Acceptable Use Policy

Veridian Corp — Technology Resources Usage Standards

Document IDAUP-001
Version3.0
Effective DateJanuary 15, 2026
OwnerIT Security Team
ScopeAll employees, contractors, vendors with system access

Permitted and Prohibited Use

Company systems and networks must be used primarily for legitimate business purposes.

Employees must not use company systems to access, store, or distribute illegal, offensive, or discriminatory content.

Installation of unauthorized software on company devices is prohibited; all software must be approved and deployed by IT.

Company internet connections must not be used for torrenting, cryptocurrency mining, or streaming services unrelated to work.

Employees must not attempt to circumvent, disable, or tamper with security controls, monitoring tools, or access restrictions.

Monitoring and Privacy

Employees should have no expectation of privacy when using company-owned systems, networks, or equipment.

Veridian Corp reserves the right to monitor, log, and audit all activity on company systems without prior notice.

Access logs, email records, and system activity may be reviewed as part of security investigations or compliance audits.

Employees must not attempt to delete, alter, or conceal their activity on company systems.

Software Installation

All software must be licensed; installation of pirated or unlicensed software is a terminable offense.

Browser extensions must be reviewed and approved by IT Security before installation on company devices.

AI-powered tools and SaaS applications that process company data must receive IT Security and Legal approval before use.

Data Transfer

Company data must not be uploaded to personal cloud storage services (Google Drive personal, Dropbox personal, iCloud, etc.) under any circumstances.

Large data transfers (over 1GB) outside the corporate network require IT Security approval and logging.

USB storage devices must be encrypted and IT-approved; use of personal USB drives with company data is prohibited.

Device telemetry data and PHI must never be accessed, downloaded, or exported to personal devices or accounts under any circumstances.

Approved Software Whitelist (Excerpt)

SoftwareCategoryApproval StatusData Classification AllowedApproved By
Microsoft 365ProductivityApprovedInternal, ConfidentialIT Security
Slack EnterpriseCommunicationApprovedInternal only — no PHIIT Security
Zoom HealthcareVideo ConferencingApprovedPHI permitted with BAAIT Security + DPO
GitHub EnterpriseDevelopmentApprovedInternal — no PHI in reposIT Security
MasterControl QMSQuality ManagementApprovedConfidential, FDA recordsQA + IT Security
ChatGPT / OpenAIAI ToolProhibited — no company dataNoneIT Security
Personal GmailEmailProhibitedNoneIT Security

Software not on the approved whitelist must not be installed; requests for new software go through IT Security review via ServiceNow Form IT-APP-001.

AI & SaaS Tool Approval Matrix

Tool TypePHI AllowedConfidential AllowedApproval Required FromReview Cycle
General AI (ChatGPT, Claude, etc.)ProhibitedProhibitedNot approvable
Enterprise AI (Azure OpenAI, etc.)With BAAWith assessmentCISO + DPO + LegalAnnual
Cloud Storage SaaSWith BAAWith DPAIT Security + DPOAnnual
HR / Payroll SaaSEmployee PII onlyEmployee dataHR + IT SecurityAnnual

Prohibited Activities — Enforcement Matrix

ViolationFirst OffenseRepeat OffenseReport To
Unauthorized software installationWritten warning + removalTerminationIT Security
PHI on personal device/cloudImmediate termination reviewTerminationDPO + HR
Security control circumventionTerminationCISO
Crypto mining / torrentingWritten warningTerminationIT Security