Solved

internet, email and PC usage policy

Posted on 2004-10-19
8
496 Views
Last Modified: 2008-01-09
Its time for me to start thinking about P.C., internet and email usage policies to be handed out to employees. This IMO is both the IT and HR Departments responsiblility to layout the frame work and distribute. Looking for some first hand, real world examples of how this is done.


Anyone know of any templates that I can legally modify, reproduce and distribute to all computer users. I would think that there has got to be a standard template somewhere for this.


Ultimately I would like to put up an intranet webstite that everyones home page would defualt to. This would show the policy and some general information like max size for email attachments, filtered attachment types, when computers should be loged off and when they should be shut down.

Thanks,
DMS
0
Comment
Question by:DMS-X
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 20

Accepted Solution

by:
DVation191 earned 250 total points
ID: 12351940
You can get a crap load of great policy templates and guidelines here:
http://www.sans.org/resources/policies/
0
 
LVL 3

Expert Comment

by:_anom_
ID: 12351949
Here is a sample AUP I found online...

http://www.sans.org/resources/policies/Acceptable_Use_Policy.doc

Cheers
0
 
LVL 3

Expert Comment

by:browolf
ID: 12353216
if you search google for the terms

internet usage policy document

there's lots of examples.

also when  you consider there's stats floating around like 70 percent of all internet porn traffic occurs during the 9-to-5 workday. Makes you think it's probably best to restrict internet access as much as possible, use a proxy filter, block sites like ebay,  automate computer shutdown and logoff after inactivity, actively monitor everything if thats allowed, and make them sign an AUP in triplicate and give them their own copy. Basically you can't trust anyone with open internet access not to get distracted. unfortunately thats the nature of  hyperlinks, always leading away from what you're supposed to be doing hehe.


0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 4

Expert Comment

by:tmcguiness
ID: 12356658
If you want to get off your billfold, Charles Cresson Wood has a great big book that is nothing but security policy templates. It is published by Pentasafe. It covers things in mind-boggling detail and has in-line documentation explaining the reasons for each part of a policy. It is really good stuff.

Expensive... but imho you won't find a better resource anywhere.
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12359497
Here's IT usage polices for the University of Virginia....maybe you can get some ideas from looking over theres. I just had to write a deparmental IT policy

http://www.itc.virginia.edu/policy/
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12359563
Just as a tip:

For writing user policy, you don't want to go too in detail....since this is something you're going to expect your users to understand. So I would recommend actually staying away from things that go very in detail.

A user policy should be very straightforward and to the point and not very technical. If you do use technical terms, then make sure you include definitions. When I write policy, it is a requirement that I include definitions for all technical terms that I use.

Tpyically you'd include stuff like:

a)      No software will be downloaded or installed on any department computer unless approved by the departmental IT support staff.

a)      All computer users will log in to the Departmental Computer Network using their ID and a confidential password before operating the system.  Use of the computer without first properly logging in is not authorized.
0
 
LVL 1

Assisted Solution

by:CharlyPhilly
CharlyPhilly earned 150 total points
ID: 12398704
As far as the intranet site....you need to build a basic webserver and create the webpage there.

The policies you send out won't mean much if you can't make sure they're enforced. If your network has a firewall/proxy, you can use that to implement strict internet usage policies such as blockiing websites, banners and redirecting users to your intranet page.

If you had and Active Directory domain set up, then you would be able enforce to log on/log off policy. This could probably be done with SMS also. That way you can set it up that the user is notified if the system has not been restarted wiithin the last week (or whatever you set up) and you could also set up a logon idle count. That way if a user is logged on & idle for more than 6-8 hours, the system is automatically restarted.

One thing to have is a log on policy also. A simple popup as soon as they log on saying they agree to the terms of use on the system and a YES or NO. If they choose no then the user is logged off.

You could also send out daily or weekly email reminders of random parts of the network policy.
0
 
LVL 16

Assisted Solution

by:samccarthy
samccarthy earned 100 total points
ID: 12407006
A great site for some of the templates are Techrepublic.com.
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Liquid Web and Plesk discuss how to simplify server management with a single tool  in their webinar.
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month9 days, 12 hours left to enroll

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question