Developing A Copyright Compliance Policy For Academics For Academics (A4A)

Assumptions

Academics for Academics or A4A is a Non-Governmental Organization that needs a copyright Compliance Policy or Issue specific security Policy for protecting their documents from unauthorized use and circulation. The assumptions in developing an Issue Specific Security Policy or ISSP for the organization are as follows-

1. Before recruitment, the members are notified about the copyright compliance policy, and are recruited only if they agree to abide by the policy.
2. It is assumed that the information system where the documents of A4A are stored are secured enough to prevent any sorts of data breach. The security system is up to date and is sturdy enough to detect and prevent a data breach (Ifinedo 2014). This can be achieved by storing the documents only after encryption and the registered members of the organization will only have the permission or key to decrypt that. Furthermore, it should be mandatory that the members are registered and authorized to use the system. The data update and delete can only be done by the admin of the system in order to prevent any unauthorized data use or modification.
3. The existing members of the organization will have no issues regarding the new Issue Specific Security Policy and will abide by the same after it is in action. All the members will be notified about the policy by official means such as an official email or an official meeting (Sommestad et al. 2014).
4.  The Issue Specific Policy that is to be developed for Academics for Academics (A4A) will abide by the standard compliance of the government (Sommestad et al. 2014).
5. A4A does not practice any illegal activities and the organization is registered with the government.

The Issue Specific Policy that is to be developed for A4A will address a fair and responsible use of the confidential information or academic records that are produced by the members of the organization (Höne and Eloff 2002). The policy will cover the marked assignments, exam papers, notes and documents; however, it is not limited to only these types of documents, but will also include any official document that is generated within the organization and/or by the members of the organization (Safa, Von Solms and Furnell 2016). The policy defines that the documents, which are the property of the organization can only be accessed by the members of A4A only for the institutional purposes and are not subjected to be modified without proper cause and/ or permission at any cost. The organization currently consists of a team of 10 staff members, six of which are located in the Sydney office and other four in the Singapore office. It is very difficult to keep a track of documents use by the members and therefore, it is essential to enforce a policy that will prevent any misuse of the information that is a property of A4A. The members of the organization are expected to understand the rules and regulations stated in the policy and are expected to abide by the same (Ifinedo 2012).   

Authorized uses include the current and the future members of A4A, whom the institution permits to access the information. This is ensured by registering the users against the information system on which the data is stored. Each time, in order to access the information, the user must use a valid user ID and password to access the information. The access to the information is subjected to official use only and any violation of the same would be strictly penalized (Al-Omari, El-Gayar and Deokar 2012).. The user ID is unique and hence there is no possibility of duplication and unauthorized usage. The data uploaded in the information system database of Academics for Academics are to solely treat as an official property, circulation of the same outside the client list of the organization will be treated as illegal, and the member found to be involved with the same would be strictly penalized. The authorized uses of information includes but not limited to the assignment help by the members of A4A to the organizations registered with A4A or the organizations seeking help from Academics for Academics. The information should be stored and handled by the information system of A4A irrespective of the location from where the members are working, be it Sydney or Singapore.

The non-members of the organization are prohibited to use access or even view any information that is a property of Academics for Academics. Furthermore, the policy ensures that no information of the organization are replicated, modified or deleted even by the authorized and registered members of the organization without permission (Safa, Von Solms and Furnell 2016). In such cases, Academics for Academics have every right to remove that member from service and penalize them with suitable penalty. Apart from the registered members, only the registered clients of A4A (in this case the registered universities of Australia and South East Asia) are allowed to access the information database of the organization. The Issue Specific Security Policy of the organization limits the circulation of the information only within the organization limits and prohibits its use and circulation where not permitted. If found to be circulated where it is not permitted to, A4A holds the full right to take a legal action against the member and can blacklist the member as well. Furthermore, the registered organizations under A4A are prohibited to use or circulate the information outside their organizational boundary (Wall, Palvia and Lowry 2013).

Statement of Purpose

Academics for Academics appoints an information system manager who is responsible for ensuring that all the existing members and future members of the organization are registered to use and access the information system database of the organization.  The registration ensures the authenticity if the member and his rights to use the information system for organizational use. Academics for Academics is responsible for ensuring that every members and organization registered under them are authorized and authenticated for use of information system. The academy reserves the right to register a member to the system as well as remove a register member from accessing the system along with the right to audit the confidential information stored in the information system (Coronel and Morris 2016). Real time monitoring of the information system is to be mentioned in the policy so that the registered members are careful about the use and access of the information. If the members face any problem while accessing the data or information from the system, should right away report the matter to the information system manager (Peppard and Ward 2016). The reports about the information system malfunctioning should be fixed right away in order to prevent any unwanted security breach or information theft into the system (Laudon et al. 2012).

The Issue Specific Security Policy defines the proper usage of data and information store in the system, violation of which may lead to strict legal actions. Violation of the policy may deem the member as inappropriate to serve the organization, which may lead to termination of the member and or strict monetary penalty. If found guilty for the first time, the member will be given a chance after being warned; the warning will be dropped via official mail. However, the member should submit a written apology and/ or a declaration stating if he is engages any illegal circulation or use of the document after this, A4A will have every right to punish him in legal terms (Bridy 2012). The violation on breach of the policy if noticed within or outside the organization should be reported to the information security manager so that he can take a proper action against the violator. However, the information security manager should at first verify any report about the data breach and actions should be taken only after the breach in the policy is confirmed against a member.  Every member is subjected to an initial warning, however, if the policy breach is found to be severe or intended, the company reserves the right to detain that member (Belleflamme and Peitz 2014).

