How do you write a Wireless Networking Usage Policy document?
WIRELESS NETWORK USAGE POLICY
This policy sets forth guidelines for expected conduct and defines the conditions under which an employee, contractor, vendor, or any other person (user) may use Wireless Networks or other Internet Access Points, including, but not limited to: Company Internet access; its private network(s); its vendors, suppliers and partners' networks, and its email system or any other access point or connection resource, while conducting business for or on behalf of the Company.
The Company makes available its various assets, hardware, software, services, and computer network(s) in order to allow its employees access to resources to effectively execute their job functions and duties. This policy defines the Company's official policy regarding Internet connectivity and usage. Before access to the Internet via the company network is approved, the user is required to read and sign the Wireless Network Usage Policy.
Authorized Use shall mean any use of wireless network access points or "hot spots" which is deemed to be necessary and consistent with the execution of the individual duties and obligations of employees, contractors and staff associated or employed by the Company.
Authorized Users shall mean all current employees, contractors, vendors or staff who are authorized by the Company to use a specific network or computing resource by the department responsible for overseeing or managing the resource.
Non-authorized Users shall mean anyone, including but not limited to employees, contractors, vendors, staff or anyone else who are NOT authorized by the Company to use a specific network or computing resource by the department responsible for overseeing or managing the resource.
Mobile Computing Equipment or Devices
Mobile Computing Equipment or Devices shall mean any handheld, PDA, cell phone or other computing or communication device which is not physically connected to a Company network environment.
Public Wireless Networks
Public Wireless Networks or Internet Hotspots shall mean any device, appliance or broadcast which offers access to the Internet.
Untrusted Wireless Networks
Untrusted Wireless Networks shall mean an insecure Public or Private Wireless Network or Internet Hotspot which offers access to the Internet and which does not employ SSL or secure encryption.
Use of mobile computing devices by Company employees and contractors shall be governed by the Company Internet Access and Asset Usage Policy as well as this Company Wireless Network Usage Policy. Copies of all Company policies may be obtained from the Company Human Resources Department. Users are expected to use mobile computing equipment responsibly and professionally, and shall make no intentional use of the equipment or internet services in an illegal, malicious, or obscene manner.
The following rules shall apply to all use of Wireless Networks by mobile computing devices:
Access to internal Company network resources or internal systems from public wireless networks must be obtained using secure encrypted connections and secured at the device level through a virtual private network (VPN) session and connection. Employees may make personal use of the Internet, subject to the Company Acceptable Use Policy (see below) so long as there is no negative security impact or impact on the performance of the employee's obligations and duties that creates an unreasonable cost to the Company. Sending or receiving personal email shall be allowed, so long as any email that is sent using a Company email account has the authorized company disclaimer at the bottom of the email stating that the contents of this message may not represent the views of the Company. Use of any company mobile computing equipment or accessing a company network resource or Internet access point implies an agreement to abide by all Company policies and procedures in existence governing such use.
Use of any company mobile computing equipment must be secured in accordance with the security standards set forth in the Company Network Access and Security Policy. Mobile computing devices or wireless access may not be used for commercial or other activities from which they directly or indirectly personally profit or have profit motive. All mobile computing devices must have the Company-required Applications and Security Software installed prior to accessing Company resources or Networks.
Employees must have the Company IT Department review and certify that all mobile computing devices meet the Company Network Security Policy prior to their use. All mobile computing devices shall make use of access control systems and encryption. All mobile computing devices and software running on mobile computing devices must use complex passwords and secure digital certificates for remote access.
All mobile computing devices must be configured to require a hardware / BIOS password upon start-up which must be changed every 3 months. All mobile computing devices shall make use of self-updating or software that automatically updates itself to ensure that the devices comply with the Company Network Security Policy. All mobile computing devices, whether owned by the employee or not, shall be subject to on-demand audits by the IT Department or Managers to ensure compliance with the Company Network Security Policy.
All mobile computing devices provided to employees and contractors must be serialized and recorded into Company Inventory. This includes all mobile computing devices purchased by employees or contractors that they are later reimbursed for.
All mobile computing devices that connect to an untrusted network must meet the following minimum security and safety standards, including:
The most recent versions of Company-approved anti-virus and firewall applications must be installed. The most recent versions of spyware and malware applications must be installed. All digital certificates used must be current and non-expired. All logins and access must be conducted over SSL/HTTPS.
Active intrusion detection and countermeasures must be in place. Internet and network activity monitoring and reporting must be active and enabled.
