Skip to content

Electronic Messaging Policy

Owner Classification Review Date Status
CDO Office Internal April 2027 Active

|
---|---
Document Type| Policy
Document #| SP-EMP-012
Owner| Head of Human Resource and Admin; Head of Network and Infrastructure
Classification| Confidential (Class 2 — Private Data)
Version| V1.2
Issue Date| 03/09/2025
Review Cycle| Annual
Authorised By| Yassir Pasha

Document Information

Field Details
Document # SP-EMP-012
Document Title Electronic Messaging Policy
Version V1.2
Confidentiality Level Class 2 (Private Data / Confidential)
Date Created 26/03/2021
Issue Date 03/09/2025
Document Owner Head of Human Resource and Admin, Head of Network and Infrastructure
Author(s) Simpaisa
Purpose To ensure that Electronic Messaging Policy is followed in organisation
Authorised By Yassir Pasha

Reviewed By Steering Committee

Name Role
Yassir Pasha Chief Executive Officer
Kamil Shaikh Chief Operating Officer
Osama Hashmi Chief Financial Officer
Bachir Njeim Chief Strategy and Operations Officer
Saqlain Raza Acting Chief Technology Office
Rizwan Zafar Chief Product Officer
Ahsan Hussain Payment Channel Partnerships
Danish Abdul Hameed Chief Information Security Officer
Shahroze Khan Head of International Merchant Sales and Strategic Alliances
Noor Ali Country Head Pakistan
Shoukat Bizinjo Global Head of Regulatory Affairs · Regulatory

Change Control

Version Date of Issue Author(s) Brief Description of Changes Approved By
V1.0 08/04/2021 Rizwan Zafar Initial release Salim Karim
V1.1 07/02/2022 Rizwan Zafar Annual review Salim Karim
V1.2 02/02/2023 Rizwan Zafar Annual review Salim Karim
V1.2 02/02/2023 Syed Zubair Ahmed Annual review Yassir Pasha
V1.2 03/09/2025 Simpaisa Annual review Yassir Pasha

1 Introduction

Electronic messaging has now become a vital business tool for communicating both internally and with customers and suppliers. However, because of its flexibility and general availability, the use of electronic messaging carries with it several significant risks and all users must remain vigilant and adopt good practice when sending and receiving messages.

Electronic messaging covers email and various forms of instant and store-and-forward messaging such as SMS texts, messaging apps, web chats and messaging facilities within social media platforms.

This policy document describes how you may use the provided Simpaisa electronic messaging facilities, including what you must and must not do. It applies to all use of these facilities whatever the means or location of access e.g. via mobile devices or outside of the office.

If you do not understand the implications of this policy or how it may apply to you, you should approach your line manager in the first instance.

This control applies to all systems, people and processes that constitute the organisation's information systems, including C-Suite, board members, directors, employees, suppliers and other third parties who have access to Simpaisa systems.

The following policies and procedures are relevant to this document:

  • Acceptable Use Policy

  • Internet Acceptable Use Policy

  • Information Security Policy

2 Electronic Messaging Policy

2.1 Sending and Receiving Electronic Messages

The organisation-provided electronic messaging facilities must always be used when communicating with others on official business. You must not use a personal account for this purpose. Guidelines on the sending of classified information via electronic messaging must always be observed. You must never send or receive information (unless authorised to do so) that contains:

  • Personnel Identifiable Information (PII)

  • Transactional data (TD)

  • Product information (PI)

  • Cardholder Data (CHD)

All messages sent from an organisation account remain the property of Simpaisa and are part of the corporate record. All organisation messages must be official communications from the organisation and treated accordingly.

The organisation maintains its legal right to monitor and audit the use of electronic messaging by authorised users to assess compliance to this policy. This will be done in accordance with the provisions of relevant legislation.

Deletion of a message from an individual account does not necessarily mean that it has been permanently removed from the organisation's IT systems and such messages may still be subject to audit and review.

Users should remain aware that it cannot be guaranteed that a message will be received or read by a recipient and that messages can be interpreted in different ways according to the culture, role, and even prevailing mood of the individual reading it. You should therefore always consider whether the use of electronic messaging is an appropriate means of conveying the information involved and whether an alternative such as the telephone would be preferable, particularly if the message is urgent or complex.

Care must be taken when addressing messages that include classified information to prevent accidental transmission to unauthorised recipients. Beware of the auto-completion feature of some text and email clients where the system suggests recipients based on the characters typed in so far.

Users must avoid sending unnecessary messages to distribution lists, particularly those with wide circulation such as the "global list" of all employees. Where required, such messages should be sent via the organisation's communications department.

Messages from an organisation address should be considered in the same way as other more formal methods of communication. Nothing should be sent externally which might affect the organisation's reputation or affect its relationships with suppliers, customers, or other stakeholders.

Users must not send messages containing material which is defamatory, obscene, does not comply with the organisation's equality and diversity policy or which a recipient might otherwise reasonably consider inappropriate. If you are not sure whether your intended message falls into this category, please consult your line manager before sending.

