قواعد السلوك لاستخدام تقنيات المعلومات والاتصالات

AMF Document OnInformation and Communication Technology (ICT) Code of Conduct May 2017 Page 1 of 10

AMF - ICT Code of Conduct_________________________________________________________________Contents1. Executive Summary............................................................................................................... 32. Definition of ICT resources and users .................................................................................... 33. ICT Users’ responsibilities..................................................................................................... 44. Limitations on use of ICT Resources ..................................................................................... 65. Prohibitions on use of ICT Resources .................................................................................... 76. ICT technicians responsibilities ............................................................................................. 87. Review of the Code.............................................................................................................. 10 Page 2 of 10

AMF - ICT Code of Conduct_________________________________________________________________1. Executive Summary1.1. The Arab Monetary Fund is committed to a Code of Conduct on Information and Communication Technology (ICT) consistent with its Governance Standards and relevant good practices. The Code complements the AMF established policies and procedures on the use of E-mail and Internet. The code also supports applicable laws on combatting information technology crime in the United Arab Emirates where AMF is headquartered.1.2. AMF recognizes the need to provide users with reliable, stable, and safe computing environment and encourages the use of technology in the conduct of business activities. It expects, nevertheless, that all users of AMF ICT resources respect adherence to the ICT Code of Conduct which constitutes a balanced framework of addressing responsibilities, prohibitions, and privacy concerns. To that end, the Code prescribes the rights and responsibilities of AMF and its ICT professionals in monitoring e-mail and internet usage, as well as the rights, limitations and responsibilities of the users.1.3. The AMF ICT Code of Conduct is intended to be an internal document that should be complied with by all employees of AMF, and is also applicable to any other person who makes use of the Information and Communication Technology facilities of the Arab Monetary Fund such as visiting experts and participants in training activities. The Code is equally considered a public document which can be shared for the benefit of all other stakeholders.1.4. The Code defines the ICT resources, sets the scope of application of the rules, limitations and prohibitions on the use of resources, and calls for investigation and disciplinary action for violations or non-compliance.1.5. The AMF ICT Code of Conduct is approved by the Director General, Chairman of the Board based on recommendations of the Administration Committee, and subjected to periodic review to ensure its continued relevance.2. Definition of ICT resources and users Throughout this document, the following definitions are meant for ICT referenced terms unless explicitly stated otherwise:2.1. ICT Regulations: Include this Code of Conduct on Information and Communication Technology (ICT), AMF established policies and procedures on the use of E-mail and Internet, applicable laws on combatting information technology crime in the United Arab Emirates, and any other applicable regulations on ICT that may be introduced by AMF and the UAE. Page 3 of 10

AMF - ICT Code of Conduct_________________________________________________________________2.2. Resources: Any and all electronic computing and communication equipment including personal computers, tablets, telephones, printers, fax machines, photocopiers, and any and all software applications, operating systems, storage and dissemination mediums, peripherals, AMF website, e-mail services, and network facilities that are provided by AMF or used for AMF business and operations.2.3. Users: AMF employees, ICT technicians, visiting experts, consultants, participants in training courses and events, suppliers, occasional and temporary hires, and any other person who makes use of the ICT resources of the AMF.2.4. Limitations: The explicit limitations and restrictions stated in this document on the use of AMF ICT resources by users.2.5. Prohibitions: The explicit prohibitions of activities and use of AMF ICT resources.2.6. Disciplinary actions: The relevant disciplinary measures defined by AMF Administrative Regulations applicable on its employees and penalties in applicable laws on combatting information technology crime in the United Arab Emirates, resulting for non-compliance with the terms of the AMF ICT Code of Conduct and the laws on combatting information technology crime in the United Arab Emirates.3. ICT Users’ responsibilities3.1. All AMF ICT equipment and software provided to network users remain the property of AMF at all times. When a user is no longer employed by AMF, arrangements must be duly made to return AMF property according to relevant policies and procedures3.2. Awareness: ICT users must ensure that their use of AMF ICT complies with all applicable UAE and International laws and relevant Arab Monetary Fund policies and regulations. It is an individual responsibility of each user to be aware of the ICT regulations as defined in this Code. Therefore users violation of this Code will be investigated and may result in disciplinary action.3.3. Usernames: Username, Systems username and email(s) are for user individual or business unit use. Users are responsible for all activities carried out under it.3.4. Passwords: Never disclose your username and password or leave your computer unlocked. Users should change their network, systems and email passwords on regular basis. ICT technicians should never request your password for any reason and you should decline revealing such information Page 4 of 10

