Sample Employee Network and Internet Usage and Monitoring Policy



Similar documents
How To Monitor The Internet In Idaho

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

Internet Use Policy and Code of Conduct

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

13. Acceptable Use Policy

Acceptable Usage Policy

Acceptable Use and Publishing Policy

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

The City reserves the right to inspect any and all files stored in private areas of the network in order to assure compliance.

Information Security and Electronic Communications Acceptable Use Policy (AUP)

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

Acceptable Use Policy - NBN Services

Acceptable Use Policy

INTERNET ACCEPTABLE USE POLICY

Acceptable Use Policy

Acceptable Use Policy

Ventura Charter School of Arts & Global Education Board Policy for Acceptable Use and Internet Safety

CT Communications Internet Handbook

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

region16.net Acceptable Use Policy ( AUP )

FKCC AUP/LOCAL AUTHORITY

City of Grand Rapids ADMINISTRATIVE POLICY

ACCEPTABLE USE POLICY

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

ACCEPTABLE USE POLICY OF BROADVOX, INC; BROADVOX, LLC; (COLLECTIVELY BROADVOX )

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

JHSPH Acceptable Use Policy

STAR TELEPHONE MEMBERSHIP CORPORATION ACCEPTABLE USE POLICY FOR BROADBAND INTERNET SERVICES

MAINE COMMUNITY COLLEGE SYSTEM. SUBJECT: COMPUTER AND NETWORK USE PURPOSE: To promote the responsible use of college and System computers and networks

LOUISA MUSCATINE COMMUNITY SCHOOLS POLICY REGARDING APPROPRIATE USE OF COMPUTERS, COMPUTER NETWORK SYSTEMS, AND THE INTERNET

Terms and conditions of use

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

INFORMATION TECHNOLOGY SECURITY POLICY COUNTY OF IMPERIAL

Conditions of Use. Communications and IT Facilities

Revised: 6-04, 8-09, 1-12 REGULATION #5420

2. Prohibit and prevent unauthorized online disclosure, use, or dissemination of personally identifiable information of students.

DIOCESE OF DALLAS. Computer Internet Policy

Internet Acceptable Use Policy

MARIN COUNTY OFFICE OF EDUCATION. EDUCATIONAL INTERNET ACCOUNT Acceptable Use Agreement TERMS AND CONDITIONS

LETABA WIRELESS INTERNET CC ACCEPTABLE USE POLICY

Acceptable Use Policy ("AUP")

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

Revelstoke Board of Education Policy Manual

STOWE COMMUNICATIONS ACCEPTABLE USE POLICY FOR BUSINESS SERVICES HIGH SPEED INTERNET

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY

Rules for the use of the IT facilities. Effective August 2015 Present

Acceptable Use (Anti-Abuse) Policy

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

How To Use A College Computer System Safely

'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy

1. Computer and Technology Use, Cell Phones Information Technology Policy

Wave s High-Speed Internet Service Acceptable Use Policy

PROGRAM R 2361/Page 1 of 12 ACCEPTABLE USE OF COMPUTERS NETWORKS/COMPUTERS AND RESOURCES

TECHNOLOGY ACCEPTABLE USE POLICY FOR STUDENTS

AVON OLD FARMS SCHOOL COMPUTER AND NETWORK ACCEPTABLE USE POLICY

John of Rolleston Primary School

SOUTH DOWNS INTRODUCTIONS LTD ACCEPTABLE USE POLICY INCORPORATING WEBSITE TERMS AND CONDITIONS

SUPREME COURT OF COLORADO OFFICE OF THE CHIEF JUSTICE

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Dene Community School of Technology Staff Acceptable Use Policy

City of Venice Information Technology Usage Policy

AXIS12 DRUPAL IN A BOX ON THE CLOUD

You must not: (a) Copy and republish material from this website (including republication on another website);

DCPS STUDENT SAFETY AND USE POLICY FOR INTERNET AND TECHNOLOGY

Policy and Procedure for Internet Use Summer Youth Program Johnson County Community College

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

BBB, EDC, EDC-RA, EGI-RA, EHC-RA, IGS, JFA, JFA-RA, JHF-RA, JOA-RA, KBA-RB, KBB Superintendent of Schools

Hotwire Communications High-Speed Internet Acceptable Use Policy

OLYMPIC COLLEGE POLICY

Forrestville Valley School District #221

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014

Eastlink Acceptable Use Policy

Transcription:

CovenantEyes Internet Accountability and Filtering Sample Employee Network and Internet Usage and Monitoring Policy Covenant Eyes is committed to helping your organization protect your employees and members from the hidden dangers of the Internet. For further educational materials, please call 989.720.8088 today. The language and provisions in this form must be carefully reviewed and adapted to your company s specific needs and circumstances by your legal counsel in conjunction with your IT management team prior to utilization. 2011 Covenant Eyes Covenant Eyes 1525 W. King St. Owosso, MI 48867 Toll-free: 1.877.479.1119 Call outside the U.S.: 1.989.720.8000 E-mail: resources@covenanteyes.com Web: CovenantEyes.com

