<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=4032637533630969&amp;ev=PageView&amp;noscript=1">
Skip to content

Acceptable Usage Policy

Last updated: July 17, 2026

Purpose

This policy defines the acceptable and responsible use of the organization’s information systems, IT assets, and resources. It ensures alignment with the organization’s information security objectives, compliance with applicable Canadian legal and regulatory standards (including the Personal Information Protection and Electronic Documents Act, PIPEDA), and safeguards proprietary and sensitive information from unauthorized use or disclosure per the Information Security Policy of BlueMind Inc. (herein referred to as “BlueMind”).

Scope

This policy applies to all users, including employees, contractors, vendors, and third parties, who access the organization’s IT assets, networks, or information systems. It encompasses all devices and environments, including organizational and personal devices used on-premises, remotely, or in hybrid configurations.

Cross-Border Data Handling:

Remote staff operating outside of Canada must adhere to the same security and data protection requirements outlined in this policy. Data accessed or processed by remote personnel must be protected to the same standards as data stored within Canada.

Definitions

  • Information Security Group (ISG): The team overseeing the organization’s information security measures, including this policy.

  • Unacceptable Use: Any activity that violates organizational policies, ethical standards, or applicable laws while utilizing the organization’s resources.

  • IT Resources: All hardware, software, networks, applications, and data owned or managed by the organization.

  • Blogging and Social Media Activities: Public or semi-public communication platforms, including personal blogs, social media posts, and forums.

  • Confidential Information: Any data designated as proprietary or sensitive, including but not limited to trade secrets, intellectual property, Personally Identifiable Information (PII), and internal business communications.

Responsibilities

Information Security Group (ISG):

  • Ensure enforcement of this policy and oversee compliance.

  • Conduct regular training and awareness programs on acceptable use.

  • Monitor and audit IT resource usage for compliance.

Department Heads and Managers (or Designated Supervisors):

  • Ensure their teams adhere to this policy.

  • Approve exceptions and report violations promptly.

End Users:

  • Comply with this policy when using organizational resources.

  • Protect their credentials and promptly report any suspicious activity or policy violations.

  • Report lost, stolen, or compromised devices immediately.

Policy
Acceptable Use

The organization’s IT resources must only be used for legitimate business purposes and in alignment with organizational goals, policies, and legal obligations. Acceptable use includes:

  • Performing tasks and activities directly supporting the organization’s business operations and strategic objectives.

  • Accessing, processing, and sharing information as required for job roles, ensuring compliance with data classification and handling policies.

  • Using IT resources responsibly to prevent harm to the organization’s reputation, resources, or data.

Permissible Personal Use

Personal use of IT resources is permitted on a limited basis, provided it:

  • Does not interfere with work responsibilities or organizational productivity.

  • Does not compromise system security, consume excessive resources, or violate this policy or applicable laws.

Unacceptable Use

The organization prohibits activities that misuse IT resources, jeopardize security, or violate ethical or legal standards, including but not limited to:

System and Network Activities

  • Violation of Laws and Regulations: Engaging in illegal activities or copyright breaches.

  • Introduction of Malicious Software: Deploying or transmitting viruses, worms, ransomware, or spyware.

  • Unauthorized Access and Hacking: Attempting to bypass access controls or exploit vulnerabilities.

  • Denial-of-Service and Disruption: Activities intended to degrade or disrupt systems.

  • Negligence and Data Mismanagement: Leaving devices unlocked, using public Wi-Fi without VPN, or storing sensitive data insecurely.

Email and Communication Systems

  • Spam and Phishing: Sending unsolicited or deceptive messages.

  • Confidential Information Protection: Transmitting sensitive data without encryption or approval.

  • Behavioral Violations: Harassing, discriminatory, or impersonating communications.

  • Restrictions on Personal Use: Using organizational email for non-work-related or political purposes.

Social Media and Blogging

  • Confidentiality and IP Protection: No disclosure of proprietary or sensitive organizational information.

  • Reputation Management: Avoiding posts that could harm BlueMind’s reputation.

  • Ethical Online Conduct: Prohibiting hate speech, trolling, or participation in illegal forums.

Data and Document Handling

  • Adherence to data classification and encryption standards.

  • Secure storage of both physical and digital documents.

BYOD (Bring Your Own Device)

  • Devices must be registered and meet security requirements (encryption, anti-malware).

  • Unencrypted or unapproved devices may not connect to BlueMind systems.

Physical and Environmental Security

  • Workstations must be locked when unattended.

  • Sensitive printed materials must be securely stored or shredded.

Advanced Controls for Sensitive Activities

  • Two-Factor Authentication (2FA): Required for systems handling sensitive data.

  • Logging and Monitoring: All access to sensitive systems is logged and audited.

  • Access Control: Based on the principle of least privilege.

Monitoring and Privacy

  • BlueMind monitors IT resource usage for legitimate business, operational, and security purposes.

  • Monitoring is conducted in accordance with applicable privacy laws and limited to the minimum scope necessary to ensure compliance and system integrity. Users will be notified of any monitoring practices through internal communications or onboarding documents.

Incident Reporting and Response

  • Any suspected or actual data breach, loss, or unauthorized access to systems or information must be reported immediately to the ISG.

  • The ISG is responsible for investigating, mitigating, and documenting incidents in accordance with BlueMind’s security and privacy obligations.

Third-Party and Vendor Compliance

  • Vendors, partners, or contractors who access BlueMind data or systems must comply with this policy and BlueMind’s data protection standards.

  • Third parties are contractually required to maintain equivalent levels of security and confidentiality.

Enforcement and Consequences

  • Monitoring: The organization monitors all IT resource usage to ensure compliance.

  • Consequences: Violations may result in:

    • Temporary or permanent loss of IT access

    • Disciplinary action (up to and including termination)

    • Legal action if violations constitute criminal behavior

Acknowledgment

All users must review, understand, and acknowledge this Acceptable Usage Policy annually. Continued access to BlueMind systems constitutes acceptance of the terms outlined herein.

Exceptions and Policy Evolution

  • Exceptions: Must be approved by the ISG and documented with justification.

  • Policy Updates: This policy will be reviewed annually and updated to reflect technological, regulatory, and organizational changes 

Contact Us

If you have any questions about this Usage Policy, You can contact us:

  • By email: privacy@bluemind.app
  • By mail: 3601 Hwy 7, Suite 610 Markham, ON, L3R 0M3 Canada.