1.4.1 Account Usage Policy

POLICY TYPE: 1.0 Administrative Policies \ 1.4 Using Technology at SDLF
EFFECTIVE DATE: 2026-06-16 LAST REVISED:
THIS POLICY APPLIES TO:

Policy Statement

SelfDesign Learning Foundation (SDLF) is committed to the secure and responsible use of all organizational accounts, requiring each user—regardless of their relationship to SDLF—to use their own unique, authorized credentials and strictly prohibiting account sharing. All accounts and the systems accessed through them must be used exclusively for SDLF business purposes and not for personal activities or gain.

Definitions

Account: A unique digital identity (username and related credentials) assigned to an individual for accessing SDLF systems, platforms, or services.

Account sharing: The act of allowing any person other than the assigned user to access or use an account, including sharing usernames, passwords, authentication devices, or otherwise enabling access.

Authorized user: Any individual who has been granted permission by SDLF to access and use an account as part of their official duties or responsibilities.

Credential: Username, password, token, or other authentication required to access an account.

Policy

SelfDesign Learning Foundation (SDLF) will assign individual accounts to each user and each user is responsible for all activity conducted through their assigned account.

Account sharing is strictly prohibited. Each person must have and use their own unique account and credentials.

Under no circumstances may account credentials (username, password, or authentication tokens) be shared, disclosed, or used by anyone other than the assigned account holder, except where noted in program-specific policies.

Accounts and credentials must only be used for authorized SDLF purposes, and in accordance with related policies and applicable laws.

If an organization (e.g., a contracted company) has multiple people doing work for SDLF, each individual must be issued and use a unique, individual account.

Protocol

Account Provisioning

All accounts must be provisioned to individual users based on contracted role(s) and must never be shared or used collectively.

Requests for access must specify the individual needing access; group or shared accounts are not allowed.

Account Usage

All accounts and credentials issued are to be used exclusively for conducting official SDLF business and delivering contracted services.

Use of SDLF accounts, systems, or related services for personal matters, non-SDLF related activities, or for any form of personal, commercial, or other external gain is strictly prohibited.

Users must adhere to all SDLF policies including, but not limited to, information security, privacy, and acceptable use policies, when accessing or using SDLF systems.

Authentication and Security Controls

SDLF may require additional authentication measures, such as multi-factor authentication (MFA), for certain accounts, users, or access to systems handling sensitive or critical information.

The method of credential generation, password management, and authentication requirements is determined and enforced through SDLF’s centralized IT systems.

Users must not circumvent or disable any security controls or authentication requirements set by SDLF.

Changes to authentication or credential requirements may be implemented at any time in response to evolving security or operational needs.

Enforcement and Audit

SDLF reserves the right to monitor, audit, and investigate usage to enforce account integrity.

Any suspected or confirmed misuse, unauthorized, or prohibited use of SDLF accounts or systems must be reported immediately to the Chief Information Officer (CIO) or delegate.

Account Decommissioning

Upon the end of a contract, assignment, or engagement, the individual’s account(s) will be promptly deactivated and access revoked.

Related Documents

  • Acceptable Use Policy
  • Electronic Communication and Supervision Policy
  • Privacy Policy
  • SDLF Acceptable Use Policy