AMF - ICT Code of Conduct_________________________________________________________________ nor any data that can provide information about an identifiable natural person.3.5. Personal computers: It is the user responsibility to safeguard the physical access to its personal computer and should lock the Personal Computer in order to prevent unauthorized access or usage by others.3.6. Authorization: No user should have access to AMF ICT resources or use another AMF network user’s computer without prior authorization as prescribed by relevant AMF policies and procedures. Any AMF network user suspecting that there may have been unauthorized access to its assigned computer or files should immediately report to the Chief, IT Division.3.7. Data integrity: AMF aims to ensure the integrity of users’data. Users must not interfere or attempt to interfere in any way with data belonging to other users. No user should access or make unauthorized copies of data belonging to other users.3.8. Wasting resources: Users must not purposely perform acts which are wasteful of ICT resources or which unethically monopolize ICT resources to the exclusion of others.3.9. Privacy: AMF respects the rights of its employees and other users of its ICT resources including their reasonable expectation of privacy. However, it is occasionally necessary to intercept or disclose certain communication while servicing or protecting the systems. AMF employees and other users of ICT resources should be aware of that and expect that certain communications, depending on the technology, may be intercepted and read by ICT technicians.3.10. Monitoring: The content of electronic mail as well as Internet communication may be monitored and logged. Logs however are kept in confidence and are not disclosed without direction from proper AMF or legal authorities or for the purposes of maintenance and protection of AMF ICT resources. Users should be aware that deleted emails may be retrievable by the system administrator under direction from proper AMF or legal authorities.3.11. Email accounts: AMF users’ email accounts are under the user’s own responsibility. Users are legally liable at any time when emails are used for internal or external communication.3.12. Unauthorized commitments: AMF is under no obligation to honor unauthorized commitment made explicitly or implicitly by users of its ICT resources. Page 5 of 10

AMF - ICT Code of Conduct_________________________________________________________________4. Limitations on use of ICT Resources4.1. Ownership: AMF email accounts and contents are owned by AMF. Usage of AMF ICT resources is intended to be fully compliant with AMF’s own policies and respects the relevant governing Laws in the United Arab Emirates. Therefore, the usage of resources is strictly limited to official communication and should not be used to transmit offensive or inadequate materials, or exchange information which are not in accordance with AMF Email & Internet policies and procedures.4.2. Personal usage: Email and internet systems including service providers' facilities must be used for business activities. However occasional and reasonable personal use is permitted provided it does not impact performance of duties.4.3. Commitments: Email or internet communications should not be used to engage AMF in obligations of whatever nature, contracts, purchase orders, commitments or other transactions that require satisfaction of other communication formalities or conditions. For such situations, the relevant policies and procedures should be applied.4.4. Email restrictions: Users must never use, send or distribute emails:  Containing confidential or sensitive information, except as authorized.  Damaging the reputation of AMF or harming its business  Harming any person or organization  Impacting the relationship with any person, organization or country.  Making representations or express opinions on behalf of AMF, except where authorized.4.5. Email cautions: Emails (and attachments) received from unknown origins should be treated with caution. When in doubt contact the IT Division. ICT users have a responsibility to report emails that are being sent anonymously and may contain inappropriate material to IT Division.4.6. External connectivity: Users must not connect any external equipment to AMF Network without prior written authorization from the Chief IT Division.4.7. Internet payments: Users must obtain written permission from the Administration Department before using any service on the Internet that requires payment for business activities. Users are also cautioned about making payments over the internet for personal purchases. Page 6 of 10

AMF - ICT Code of Conduct_________________________________________________________________5. Prohibitions on use of ICT Resources5.1. Exploiting information: Unless duly authorized or allowed by law, users must not use AMF's Information and Communications Technology facilities, or any system connected therewith, or any means of exploiting AMF resources including AMF website to infringe on the privacy of any person in any way including but not limited to:  Eavesdropping, interception, recording, transferring, transmitting or disclosure of conversation or communications or audio or visual materials.  Photographing others or creating transferring, disclosing, copying or saving electronic photos.  Publishing news, electronic photos, scenes, comments, statements or information even if true and correct.  Amending or processing a record, photo or scene for the purpose of defamation or offending another person or for attacking on invading its privacy.5.2. illegal publications: Users must not use, by any means and by which ever form, AMF's Information and Communications Technology facilities, or any system connected therewith, to establish or administer or operates a website or publishes on AMF network any information which promote or praise any programs or ideas which would prompt riot, hatred, racism, sectarianism, or damage the reputation or social peace or prejudice the public order and public morals concerning any society, organization or country.5.3. Unethical acts: Users must not use AMF's Information and Communications Technology facilities, or any system connected therewith systems for any illegal or unethical purposes and for personalized profit or gain making activities. If there is evidence that users have used AMF ICT resources for any such illegal acts, they may be subject to disciplinary actions.5.4. Misuse of email: Using email for any illegal purposes may call for disciplinary action. Prohibitions include the following:  Transmission of obscene or offensive material.  Revealing or publishing confidential, privileged or proprietary information unless expressly authorized in writing.  Accessing copyrighted information and/or download and use of software or tools in a way that violates the copyright laws.  Intentionally spreading or planting computer viruses (i.e. Computer Worms, Time Bombs, Trojan horse, etc.).  Forwarding an unauthorized \"chain letter\" to any internal or external party. Page 7 of 10

