Solved

internet, email and PC usage policy

Posted on 2004-10-19
8
490 Views
Last Modified: 2008-01-09
Its time for me to start thinking about P.C., internet and email usage policies to be handed out to employees. This IMO is both the IT and HR Departments responsiblility to layout the frame work and distribute. Looking for some first hand, real world examples of how this is done.


Anyone know of any templates that I can legally modify, reproduce and distribute to all computer users. I would think that there has got to be a standard template somewhere for this.


Ultimately I would like to put up an intranet webstite that everyones home page would defualt to. This would show the policy and some general information like max size for email attachments, filtered attachment types, when computers should be loged off and when they should be shut down.

Thanks,
DMS
0
Comment
Question by:DMS-X
8 Comments
 
LVL 20

Accepted Solution

by:
DVation191 earned 250 total points
ID: 12351940
You can get a crap load of great policy templates and guidelines here:
http://www.sans.org/resources/policies/
0
 
LVL 3

Expert Comment

by:_anom_
ID: 12351949
Here is a sample AUP I found online...

http://www.sans.org/resources/policies/Acceptable_Use_Policy.doc

Cheers
0
 
LVL 3

Expert Comment

by:browolf
ID: 12353216
if you search google for the terms

internet usage policy document

there's lots of examples.

also when  you consider there's stats floating around like 70 percent of all internet porn traffic occurs during the 9-to-5 workday. Makes you think it's probably best to restrict internet access as much as possible, use a proxy filter, block sites like ebay,  automate computer shutdown and logoff after inactivity, actively monitor everything if thats allowed, and make them sign an AUP in triplicate and give them their own copy. Basically you can't trust anyone with open internet access not to get distracted. unfortunately thats the nature of  hyperlinks, always leading away from what you're supposed to be doing hehe.


0
 
LVL 4

Expert Comment

by:tmcguiness
ID: 12356658
If you want to get off your billfold, Charles Cresson Wood has a great big book that is nothing but security policy templates. It is published by Pentasafe. It covers things in mind-boggling detail and has in-line documentation explaining the reasons for each part of a policy. It is really good stuff.

Expensive... but imho you won't find a better resource anywhere.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 18

Expert Comment

by:luv2smile
ID: 12359497
Here's IT usage polices for the University of Virginia....maybe you can get some ideas from looking over theres. I just had to write a deparmental IT policy

http://www.itc.virginia.edu/policy/
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12359563
Just as a tip:

For writing user policy, you don't want to go too in detail....since this is something you're going to expect your users to understand. So I would recommend actually staying away from things that go very in detail.

A user policy should be very straightforward and to the point and not very technical. If you do use technical terms, then make sure you include definitions. When I write policy, it is a requirement that I include definitions for all technical terms that I use.

Tpyically you'd include stuff like:

a)      No software will be downloaded or installed on any department computer unless approved by the departmental IT support staff.

a)      All computer users will log in to the Departmental Computer Network using their ID and a confidential password before operating the system.  Use of the computer without first properly logging in is not authorized.
0
 
LVL 1

Assisted Solution

by:CharlyPhilly
CharlyPhilly earned 150 total points
ID: 12398704
As far as the intranet site....you need to build a basic webserver and create the webpage there.

The policies you send out won't mean much if you can't make sure they're enforced. If your network has a firewall/proxy, you can use that to implement strict internet usage policies such as blockiing websites, banners and redirecting users to your intranet page.

If you had and Active Directory domain set up, then you would be able enforce to log on/log off policy. This could probably be done with SMS also. That way you can set it up that the user is notified if the system has not been restarted wiithin the last week (or whatever you set up) and you could also set up a logon idle count. That way if a user is logged on & idle for more than 6-8 hours, the system is automatically restarted.

One thing to have is a log on policy also. A simple popup as soon as they log on saying they agree to the terms of use on the system and a YES or NO. If they choose no then the user is logged off.

You could also send out daily or weekly email reminders of random parts of the network policy.
0
 
LVL 16

Assisted Solution

by:samccarthy
samccarthy earned 100 total points
ID: 12407006
A great site for some of the templates are Techrepublic.com.
0

Featured Post

Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now