Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 499
  • Last Modified:

internet, email and PC usage policy

Its time for me to start thinking about P.C., internet and email usage policies to be handed out to employees. This IMO is both the IT and HR Departments responsiblility to layout the frame work and distribute. Looking for some first hand, real world examples of how this is done.


Anyone know of any templates that I can legally modify, reproduce and distribute to all computer users. I would think that there has got to be a standard template somewhere for this.


Ultimately I would like to put up an intranet webstite that everyones home page would defualt to. This would show the policy and some general information like max size for email attachments, filtered attachment types, when computers should be loged off and when they should be shut down.

Thanks,
DMS
0
DMS-X
Asked:
DMS-X
3 Solutions
 
DVation191Commented:
You can get a crap load of great policy templates and guidelines here:
http://www.sans.org/resources/policies/
0
 
_anom_Commented:
Here is a sample AUP I found online...

http://www.sans.org/resources/policies/Acceptable_Use_Policy.doc

Cheers
0
 
browolfCommented:
if you search google for the terms

internet usage policy document

there's lots of examples.

also when  you consider there's stats floating around like 70 percent of all internet porn traffic occurs during the 9-to-5 workday. Makes you think it's probably best to restrict internet access as much as possible, use a proxy filter, block sites like ebay,  automate computer shutdown and logoff after inactivity, actively monitor everything if thats allowed, and make them sign an AUP in triplicate and give them their own copy. Basically you can't trust anyone with open internet access not to get distracted. unfortunately thats the nature of  hyperlinks, always leading away from what you're supposed to be doing hehe.


0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
tmcguinessCommented:
If you want to get off your billfold, Charles Cresson Wood has a great big book that is nothing but security policy templates. It is published by Pentasafe. It covers things in mind-boggling detail and has in-line documentation explaining the reasons for each part of a policy. It is really good stuff.

Expensive... but imho you won't find a better resource anywhere.
0
 
luv2smileCommented:
Here's IT usage polices for the University of Virginia....maybe you can get some ideas from looking over theres. I just had to write a deparmental IT policy

http://www.itc.virginia.edu/policy/
0
 
luv2smileCommented:
Just as a tip:

For writing user policy, you don't want to go too in detail....since this is something you're going to expect your users to understand. So I would recommend actually staying away from things that go very in detail.

A user policy should be very straightforward and to the point and not very technical. If you do use technical terms, then make sure you include definitions. When I write policy, it is a requirement that I include definitions for all technical terms that I use.

Tpyically you'd include stuff like:

a)      No software will be downloaded or installed on any department computer unless approved by the departmental IT support staff.

a)      All computer users will log in to the Departmental Computer Network using their ID and a confidential password before operating the system.  Use of the computer without first properly logging in is not authorized.
0
 
CharlyPhillyCommented:
As far as the intranet site....you need to build a basic webserver and create the webpage there.

The policies you send out won't mean much if you can't make sure they're enforced. If your network has a firewall/proxy, you can use that to implement strict internet usage policies such as blockiing websites, banners and redirecting users to your intranet page.

If you had and Active Directory domain set up, then you would be able enforce to log on/log off policy. This could probably be done with SMS also. That way you can set it up that the user is notified if the system has not been restarted wiithin the last week (or whatever you set up) and you could also set up a logon idle count. That way if a user is logged on & idle for more than 6-8 hours, the system is automatically restarted.

One thing to have is a log on policy also. A simple popup as soon as they log on saying they agree to the terms of use on the system and a YES or NO. If they choose no then the user is logged off.

You could also send out daily or weekly email reminders of random parts of the network policy.
0
 
Steve McCarthy, MCSE, MCSA, MCP x8, Network+, i-Net+, A+, CIWA, CCNA, FDLE FCIC, HIPAA Security OfficerIT Consultant, Network Engineer, Windows Network Administrator, VMware AdministratorCommented:
A great site for some of the templates are Techrepublic.com.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now