How do you write a Company Internet and Asset Usage Policy document?
INTERNET AND ASSET USAGE POLICY
This policy sets forth guidelines and defines the conditions under which an employee, contractor, vendor, or any other person (user) may use Company business assets, including, but not limited to Company Internet access; its private network(s); its vendors, suppliers and partner's networks; and its Email system or any other access point or connection resource, while conducting business for or on behalf of the Company. The Company makes available its various assets, hardware, software, services, and computer network(s) in order to allow its employees access to resources to effectively execute their job functions and duties. This policy defines the Company's official policy regarding Internet connectivity and usage. Before access to the Internet via the company network is approved, the user is required to read and sign this Internet Usage and Asset Policy prior to accessing the Internet and Company assets.
Definition(s) of Acceptable Use
Acceptable use shall be defined as, but not limited to the following examples:
Purposes relating to job or for work requirements. Sending or receiving personal mail, so long as any email that is sent using a Company Email account shall have the authorized Company disclaimer at the bottom of the email stating that the contents of this message may not represent the views of the Company. Using instant messaging software for business purposes.
Posting to Usenet and other message boards for work purposes. Making use of any other Internet service or protocol without first obtaining permission from the Company.
Definition(s) of Unacceptable Use
Unacceptable use shall be defined as, but not limited to the following examples:
Using the Internet for personal commercial purposes. Sending bulk, unsolicited email (Spam). Engaging in file sharing or Peer-to-Peer Networking (P2P).
Disseminating any confidential information about the Company or its customers and customers. Disseminating any personal contact information of employees, vendors, contractors, or officers without prior approval. Displaying Company projects, screenshots, materials, references, descriptions, or intellectual property publicly or in personal portfolios or resumes, including the use of Company and Company's Customer trademarks, copyrights, or any other marks or materials that may be deemed in violation of the Company's nondisclosure agreements.
Downloading or using excessive amounts of bandwidth of streams of data for non-essential, non-work-related activities. Downloading Shareware or Freeware programs or software that have not been authorized. Installing ANY Software on a Company computer or other asset without prior approval from a manager or supervisor. Compromising the security of the Company network, company computers, or any other company resource by engaging in unacceptable usage of the Internet.
Competing in or entering contests or other competitions in which Company assets or resources are used or in which email addresses that identify the company are displayed; or any other identification or indication of relationship between the user and the Company of which the Company may not approve. Knowingly causing someone to view content that may be deemed as obscene, immoral, or illegal, or that may cause the Company to be held liable for discrimination or obscenity. Knowingly causing a disruption or interference with any network or user, whether associated with the Company or not. Engaging in any online activity that negatively depicts race, religion, sex, or creed.
Searching for, requesting, acquiring, storing, or disseminating images, text, or data that are pornographic (whether legal or not) or that negatively depict race, religion, sex, age, or creed. Conducting third-party business or personal business enterprise not benefiting the Company, political or religious activity, engaging in illegal or fraudulent activities, or knowingly disseminating false or otherwise libelous materials. Violation of any Copyright, Trademark, Patent or other Intellectual property, whether owned by the Company or not. Engaging in online gaming or gambling.
Engaging in the purchase of goods or services and using a Company credit card, shipping location, or other information that may reflect poorly on the Company. Accessing any Company resource or asset that is not within the scope of the user's normal work and job functions. Examples include but are not limited to: customer or customer information, personnel files and data, or any other documents not required for the proper execution of the user's normal job functions or duties.
Displaying a Company email address or URL on an inappropriate web site that may lead to a loss of reputation for the Company (examples: Adult, Dating, Political, Religious, or other unauthorized or inappropriate web sites). Referencing or hyper-linking (linking) of any Company resource, document, or web site content that may be objectionable to the Company or in violation of this Internet and Asset Usage Policy. Any other illegal purpose, whether listed here or not, that would encourage or conduct criminal activity, offense, exposure to civil liability, or otherwise violate any regulations, local, state, national, or international law, including without limitations US export control laws and regulations.
Consequences of Violations
Violations of the Internet Usage Policy are logged and documented. Violations may lead to a revocation of the employee's Internet access privileges and/or may lead to disciplinary action, including termination. The Company also reserves the right to pursue legal remedy for damages incurred as a result of an employee's violation.
The Company maintains a log that monitors each employee's Internet usage, including but not limited to:
The web sites the employee has accessed. The email addresses and content of such email that the employee sends using Company resources. Logs of chat sessions. Timestamps and logs of files opened, modified, and deleted from the network computers or resources.
All logins to Company secure servers. TCP/IP/UDP packets of data, in part or in whole. Certain illegal activities will require that Company immediately notify or comply with the proper authorities upon discovery. The Company reserves the right to examine any user's Email Account(s), Web Logs, Chat Logs or any other information passed through Company resources or Network or stored on Company computers, at any time and without prior notice.
