CST provides electronic resources, such as computers, email, internet access, and other electronic devices, to employees to support business operations. This policy outlines the acceptable and responsible use of electronic resources.This policy applies to all employees, contractors, and authorized users who have access to CST's electronic resources.

Acceptable Use:

a. All electronic resources provided by CST are to be used for business purposes.

b. Limited personal use is permitted as long as it does not interfere with work duties, violate company policies, or consume excessive resources.

c. Employees are expected to use electronic resources in a professional and ethical manner.

Prohibited Activities:

a. Unauthorized access, use, or distribution of any company information or data.

b. Unauthorized access to external computer networks, systems, or data.

c. Downloading, transmitting, or viewing offensive, obscene, or inappropriate content.

d. Unauthorized installation of software or applications on company-owned devices.

e. Sending or sharing confidential or proprietary company information outside the organization.

f. Violating copyright or intellectual property rights, including the illegal downloading or sharing of copyrighted material.

g. Engaging in any activity that compromises the security or integrity of electronic resources.

Email Usage:

a. Email should be used for business purposes only. Personal emails should be kept to a minimum.

b. Do not send or open email attachments from unknown or suspicious sources.

c. Be cautious when clicking on links in emails, especially those from unknown senders.

d. Refrain from using email for illegal, discriminatory, or harassing communication.

Internet Use:

a. Internet access is provided to support work-related tasks. Use should be professional and focused on business-related activities.

b. Browsing websites containing inappropriate, offensive, or illegal content is strictly prohibited.

c. Avoid downloading files or software from untrusted sources, as they may contain malware or viruses.

Social Media and Online Communications:

a. Employees are expected to use social media and online communications responsibly and in a manner that does not harm the company's reputation or disclose sensitive company information.

b. Do not engage in online activities that may negatively impact the company or its employees.

Data Security:

a. Employees should take steps to protect sensitive company data and information from unauthorized access or disclosure.

b. Avoid sharing login credentials, and use strong, unique passwords for all accounts.

c. Report any data breaches, unauthorized access, or potential security vulnerabilities to the IT department.

Monitoring and Enforcement:

a. CST reserves the right to monitor electronic resource usage, including email, internet access, and device activity, to ensure compliance with this policy and applicable laws.

b. Violations of this policy may result in disciplinary action, up to and including termination of employment.

Training and Awareness:

a. CST will provide training and resources to help employees understand and comply with this policy.

b. Employees are encouraged to ask questions and seek clarification regarding electronic resource usage.

Review and Updates:

This policy will be reviewed periodically to ensure its continued relevance and compliance with state and federal laws. Updates will be communicated to employees as necessary.

Nothing in this policy is designed to interfere with, restrain, or prevent employee communications regarding wages, hours, or other terms and conditions of employment. CST employees have the right to engage in or refrain from such activities. This policy and all other CST policies will be interpreted and applied in compliance with applicable law.

CST specifically reserves the right to, and does, block any website or email address that contains or transmits communications or data prohibited by this policy (e.g., pornographic websites, email addresses sending spam or viruses, etc.).

Additionally, remember that any personal use of CST’s Electronic Resources can and will be subject to monitoring, as set forth below, and that employees have no expectation of privacy in any personal communication or use of CST Electronic Resources. Any personal or other use CST deems excessive or in violation of this policy may result in discipline, up to and including unpaid suspension and/or termination of employment.

No Expectation of Privacy

CST’s Electronic Resources and the information, files and data transmitted by, accessed, received, or stored on them are not private or confidential and employees and other individuals have no expectation of privacy in their use. CST reserves the right to, and in fact does, inspect, monitor, track, review, retain, disclose, intercept, forward, block, and/or use (collectively “access”) CST’s Electronic Resources and all documents, email and other electronic communications (both incoming and outgoing), telephone conversations and voicemail recordings, internet websites and internet history, instant messages, text messages, internet and social media postings and activities, files and other information accessed, sent, received, created on, transmitted to, received or printed from, cached, stored or recorded therein, in its sole discretion, notwithstanding the use of any password or other limitation on access.

CST reserves the right to notify law enforcement officials of any illegal activity. Any email, Internet history, text messages, information, files, data, or other material accessed by CST may be disclosed and/or used as CST deems appropriate.

Security

Security procedures in the form of unique user sign-on identification and passwords have been provided to control access to CST’s computer system, networks and voicemail system. In addition, secure facilities have been provided to restrict access to certain documents and files for the purpose of safeguarding information. The following activities, which present security risks, are prohibited:

• Attempts should not be made to bypass, or render ineffective, security systems provided by CST.

• Individual users should never make changes or modifications to the hardware or software configuration provided on CST’s computer equipment. Requests for such changes should be directed to the IT department. For example, individual users should not load personal software to CST computers. This practice risks the introduction of a computer virus into the system. Requests for loading such software should be directed to the IT department.

• Do not use personal email accounts for work-related purposes. For example, do not email confidential or proprietary CST information, including but not limited to, customer information, trade secrets, financial information, or other business information to or from your personal email account, or to from a family member or friend’s email account.

• CST’s computer facilities should not be used to attempt unauthorized access to or use of other organizations’ computer systems and data.

There are a number of practices that individual users should adopt that will foster a higher level of security. Among them are the following:

• Turn off or log out from your personal computer when you are leaving your work area or office for an extended period of time.

• Exercise good judgment in assigning an appropriate level of security to documents stored on CST’s networks, based on a realistic appraisal of the need for confidentiality or privacy.

• Do not use flash drives or other removable storage devices to copy, download, or otherwise transfer any confidential or proprietary CST information, including but not limited to, customer information, trade secrets, financial information, or other business information.

• Downloading or copying documents or opening email attachments from outside CST risks the introduction of computer viruses and should be performed with caution. When in doubt, contact the IT department.

Consent

By using CST’s Electronic Resources, you consent and agree to abide by the terms of this policy. If an employee receives email, text messages, Internet links, information, files, or data from non-employee’s on CST’s Electronic Resources, such email, text messages, links, information, files, and/or data are subject to the terms of this policy. Individuals who receive emails, text messages, links, information, files, and/or data that may violate the terms of this policy are expected to see that such behavior stops immediately.

Violation

CST reserves the right to determine whether particular conduct violates this policy. Violation of this policy may result in disciplinary action, up to and including unpaid suspension and/or termination of employment and/or legal action.

Should you have any questions about any of the above policy guidelines, please contact HR or the IT department.