1.0 Introduction
This document outlines the Information and Technology Management Policy for
Central Equatoria Business Union (CEBU), a forum for businesses in South Sudan. This policy provides a framework for the management, operation, use, and
safeguarding of all IT resources and information within the Union. It aims to ensure
that these resources and information are used in an efficient, effective, ethical and
lawful manner.

2.0 Purpose
The purpose of this policy is to establish guidelines for the proper use and
management of CEBU’s Information and Technology resources. It aims to ensure
data integrity, confidentiality, availability, and to protect the Union’s IT resources
from unauthorized access, loss or damage.

3.0 Scope
This policy applies to all members, employees, contractors, and any other parties who
have access to, or are users of, the Union’s IT resources.

4.0 Policy Statements
4.1 Information Management
All information created, used and managed within the Union should be accurate, reliable and complete. Proper procedures should be in place for the creation, storage, retrieval, and disposal of information.

4.2 Technology Management
All IT resources should be used for the legitimate business of the Union. Personal use
should be minimal and not interfere with the Union’s operations or the user’s
employment responsibilities.

4.3 Security
All users are responsible for the security of the Union’s IT resources. They should
protect the confidentiality, integrity, and availability of these resources.

4.4 Compliance
All users must comply with this policy and any other relevant laws, regulations, and
standards. Non-compliance may result in disciplinary action.

5.0 Roles and Responsibilities

5.1 The Union’s IT Department is responsible for managing and maintaining the
Union’s IT infrastructure, providing IT support, and ensuring the security of IT
resources.

5.2 All users are responsible for using IT resources in a responsible, ethical, and
lawful manner.

6.0 Policy Review
This policy will be reviewed annually to ensure it remains relevant and effective. Changes may be made at any time to reflect new technology, business practices, or
legal requirements.

7.0 Breaches of Policy
Breaches of this policy may result in disciplinary action, including termination of
membership or employment, legal action, and/or reporting to law enforcement
authorities.

8.0 Conclusion
This policy provides a framework for the responsible use and management of CEBU’s
IT resources. By adhering to this policy, all users can contribute to the efficient and
effective operation of the Union, and the protection of its information and technology
resources.