Skip to content

Acceptable Use Policy

Owner Classification Review Date Status
CDO Office Internal April 2027 Active

| Document Type | Policy |
| Owner | CISO (Danish Abdul Hameed) |
| Classification | Confidential |
| Review Cycle | Annual |

| | |
---|---|---|---
Document #| SP-AUP-002| Version| V1.3
Issue Date| 01/09/2025| Confidentiality Level| Class 2 (Private Data / Confidential)
Date Created| 23/03/2021| Authorised By| Yassir Pasha
Document Owner| Head of Department, C-Suite| Author(s)| Simpaisa

Document Creation

Field Detail
Document # SP-AUP-002
Document Title Acceptable Use Policy
Version V1.3
Confidentiality level Class 2 (Private Data / Confidential)
Date Created 23/03/2021
Issue Date 01/09/2025
Document Owner Head of Department, C-Suite
Author(s) of Document Simpaisa
Purpose of Document Acceptable use policy is a declaration document — by signing this document the user accepts Simpaisa Solution policies and the processes mentioned in the document.
Authorised By Yassir Pasha

Reviewed By Steering Committee

Name Role
Yassir Pasha Chief Executive Officer
Kamil Shaikh Chief Operating Officer
Osama Hashmi Chief Financial Officer
Bachir Njeim Chief Strategy and Operations Officer
Saqlain Raza Acting Chief Technology Officer
Rizwan Zafar Chief Product Officer
Ahsan Hussain Country Manager Pakistan
Danish Abdul Hameed Chief Information Security Officer
Shahroze Khan Head of International Merchant Sales and Strategic Alliances
Noor Ali Head of Operations
Shoukat Bizinjo Global Head of Regulatory Affairs – Regulatory

Change Control

Version Date of Issue Author(s) Brief Description of Changes Approved By
V1.0 25/02/2021 Rizwan Zafar Initial release Salim Karim
V1.1 07/02/2022 Rizwan Zafar Team updation Salim Karim
V1.2 02/02/2023 Rizwan Zafar Guest network clause Salim Karim
V1.2 27/09/2024 Syed Zubair Ahmed Annual Review Yassir Pasha
V1.3 01/09/2024 Simpaisa Updated the company name from PublishEX to Simpaisa Yassir Pasha

1 Introduction

Simpaisa Solutions Pvt Ltd takes the subject of information security, operations, and product very seriously. We have a duty to protect the information that we collect and use for the benefit of the organisation and its customers. As an employee, you will be expected to comply fully with all the information security and organisation policies that are in place and to report any breaches of these policies of which you may become aware.

This document gives a summary of the main points of the relevant policies and asks you to sign to say that you have read it and understand its provisions.

Anyone breaching information security policy may be subject to disciplinary action. If a criminal offence has been committed further action may be taken to assist in the prosecution of the offender(s). The company retains the right to issue notice, warning letter or termination of employment subjected to decisions made by management and the Human Resource committee.

If you do not understand the implications of this policy or how it may apply to you, please seek advice from your immediate manager in the first instance.

This control applies to all systems, people and processes that constitute the organisation's information systems, including C-Suite, board members, directors, employees, suppliers and other third parties who have access to Simpaisa Solutions Pvt Ltd systems.

The following policies and procedures are relevant to this document:

  • Electronic Messaging Policy

  • Internet Acceptable Use Policy

  • Mobile Device Policy

  • Remote Working Policy

  • Software Policy

  • Access Control Policy

  • Anti-Malware Policy

  • Security Incident Response Procedure

  • Network Security Policy

  • Information Security Policy

  • Document & Record Control

  • Intellectual Property Rights

  • Management of Removable Media Policy

  • Human Resource Manual

  • ISMS Manual

  • AML/CFT Policy

  • All company policies

2 Acceptable Use Policy

Please ensure you have read the following summary of the main points of the organisation's policies about information security.

  1. I acknowledge that my use of Simpaisa computer and communications systems may be monitored and/or recorded for lawful purposes.

  2. I accept that I am responsible for the use and protection of the user credentials with which I am provided (user account and password, access token or other items I may be provided with) or any company asset provided to conduct my job.

  3. I will not use anyone else's user account and password to access company systems.

  4. I will not attempt to access any computer system to which I have not been given access.

  5. I will protect any classified material sent, received, stored, or processed by me according to the level of classification assigned to it, including both electronic and paper copies.

  6. I will ensure that I label any classified material that I create appropriately according to published guidelines so that it remains appropriately protected.

  7. I will not send classified information over the Internet via email or other methods unless appropriate methods (e.g., encryption) have been used to protect it from unauthorised access. All shared data will be password protected to avoid any unauthorised access or data leakage.

  8. I will always ensure that I enter the correct recipient email address(es) so that classified information is not compromised.

  9. I will ensure I am not overlooked by unauthorised people when working and will take appropriate care when printing classified information.

  10. I will securely store classified printed material and ensure it is correctly destroyed when no longer needed.

  11. I will not leave my computer unattended such that unauthorised access can be gained to information via my account while I am away.

  12. I will make myself familiar with the organisation's security policies and procedures and any special instructions relating to my work.

  13. I will inform my manager immediately if I detect, suspect or witness an incident that may be a breach of security or if I observe any suspected information security weaknesses in systems or services, including any product-related incident.

  14. I will not attempt to bypass or subvert system security controls or to use them for any purpose other than that intended.

  15. I will not remove equipment or information from the organisation's premises without appropriate approval.

  16. I will take precautions to protect all computer media and mobile devices when carrying them outside my organisation's premises (e.g., leaving a laptop unattended or on display in a car such that it would encourage an opportunist theft).

  17. I will not introduce viruses or other malware into the system or network.

  18. I will not attempt to disable anti-virus protection provided at my computer.

  19. I will comply with the legal, statutory or contractual obligations that the organisation informs me are relevant to my role.

  20. On leaving the organisation, I will inform my manager prior to departure of any important information held in my account.

  21. I will ensure that I will never record credit/debit card Sensitive Authentication data.