Inappropriate Use of Resources
Inappropriate use of resources shall be defined as engaging in any activity by users that is inconsistent with the business needs and goals of the Company. Engaging in any activity that adversely affects the user's productivity will not be tolerated. When you access the Internet for business purposes, you are representing the Company with each site or activity you engage in. Special attention must be paid to such activities that do not directly contribute to the fulfillment of the employee's job description or duties.
Examples include but are not limited to:
"Surfing" the web for non-business purposes. Using a Company email to register for a service, newsletter, or other resource that is not for business purposes. Playing online games or chatting.
Downloading of Cracks, Warez, or other illegal Software. Posting to message boards or Usenet groups for non-business purposes.
Accessing Internet Services
Access to the Internet is provided in order to support Company's business activities and goals. Employees should think of their Internet access as a privilege and that they are accessing this resource on behalf of the Company to do their jobs. At no time is a user allowed to give or grant access rights to any Company service or asset without seeking prior approval from the Company. The Company maintains the following list of Internet services with specific guidelines about how to access them.
Should employees have any questions concerning their responsibilities when accessing these services, they should ask a supervisor or manager for clarification. If at any time employees question whether they should be engaging in a particular activity online, whether for business or not, we encourage them to seek permission if they have any doubt about whether the activity is acceptable or not.
The Company shall provide all required hardware and software to access the following services:
Web Browser: The Company will provide an up-to-date version of the required web browser. Users may not install any other web browser without first getting the approval of a manager or supervisor. Email: The Company will provide an up-to-date version of the required email client software.
Users may not install any other email client without first getting the approval of a manager or supervisor. Web-based Email: The Company maintains a secure, web-based email system for users to connect to when they are not in the office. Users may not connect to the web-based email system until they have installed the official Company security software and receive permission from the Company IT department to connect.
File Transfer Protocol (FTP): Users who require FTP access to a Company resource must first seek permission from the Company IT department, which will provide a preferred or required FTP client for the user. Other Services: (Secure Shell, Remote Desktop, Telnet, etc.): Users who require access to other services must first seek permission from the Company IT department. Due to the ever-changing nature of the Internet and how it is used, the Company may add or remove access to services as it sees fit. If you see a service not listed here, it does not imply that the use of such a service would not constitute a breach of Company policy.
If you require the use of a service not defined or covered in this document, you must first get permission from a supervisor or manager. All unapproved services or access are strictly forbidden.
Responsibility for Online Activities
Users are responsible for their online activities. Each employee must indemnify the Company from all claims of loss, whether direct or indirect, and from any consequential losses suffered by the Company due to a breach of the Company Internet and Asset Policy. Company is not responsible for users who display, store, or otherwise transmit any personal information such as passwords, banking information, credit card numbers, social security or tax ID numbers, or make use of Internet "passports" or "wallets". Company shall not be held liable for damages resulting from any loss of such information, abuse by other parties, or any consequential loss of personal property or injury resulting from the storage or loss of such information.
Rules Governing the Installation of Software on Company Computers
Use of any Company Software in a manner not consistent with its intended use is strictly forbidden. Users must adhere to the licensing restrictions and agreements of each vendor whenever they install or make use of software. Users may not install, copy, or otherwise distribute software in a manner that is not consistent with the Company's software licensing agreement with each vendor.
Questions regarding the lawful usage of software should be directed to the Company IT department or to a manager. A list of acceptable software is maintained by the Company IT Department and you must obtain permission from either the IT Department or a manager prior to any installation of any software on a company computer, network, or resource. Rules Governing the use of "Royalty Free" and "Rights Protected" Images, Source Code, "Open Source," Stock Photography and other Rights-Managed Materials.
Use of any "Royalty Free," "Rights Protected" Images, Source Code, "Open Source," Stock Photography or other Rights Managed Materials is limited to those files that can be proven to be covered under the GPL (General Public License) or another verifiable license. All code, images, or other resource incorporated or used in a project for the Company must have on file one or more of the following: 1) The original license file or receipt for the asset used, 2) A transfer of copyright or right to license for a specific purpose, or 3) Any receipt of payments for the asset. It is the Company's policy that none of the above mentioned items be incorporated into a Company project, customer project, or employed for any other use for or by the Company or its employees, whether public or not. The practices described in this Internet Usage and Asset Policy are current as of Current Date.
Company reserves the right to modify or amend this Internet Usage and Asset Policy at any time. Appropriate notice will be given to all employees, contractors, vendors, or other users of Company resources governed under this Agreement concerning such amendments. I hereby declare that I have read and fully understand my duties and obligations set forth in the above Internet Usage and Asset Policy for Company Name, and I will uphold these duties and obligations at all times.