Training and Education
Employees who will use mobile computing devices and wireless Internet access may be required to participate in network security awareness training in order to educate themselves on the specific dangers and risks that may accompany access to public wireless Internet access points. The goal of such training is to equip our employees with the knowledge and tools they need in order to comply with Company policies concerning data and network security while traveling outside of the Company office. Department managers shall document and retain evidence of training provided to each user.
Sensitive and Confidential Information
Every employee, contractor or staff member has the obligation to protect sensitive and confidential information. All mobile computing users who make use of wireless networks must use VPN encryption protocols when sending or transmitting sensitive or confidential information in any form. No employee, contractor or staff member should ever access an internal company network resource without being secured by VPN encryption protocols, as all Company internal networks, network resources or other internal assets shall be deemed sensitive and confidential information.
Definition(s) of Unacceptable Use of Wireless Networks.
Unacceptable use shall be defined as, but not limited to the following examples:
Using the Internet for personal commercial purposes. Sending bulk, unsolicited email (Spam). Engaging in file sharing or Peer-to-Peer Networking (P2P). Accessing Social or Professional Networking Sites (MySpace.com, Facebook.com, etc.), Blogging Platforms (Blogger, Blogspot, etc) or other sites that are non-essential to the performance of your job duties and obligations.
Disseminating any confidential information about the Company or its customers. Downloading or using excessive amounts of internal Company bandwidth or external Internet resources (i.e., paid-Internet access billed to the Company or reimbursed in some way to employee, contractor or staff member) for non-essential, non-work-related activities. Downloading Shareware or Freeware programs or software that have not been authorized while on a wireless network. Installing ANY software on a Company computer or other asset without prior approval from a manager or supervisor while on a wireless network.
Compromising the security of the Company network, company computers, or any other company resource by engaging in unacceptable usage of the Internet. Knowingly causing someone to view content that may be deemed as obscene, immoral, or illegal, or that may cause the Company to be held liable for discrimination or obscenity. Knowingly causing a disruption or interference with any network or user, whether associated with the Company or not.
Searching for, requesting, acquiring, storing, or disseminating images, text, or data that are pornographic (whether legal or not) or that negatively depict race, religion, sex, age or creed. Conducting third-party business or a personal business enterprise not benefiting the Company, participating in political or religious activity, engaging in illegal or fraudulent activities, or knowingly disseminating false or otherwise libelous materials. Engaging in online gaming or gambling while on a wireless network.
Accessing any Company resource or asset that is not within the scope of the user's normal work and job functions. Examples include but are not limited to: customer information, personnel files and data, or any other documents not required for the proper execution of the user's normal job functions or duties. Any other illegal purpose, whether listed here or not, whether through a wireless network or not, that would encourage or conduct criminal activity, offense, exposure to civil liability, or otherwise violate any regulations, local, state, national, or international law, including without limitations, US export control laws and regulations.
Consequences of Violations
Violations of the Wireless Network Usage Policy are logged and documented. Violations may lead to a revocation of the employee's Internet access privileges and/or may lead to disciplinary action, including termination. The Company also reserves the right to pursue legal remedy for damages incurred as a result of an employee's violation.
Certain illegal activities will require that Company immediately notify or comply with the proper authorities upon discovery. The Company reserves the right to examine any user's Email Account(s), Web Logs, Chat Logs or any other information passed through Company resources or Network or stored on Company computers, at any time and without prior notice.
Inappropriate Use of Resources
Inappropriate use of resources shall be defined as engaging in any activities by users that are inconsistent with the business needs and goals of the Company. Engaging in any activity that adversely affects the user's productivity will not be tolerated. When you access the Internet for business purposes, you are representing the Company with each site or activity you engage in. Special attention must be paid to such activities that do not directly contribute to the fulfillment of the employee's job description or duties.
Responsibility for Online Activities
Users are responsible for their online activities. Each employee must indemnify the Company from all claims of loss, whether direct or indirect, and from any consequential losses suffered by the Company due to a breach of the Company Wireless Network Usage Policy. Company is not responsible for users who display, store, or otherwise transmit any personal information such as passwords, banking information, credit card numbers, social security or tax ID numbers, or make use of Internet "passports" or "wallets. Company shall not be held liable for damages resulting from any loss of such information, abuse by other parties, or any consequential loss of personal property or injury resulting from the storage or loss of such information.
The practices described in this Wireless Network Usage Policy are current as of Current Date. Company reserves the right to modify or amend this policy at any time. Appropriate notice will be given to all employees, contractors, vendors, or other users of Company resources governed under this Agreement concerning such amendments. I hereby declare that I have read and fully understand my duties and obligations set forth in the above Wireless Network Usage Policy for Company Name, and I will uphold these duties and obligations at all times.