Computer and Internet Usage Policy

From espinola.net

Text that should be replaced when used in your organization's policies:

[ORGANIZATION]

Your organization's full name.

[ORG]

Your organization's abbreviated name or acronym.

On This Page 1 Computer and Internet Usage Policy Overview 2 Computer and Internet Usage Policy 2.1 Management and Administration 2.2 Technical 2.3 Security

Computer and Internet Usage Policy Overview

[ORGANIZATION], here in [ORG], provides access to the vast information resources of the Internet to help you do your job faster and smarter, and be a well-informed business and Internet citizen. The facilities to provide that access represent a considerable amount of company resources for telecommunications, networking, software, storage, etc. This Internet usage policy is designed to help you understand our expectations for the use of those resources in the particular conditions of the Internet, and to help you use those resources wisely.

While we have set forth explicit requirements for Internet usage below, we would like to start by describing our Internet usage philosophy. Primarily, Internet usage for [ORG] is a business tool provided to you at significant cost. That means we expect you to use your Internet access primarily for business-related purposes, i.e., to communicate with customers and suppliers, to research relevant topics and obtain useful business information [except as outlined below]. We insist that you conduct yourself honestly and appropriately on the Internet, and respect the copyrights, software-licensing rules, property rights, privacy prerogatives of others, just as you would in any other business dealings. To be absolutely clear on this point, all existing company policies apply to your conduct on the Internet, especially (but not exclusively) those that deal with intellectual property protection, privacy, misuse of company resources, sexual harassment, information and data security, and confidentiality.

Unnecessary or unauthorized Internet usage causes network and server congestion. It slows other users, takes away from work time, consumes supplies and ties up printers and other shared resources. Unlawful Internet usage may also garner negative publicity for [ORG] and exposes the organization to significant liabilities.

The chats rooms, newsgroups email and instant messaging systems of the Internet give each individual Internet user an immense and unprecedented reach to propagate company messages and tell our business story. Because of that power, we must take special care to maintain the clarity, consistency and integrity of [ORG]'s corporate image and posture. Anything any one employee writes in the course of acting for [ORG] on the Internet could be taken as representing [ORG]'s corporate posture. That is why we expect you to forgo a measure of your individual freedom when you participate in chats or newsgroups on company business, as outlines below.

While our direct connection to the Internet offers a cornucopia of potential benefits, it can also open the door to some significant risks to our data and systems if we do not follow appropriate security discipline. As presented in detail below, that may mean preventing machines with sensitive data or applications from connecting to the Internet entirely, or it may mean that certain users must be prevented from using certain Internet features like file transfers. The overriding principal is that security is to be everyone's first concern. An Internet user can be held accountable for any breaches of security or confidentiality.

Certain terms in this policy should be understood expansively to include related concepts. [ORG] includes affiliates, subsidiaries and branches of [ORG]. Document covers any kind of file that can be read on a computer screen as if it were a printed page, including HTML files read in an Internet browser, any file meant to be accessed by a word processing or desk-top publishing program or its viewer, or the files prepared for the Adobe Acrobat reader and other electronic publishing tools. Graphics include photographs, pictures, animations, movies or drawings. Display includes monitors, flat-panel active or passive matrix displays, monochrome LCD's, projectors, televisions and virtual-reality tools.

All employees granted Internet access with company facilities will be provided with a written copy of this policy. All Internet-enabled users must sign the following statement:

I have received a written copy of [ORG]'s Internet usage policy. I fully understand the terms of this policy and agree to abide by them. I realize that [ORG]'s security software may record for management usage the Internet address of any site that I visit and keep a record of any network activity in which I transmit or receive any kind of file. I acknowledge that any message I send or receive will be recorded and stored in an archive file for management use. I know that any violation of this policy could lead to dismissal or even criminal prosecution.

I certify that the above information is accurate and true.