Academics for Academics reserves every right to review and modify the policy time to time. The policy is subjected to changes that would be needed in course of time. It is decided that the policy will be updated  or reviewed annually and if needed will be reviewed within a year. The modification in the policy includes (but not limited to) addition or elimination of terms and condition or additional clauses, that might be required to be incorporated in a system in future. The Issue specific security policy developed should be reviewed and amended time to time. Academics for Academics should ensure the fulfillment of the same, according to the guidelines set by the organization. The copyright policy is subjected to test after its issue and if needed the policy can be modified within six months of its enforcement. However, even if the policy is found to be perfect according to the academy’s standard, it should be amended annually. A4A reserves the right to review and modify the Issue Specific Security Policy annually, and the existing members will have to abide by any amendment in the policy after its review in the scheduled time.

Authorized Uses

Academics for Academics reserves no liability for the any unauthorized or illegal acts of its members who violates the local, state or federal legislations. A4A reserves the right to terminate the membership of the violator of the law if found guilty. Termination of membership might include adding the member into blacklist as well. After the amendment of the policy, the existing members of the organization will be provided with a copy of the policy and all the members should submit a written acceptance of the policy. Violation of the copyright policy after receiving such declaration will not be entertained and will subject to strict punishment and penalty.  The academy assumes no liability to the infringement of the copyright policy under any circumstances, the violator of the policy will be strictly responsible for his acts, and the punishment he is subjected to if found guilty. It is the responsibility of the academy to state clearly the copyright policy to the new members, and the new members are to be recruited only if he agrees to the terms and condition stated in the policy. If any existing member refuses to abide by the policy, his membership will be terminated at once. Therefore, the organization assumes no liability towards any violator of the policy and/or data breach within the organization (Pallante 2012).

The policy is justified considering the information produced within the organization limit are solely the property of the academy and A4A reserves every right to enforce a security policy that will prevent an unauthorized and circulation of the data produced within the organizational boundary. The Policy defines every conditions, rules and regulations that should be followed by the member of the organization and its client’s. The infringement of the policy will therefore not be tolerated at any cost and the violator will be severely punished.  The members will be properly notified about the security policy and each member’s acceptance of the policy will be collected as written declaration, which ensures existing members’ knowledge and acceptance of the policy (Cheng et al. 2013). The primary aim of the organization behind the development of an issue specific security policy is to limit the unauthorized information of the academy. This copyright policy ensures that the information produced by the members of the organization will remain a property of the organization and every information would be handled by the information system of the academy irrespective of the location from where it is inserted into the system. Therefore, the policy that is to be prepared is very much justified, as it aims to prevent the unauthorized use and unpermitted circulation of the academy’s resources (Vance, Siponen and Pahnila 2012).

References

Al-Omari, A., El-Gayar, O. and Deokar, A., 2012, January. Security policy compliance: User acceptance perspective. In System Science (HICSS), 2012 45th Hawaii International Conference on (pp. 3317-3326). IEEE.

Belleflamme, P. and Peitz, M., 2014. Digital piracy (pp. 1-8). Springer New York.

Bridy, A., 2012. Copyright policymaking as procedural democratic process: A discourse-theoretic perspective on acta, sopa, and pipa. Cardozo Arts & Ent. LJ, 30, p.153.

Cheng, L., Li, Y., Li, W., Holm, E. and Zhai, Q., 2013. Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security, 39, pp.447-459.

Coronel, C. and Morris, S., 2016. Database systems: design, implementation, & management. Cengage Learning.

Ifinedo, P., 2012. Understanding information systems security policy compliance: An integration of the theory of planned behavior and the protection motivation theory. Computers & Security, 31(1), pp.83-95.

Ifinedo, P., 2014. Information systems security policy compliance: An empirical study of the effects of socialisation, influence, and cognition. Information & Management, 51(1), pp.69-79.

Laudon, K.C., Laudon, J.P., Brabston, M.E., Chaney, M., Hawkins, L. and Gaskin, S., 2012. Management Information Systems: Managing the Digital Firm, Seventh Canadian Edition (7th. Pearson.

Pallante, M.A., 2012. The Next Great Copyright Act. Colum. JL & Arts, 36, p.315.

Peppard, J. and Ward, J., 2016. The strategic management of information systems: Building a digital strategy. John Wiley & Sons.

Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. computers & security, 56, pp.70-82.

Safa, N.S., Von Solms, R. and Furnell, S., 2016. Information security policy compliance model in organizations. computers & security, 56, pp.70-82.

Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), pp.42-75.

Sommestad, T., Hallberg, J., Lundholm, K. and Bengtsson, J., 2014. Variables influencing information security policy compliance: a systematic review of quantitative studies. Information Management & Computer Security, 22(1), pp.42-75.

Vance, A., Siponen, M. and Pahnila, S., 2012. Motivating IS security compliance: insights from habit and protection motivation theory. Information & Management, 49(3), pp.190-198.

Wall, J.D., Palvia, P. and Lowry, P.B., 2013. Control-related motivations and information security policy compliance: The role of autonomy and efficacy. Journal of Information Privacy and Security, 9(4), pp.52-79.