes management of the materials that have been already stored in the A4A and new members are going to access it. Monitoring on employee is also included in this section, which can be an important aspect in the view of an employee. Virus Protection has also been introduced considering the protection of the informational assets of A4A. Physical security and encryption have been explained in this section. Variations of policy include two important aspects which are schedule reviewing of policy by the management and senior contributors and procedures that may be applicable for the modification. Limitations of liability completely protect the organization from any harm that can occur because of any employee. It also emphases on statement of liability and other disclaimers related to the copyright compliance policy.

References:

Armstrong, F., Armstrong, D., and Barton, L. Eds., 2016. Inclusive education: Policy, contexts and comparative perspectives. Routledge.

Bardach, E., and Patashnik, E. M., 2015. A practical guide for policy analysis: The eightfold path to more effective problem solving. CQ press.

Beckers, K., Côté, I., Faßbender, S., Heisel, M. and Hofbauer, S., 2013. A pattern-based method for establishing a cloud-specific information security management system. Requirements Engineering, 18(4), pp.343-395.

Brown, J.D., Ghani, M.A., Hoque, M. and Rehman, U.A., 2013 An Analysis of Web Privacy Policies Across Industries. Worcester Polytechnic Institute.

Chen, Y., Ramamurthy, K., and Wen, K. W., 2012. Organizations' information security policy compliance: Stick or carrot approach?. Journal of Management Information Systems, 29(3), 157-188.

Crossler, R.E., Johnston, A.C., Lowry, P.B., Hu, Q., Warkentin, M. and Baskerville, R., 2013. Future directions for behavioral information security research. computers & security, 32, pp.90-101.

Fenz, S., Heurix, J., Neubauer, T. and Pechstein, F., 2014. Current challenges in information security risk management. Information Management & Computer Security, 22(5), pp.410-430.

Hu, Q., Dinev, T., Hart, P., and Cooke, D., 2012. Managing employee compliance with information security policies: The critical role of top management and organizational culture. Decision Sciences, 43(4), 615-660.

Hugenholtz, P. B., and Okediji, R., 2012. Conceiving an international instrument on limitations and exceptions to copyright.

Ifinedo, P., 2012. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), 83-95.

Lynch, M., 2012. AUTOMATED LICENSE PLATE RECOGNITION (ALPR) SYSTEM.

Peltier, T.R., 2016. Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.

Soomro, Z.A., Shah, M.H. and Ahmed, J., 2016. Information security management needs more holistic approach: A literature review. International Journal of Information Management, 36(2), pp.215-225.

Vance, A., and Siponen, M. T., 2012. IS security policy violations: a rational choice perspective. Journal of Organizational and End User Computing (JOEUC), 24(1), 21-41.