Backpack Works logo
All policies
Version: 1.0Last updated: December 2025Owner: Security Lead

Acceptable Use Policy

1. Purpose

To define acceptable use of Backpack Works information systems, devices, accounts, and data.

2. Scope

All personnel who use company systems or access client data.

3. Acceptable use

  • Use company systems and client data only for legitimate business purposes.
  • Protect credentials; never share passwords and always use MFA where available.
  • Store company and client data only in approved systems.
  • Lock devices when unattended and report lost or stolen devices immediately.

4. Prohibited use

  • Sharing confidential or client data with unauthorized parties.
  • Installing unapproved or pirated software.
  • Disabling security controls (encryption, anti-malware, screen lock).
  • Using personal accounts or unapproved tools to process client data.
  • Entering confidential client data or secrets into public AI tools that may use it for training.

5. Monitoring

Company systems may be monitored for security and compliance purposes, consistent with applicable law.

6. Enforcement & review

Violations may result in disciplinary action. This policy is reviewed at least annually.