Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

internet, email and PC usage policy

Posted on 2004-10-19
8
493 Views
Last Modified: 2008-01-09
Its time for me to start thinking about P.C., internet and email usage policies to be handed out to employees. This IMO is both the IT and HR Departments responsiblility to layout the frame work and distribute. Looking for some first hand, real world examples of how this is done.


Anyone know of any templates that I can legally modify, reproduce and distribute to all computer users. I would think that there has got to be a standard template somewhere for this.


Ultimately I would like to put up an intranet webstite that everyones home page would defualt to. This would show the policy and some general information like max size for email attachments, filtered attachment types, when computers should be loged off and when they should be shut down.

Thanks,
DMS
0
Comment
Question by:DMS-X
8 Comments
 
LVL 20

Accepted Solution

by:
DVation191 earned 250 total points
ID: 12351940
You can get a crap load of great policy templates and guidelines here:
http://www.sans.org/resources/policies/
0
 
LVL 3

Expert Comment

by:_anom_
ID: 12351949
Here is a sample AUP I found online...

http://www.sans.org/resources/policies/Acceptable_Use_Policy.doc

Cheers
0
 
LVL 3

Expert Comment

by:browolf
ID: 12353216
if you search google for the terms

internet usage policy document

there's lots of examples.

also when  you consider there's stats floating around like 70 percent of all internet porn traffic occurs during the 9-to-5 workday. Makes you think it's probably best to restrict internet access as much as possible, use a proxy filter, block sites like ebay,  automate computer shutdown and logoff after inactivity, actively monitor everything if thats allowed, and make them sign an AUP in triplicate and give them their own copy. Basically you can't trust anyone with open internet access not to get distracted. unfortunately thats the nature of  hyperlinks, always leading away from what you're supposed to be doing hehe.


0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 4

Expert Comment

by:tmcguiness
ID: 12356658
If you want to get off your billfold, Charles Cresson Wood has a great big book that is nothing but security policy templates. It is published by Pentasafe. It covers things in mind-boggling detail and has in-line documentation explaining the reasons for each part of a policy. It is really good stuff.

Expensive... but imho you won't find a better resource anywhere.
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12359497
Here's IT usage polices for the University of Virginia....maybe you can get some ideas from looking over theres. I just had to write a deparmental IT policy

http://www.itc.virginia.edu/policy/
0
 
LVL 18

Expert Comment

by:luv2smile
ID: 12359563
Just as a tip:

For writing user policy, you don't want to go too in detail....since this is something you're going to expect your users to understand. So I would recommend actually staying away from things that go very in detail.

A user policy should be very straightforward and to the point and not very technical. If you do use technical terms, then make sure you include definitions. When I write policy, it is a requirement that I include definitions for all technical terms that I use.

Tpyically you'd include stuff like:

a)      No software will be downloaded or installed on any department computer unless approved by the departmental IT support staff.

a)      All computer users will log in to the Departmental Computer Network using their ID and a confidential password before operating the system.  Use of the computer without first properly logging in is not authorized.
0
 
LVL 1

Assisted Solution

by:CharlyPhilly
CharlyPhilly earned 150 total points
ID: 12398704
As far as the intranet site....you need to build a basic webserver and create the webpage there.

The policies you send out won't mean much if you can't make sure they're enforced. If your network has a firewall/proxy, you can use that to implement strict internet usage policies such as blockiing websites, banners and redirecting users to your intranet page.

If you had and Active Directory domain set up, then you would be able enforce to log on/log off policy. This could probably be done with SMS also. That way you can set it up that the user is notified if the system has not been restarted wiithin the last week (or whatever you set up) and you could also set up a logon idle count. That way if a user is logged on & idle for more than 6-8 hours, the system is automatically restarted.

One thing to have is a log on policy also. A simple popup as soon as they log on saying they agree to the terms of use on the system and a YES or NO. If they choose no then the user is logged off.

You could also send out daily or weekly email reminders of random parts of the network policy.
0
 
LVL 16

Assisted Solution

by:samccarthy
samccarthy earned 100 total points
ID: 12407006
A great site for some of the templates are Techrepublic.com.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
The next five years are sure to bring developments that are just astonishing, and we will continue to try to find the balance between connectivity and security. Here are five major technological developments from the last five years and some predict…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question