Official organisation electronic messaging facilities must not be used:

  • For the distribution of unsolicited commercial or advertising material, chain letters, or other junk-mail of any kind, to other organisations

  • To send material that infringes the copyright or intellectual property rights of another person or organisation

  • For activities that corrupt or destroy other users' data or otherwise disrupt the work of other users

  • To distribute any offensive, obscene or indecent images, data, or other material, or any data capable of being resolved into obscene or indecent images or material

  • To send anything which is designed or likely to cause annoyance, inconvenience or needless anxiety to others

  • To convey abusive, threatening or bullying messages to others

  • To transmit material that either discriminates or encourages discrimination on the grounds of race, gender, sexual orientation, marital status, disability, political or religious beliefs

  • For the transmission of defamatory material or false claims of a deceptive nature

  • For activities that violate the privacy of other users

  • To send anonymous messages — i.e. without clear identification of the sender

  • For any other activities which bring, or may bring, the organisation into disrepute

If you receive unsolicited junk messages or spam, it is advised that you delete them without reading them. Do not reply to the message as this can confirm the existence of a valid address to the sender, resulting in further unwanted communications.

2.2 Monitoring of Electronic Messaging Systems

Electronic messaging usage within the organisation system is monitored and recorded centrally in order to:

  • Plan and manage its resource capacity effectively

  • Assess compliance with policies and procedures

  • Ensure that standards are maintained

  • Prevent and detect crime

  • Investigate unauthorised use

Monitoring will be undertaken by staff specifically authorised for that purpose. Consistent monitoring procedures will be applied to all users and may include checking the contents of messages.

If a manager suspects that the electronic messaging facilities are being abused by a user, they must contact the HR Manager. All such reports will be investigated according to documented procedures and where appropriate, evidence provided. There may also be a requirement to provide such information to regulatory or legislative bodies in accordance with the law.

Users must not access another user's electronic messaging account unless they have obtained permission from the owner of the account or their line manager. In such cases this must be for legitimate business reasons and only messages which may reasonably be judged to be relevant to the question in hand must be opened.

2.3 Use of Email

In addition to the policy statements in other sections of this document, the following applies specifically to the use of email.

All e-mails sent from organisation addresses to recipients outside of the organisation will automatically carry the following disclaimer:

" The information contained in this message is intended for the addressee only and may contain classified information. If you are not the addressee, please delete this message and notify the sender; you should not copy or distribute this message or disclose its contents to anyone. Any views or opinions expressed in this message are those of the individual(s) and not necessarily of the organisation. No reliance may be placed on this message without written confirmation from an authorised representative of its contents. No guarantee is implied that this message or any attachment is virus free or has not been intercepted and amended."

Do not use auto-forwarding on emails e.g. whilst on holiday, if there is a possibility that this may result in classified information being forwarded to a recipient that does not have sufficient security clearance for the level of information involved.

Your mailbox will be set up with a limitation on its size. This is to prevent the available storage capacity from being exceeded and to ensure the cost-effective use of email.

You should manage your email account(s) to remain within the mailbox size limit, making use of the archiving facility included in most email clients where possible. If your mailbox has filled up, contact the IT Support team for advice in the first instance.

Where possible, make use of links to files within email messages rather than attaching a copy of the file, particularly if the email message has a wide distribution. This will prevent other users' mailboxes filling up and so avoid consequent disruption.

There is a system-wide size limit to emails which is 20MB. If you need to send a larger email for legitimate business purposes, then please contact the IT Support team for advice. In cases where we need to send data more than the allowed limit, SFTP route can be used to transfer those files or large data transfer tools such as WeTransfer, Google Drive link, SharePoint, Dropbox. It is the responsibility of the data transmitter to ensure that data is password protected.

Computer viruses, adware and other malware are small programmes that can have a negative effect on your computer and your use of the internet and can expose the organisation's information to extreme risk. Such viruses can be inadvertently downloaded and installed via emails received into your inbox. The organisation provides anti-virus software which runs on every computer that has access to the network and should detect any viruses before they have been installed.

If you believe you may have a virus or you have been sent an email that may contain one, please report this to the IT Support team immediately. Do not open any attachments you believe may contain a virus.

In addition, you must not:

  • Transmit by email any file attachments which you know to be infected with a virus

  • Download data or programmes of any nature from unknown sources

  • Disable or reconfigure the installed anti-virus system operating on a computer used to access email facilities

  • Forward virus warnings other than to the IT Support team

If a computer virus is deliberately or accidentally sent to another organisation, Simpaisa could be held liable if the transmission could be considered negligent.

Approved Electronic Messaging Channels

The following electronic messaging channels are approved for use at Simpaisa:

  • WhatsApp

  • Slack

  • Confluence

  • Email

  • Jira Service Desk

  • Human Resource Portal (Radiant Workforce)