AMF - ICT Code of Conduct_________________________________________________________________  Spamming (sending junk mail) to the outside world from AMF email system.5.5. Misuse of internet: Using AMF ICT resources for internet services should respect the reputation of AMF as a leading Arab Organization, accordingly users are prohibited from the following engaging in any of the following activities that may call for disciplinary action:  Browsing internet sites not relevant to business.  Downloading documents and streaming that are not relevant to business needs.  Use of audio visual multimedia or chat rooms for communications other than for business.5.6. Misuse of information: AMF prohibits unauthorized access, disclosure, duplication, modification, diversion, destruction, loss, misuse or theft of information.5.7. Software downloads: The download of Software (shareware or trial versions) is strictly prohibited. Users must not download, install or use any software, not installed by the IT technicians, without prior written authorization from the Chief, IT Division as such software may contain viruses, malware or may not be licensed. Any non-licensed software downloaded from the Internet or not formally acquired by AMF will not be allowed and supported. Users are cautioned that such software may cause damage.6. ICT technicians responsibilities6.1. The ICT technicians (AMF and supplier ICT technicians and systems administrators) will continuously monitor all communication on the AMF network for the unintentional introduction of hazards (for example viruses) which threaten the security of the network to the disadvantage of all users. Such monitoring is not targeted at a particular user and does not normally result in disclosure of the contents of emails or internet sites visited. Typically, an email containing a virus will be automatically intercepted and will be deleted or quarantined without opening.6.2. ICT Technicians should obtain only the required information to perform their duties or to engage in certain technical aspects or investigations in connection with administrative or legal issues. ICT Technicians should not pursue or examine users’ electronic information for any purpose other than to address a specific issue required to perform their duties or as directed by AMF. Page 8 of 10

AMF - ICT Code of Conduct_________________________________________________________________6.3. The casual viewing by ICT Technicians of any data contained in logs or databases that fall outside of an ICT professional responsibilities is strictly prohibited.6.4. ICT Technicians should use the information gathered only for the purpose for which it was obtained. Information should be properly protected while in the possession of ICT technicians, and should also be properly disposed of once it is no longer needed.6.5. ICT Technicians should never request or ask any user for its password nor observe a user entering its password.6.6. ICT Technicians should not open emails or files while troubleshooting an issue unless specific permission is obtained from the concerned user. ICT technicians should limit the examination to the content of emails or files as required for troubleshooting.6.7. ICT Technicians should not access remotely any user desktop for support purposes except when specifically agreed by the end-user.6.8. When developing, testing, analyzing, maintaining or troubleshooting issues in AMF applications, data records should only be interrogated if they are related to the issue being investigated. Appropriate measures should be taken to mask the information to protect the identity of the individual(s) associated with the data.6.9. Data traversing the network must not be monitored without authorization except for maintenance, specific diagnostics and system protection purposes (e.g. virus/malware protection scanning).6.10. Access to log information must only be used for business purposes and as required to support the integrity of systems. Data contained in log files and databases should not be disclosed beyond the need of the IT Division to develop, maintain, troubleshoot or perform diagnostics unless under direction from proper AMF or legal authorities.6.11. Information about a specific user’s access to networks, systems, databases, or any other computer-based resources must not be disclosed to anyone beyond the user unless under direction from proper AMF or legal authorities or for the purposes of development, testing, maintenance, protection and support of an ICT resources.6.12. All requests for access to ICT systems and all physical access to AMF ICT data center must be in accordance with established policies and procedures.6.13. When launching an investigation in response to an alert about possible malicious activity (from an automated tool, a user, or a third party), ICT security professional must act in a responsible and ethical manner. Investigation should be within the scope that has been identified by the alert Page 9 of 10

AMF - ICT Code of Conduct_________________________________________________________________ and for the identified reason. The assigned ICT security professional should track the malicious activity to an originating machine and contact the owner, sharing the information and assisting in a resolution process.7. Review of the Code7.1. Users and ICT Technicians are responsible for the implementation of this Code of Conduct and adhere to it.7.2. The Arab Monetary Fund reserves the right to amend or update this ICT Code of Conduct when it deems necessary, ensuring its continued relevance and conformity with legislation and good practices.7.3. The Chief, IT Division in coordination with the Legal Department at the AMF are entrusted with the responsibility to review this Code of Conduct and propose necessary amendments to the Administration Committee for recommendation and further endorsement by the Director General, Chairman of the Board.7.4. ICT users will be notified of any amendments to this document. Page 10 of 10