__________________________________________   ____________________   EMPLOYEE SIGNATURE                           DATE

Computer and Internet Usage Policy

Management and Administration

1. The [ORGANIZATION], here in [ORG], has software and systems in place that can monitor and record all Internet usage. We want you to be aware that our security systems are capable of recording (for each and every user) each World Wide Web site visit, chat, newsgroups or email message, and each file transfer into and out of our internal networks, and we reserve the right to do so at any time. No employee should have any expectation of privacy as to his or her Internet usage. Our managers will review Internet activity and analyze usage patterns, and they may choose to publicize the data to assure that company Internet resources are devoted to maintaining the highest levels of productivity.
2. We reserve the right to inspect all files stored in private areas of our network in order to assure compliance with policy.
3. The display of any sexually explicit image or document on any company system is a violation of our policy on sexual harassment. In addition, sexually explicit material may not be archived, stored, distributed, edited or recorded our network or computing resources.
4. The [ORG] uses independently supplied software and data to identify inappropriate or sexually explicit Internet sites. We may block access from within our networks to all such sites that we know of. If you find yourself connected incidentally to a site that contains sexually explicit or offensive material, you must disconnect from that site immediately, regardless of whether that site had been previously deemed acceptable by any screening or rating program.
5. The [ORG]'s facility and computing resources must not be used knowingly to violate the laws and regulations of the United States or any other nation, or the laws and regulations of any state, city, province or other local jurisdiction in any material way. Use of any company resources for illegal activity is ground for immediate dismissal, and we will cooperate with any legitimate law enforcement activity.
6. Any software or files downloaded via the Internet into the [ORG] network become the property of the [ORG]. Any such files or software may be used only in ways that are consistent with the licenses or copyrights.
7. No employee may use company facilities knowingly to download or distribute pirated software or data.
8. No employee may deliberately use the [ORG]'s Internet facilities to propagate any virus, worm, Trojan horse or trap-door program code.
9. No employee may use the [ORG]'s Internet facilities knowingly to disable or overload any computer system or network, or to circumvent any system intended to protect the privacy or security of another user.
10. Each employee using the Internet facilities of the [ORG] shall identify himself or herself honestly, accurately and completely (including one's company affiliation and function where requested) when participating in chats or newsgroups, or when setting up accounts on outside computer systems.
11. Only those employees or officials who duly authorized to speak to the media, to analysts or in public gatherings on behalf of the [ORG] may speak/write in the name of the [ORG] to any newsgroup or chat room. Other employee may participate in newsgroups or chats in the course of business when relevant to their duties, but they do so as individuals speaking only for themselves. Where an individual participant is identified as an employee or agent of the [ORG], the employee must refrain from any unauthorized political advocacy and must refrain from the unauthorized endorsement or appearance of endorsement by the [ORG] of any commercial product or service not sold or serviced by the [ORG], its subsidiaries or its affiliates. Only those manager and company officials who are authorized to speak to the media, to analysts or in public gatherings on behalf of the [ORG] may grant such authority to newsgroups or chat room participants.
12. The [ORG] retains the copyright to any material posted to any forum, newsgroup, chat or World Wide Web page by any employee in the course of his or her duties.
13. Chats sessions and newsgroups are public forums where it is inappropriate to reveal confidential company information, customer data, trade secrets and any other material covered by existing company secrecy policies and procedures. Employees releasing protected information via newsgroup or chat (whether or not the release in inadvertent) will be subject to all penalties under existing data security policies and procedures.
14. Use of company Internet access facilities to commit infractions such as misuse of company assets or resources, sexual harassment, unauthorized public speaking and misappropriation or theft of intellectual property are also prohibited by general company policy, and will be sanctioned under the relevant provisions of the personnel handbook.

Technical

1. User IDs and passwords help maintain individual accountability for Internet resource usage. Any employee who obtains a password or ID for an Internet resource must keep the password confidential. Company policy prohibits the sharing of user IDs or passwords obtained for access to Internet sites.
2. Employees should schedule communications-intensive operations such as large file transfers, video downloads, mass emailing and the like for off-peak times (however that is appropriate for the [ORG] and/or the intended recipients).
3. Downloaded or hand-delivered files must be scanned for viruses before run or accessed.

Security

1. The [ORG] has installed a variety of firewalls, proxies, Internet address screening programs and other security systems to assure the safety and security of the [ORG]'s networks. Any employee who attempts to disable, defeat or circumvent any company security facility will be subject to immediate dismissal.
2. Files transferred over public communications, such and dial-up or the Internet, containing sensitive company data as defined by existing corporate data security policy must be encrypted and/or password protected in a suitable manner.
3. Computers that use their own modems to create independent data connections sidestep our network security mechanisms. Any computer with a private connection to any outside computer or system could be attacked without the benefit of standard intrusion detection and protection systems in place. That is why any computer used for independent dial-up or leased-line connections to any outside computer or network must be physically isolated from company's internal networks. (Major on-line services such as CompuServe and America Online, and content providers such as Lexis-Nexis, can be accessed via firewall-protected Internet connections, making insecure direct dial-up connections generally unnecessary.)
4. Only those Internet service and functions with documented business purposes for the [ORG] will be enabled at the Internet firewall.