EMPLOYEE NETWORK AND INTERNET USAGE AND MONITORING POLICY I. Policy Statement A. This policy sets out rules that all personnel must follow when using the computers, smart-phones and other computer-like devices, software, programs and computer accounts and/or the Internet from any computer, which includes usage of both the World Wide Web (www) and s internal intranet systems ( Network ). B. This policy also applies to personal use of E-mail system. However, additional confidentiality and liability conditions apply to e-mails. C. This policy also explains what may do as an employer to lawfully monitor and report use of the Network and/or computer and investigate suspected systems breaches by personnel or third parties as well as unlawful behavior. D. This policy applies to any person who uses the Network and/or computers to access the Internet and e-mail. Where the policy refers to personnel or user this means anyone employed by, any person carrying out work activities on occupied premises who is not directly employed by (e.g. students, interns, work placements or volunteers), or any person providing a service to under contract (independent contractor, consultant, or temporary employee). Collectively referred to as Personnel. E. Access to the Network and/or Internet access is provided primarily to personnel to use for the business and to develop the skills and knowledge of the workforce to the benefit of its business objectives. A certain amount of limited and responsible personal use is also permitted. F. The wide range of information available on the Network, as well as the Internet, and the nature and risks associated with the use of the Internet raises concerns about security, integrity, confidentiality, monitoring and proper conduct. 1

G. Data Protection Statement. may monitor all user activity on the Internet at network level for the purposes specified in Section IV.A. Information recorded as part of this automated monitoring process includes user identification, domain names of websites visited, duration of visits, and files uploaded to or downloaded from the Internet. Staff must be made aware that this monitoring may reveal sensitive data about them, for example visits to websites which details the activities of a particular political party or religious group might indicate the political opinion or religious belief of that staff member, or self-help or health advice sites might identify a physical or mental health condition. By carrying out such activities using Internet access facilities, Staff consent to processing any sensitive personal data about them that may be revealed through monitoring. Personnel who do not consent must take responsibility for the maintenance of their own personal privacy by not using systems to access this type of information. II. Purpose The purpose of this policy is to define standards for systems that monitor and limit web use from any computer or host within Network. These standards are designed to ensure that assets network, and Internet are used in a safe and responsible manner, to ensure the confidentiality, integrity, and reliability of the Network, and to prevent intrusions into Network, breaches of personal and sensitive data, and ensure that employee web use by personnel be monitored or researched in the event of an incident. III. Scope This policy applies to all employees, contractors, vendors, users, and agents with a -owned, contractor provided, government furnished or personally-owned computer or workstation connected to the Network. This policy applies to all end user initiated communications between Network and the Internet, including web browsing, instant messaging, file transfer, file sharing, and other standard and proprietary protocols. This policy also explains what may do as an employer to lawfully monitor and report use of the system and investigate suspected systems breaches by Personnel or third parties as well as unlawful behavior. 2

IV. Policy A. Internet and Network Monitoring 1. will from time to time incorporate intrusion detection capabilities into its Network so as to provide information relating to unauthorized or irregular behavior on any computer, network, or telecommunication system, and analyzing them for signs of possible incidents, which are violations or imminent threats or violation of computer security policies, acceptable use policies, or standard security practices. This is done to protect and customer/client resources and data maintained or stored on the Network. 2. To protect the integrity of the Network and the data maintained on its Network, may monitor Internet usage, network traffic on the Network as well as all computers and devices, whether or not connected to the Network. 3. Because information recorded by automated monitoring systems can be used to identify an individual user and show, for example, a website or document that a user has been viewing and the time spent browsing, personnel must not assume privacy in their use of the systems, even when accessing the systems in their personal time i.e. out of paid working hours. 4. In the event that finds inappropriate activity or infestation of a company asset, this information may then be shared with the appropriate management, legal counsel, and law enforcement personnel. reserves the right to carry out detailed inspection, make a copy of any asset or devices containing data, where warranted, and to re-image any asset as needed. B. Access to Web Site Monitoring Reports Authorized management personnel, the legal counsel and law enforcement personnel will have access to all reports and data if necessary in order to respond to a security incident. C. Internet Use Filtering System 1. Personnel shall not access, transmit, upload, download, print, display or otherwise disseminate the following types of 3

material while on the Network or while using assets: Adult/sexually explicit and/or obscene images, data, or other material Tasteless, Defamatory, and/or Offensive Content Racially offensive materials Fraudulent or otherwise unlawful materials Materials that promote violence, Intolerance and/or Hatred Any data capable of being transformed into obscene or indecent images or material This includes obscene language, pornography, hostile material relating to gender, sex, race, sexual orientation, religious, political convictions, disability or information that would cause or promote incitement of hatred, violence or any other intimidating material that is designed or could be used to cause offence, annoyance, inconvenience, needless anxiety or which would contravene any policy, in particular equal opportunities or harassment, or break any law. 2. Personnel cannot: Intentionally circumvent security mechanisms such as cracking passwords, exploiting system vulnerabilities, or using systems in excess of granted privileges. Intentionally write, compile, copy, propagate, execute, or attempt to introduce any malicious computer code designed to self-replicate, damage, or otherwise hinder the performance of any computer system. Such software may be referred to as malware virus, bacteria, worm, or a Trojan Horse. Transmit, upload, post or discuss personal identifiable information (PII), protected health information (PHI), or sensitive government or corporate data with any third party without prior written authorization from the appropriate management representative. 3. In addition to the above, the Internet may not be accessed and used for any of the following: Any activity that infringes copyright Transmission of unsolicited commercial or advertising material Deliberate unauthorized access to facilities or services accessible via the Internet 4

Corrupting or destroying another user s data Any activity that would violate the privacy of others Any activity that would risk bringing the organization into disrepute or place the Trust in a position of liability Cause damage or disruption to organizational systems Any activity that would violate the laws and regulations of the United States To be used for any secondary paid employment or volunteered or pro bono services To be used to run a personal business 4. reserves the right to block access to Internet websites and protocols that are deemed inappropriate for the corporate environment. The following protocols and categories of websites are examples of the type of websites that may be blocked: Adult/Sexually Explicit Material Advertisements & Pop-Ups Gambling Hacking Illegal Drugs Intimate Apparel and Swimwear Peer to Peer File Sharing SPAM, Phishing and Fraud Spyware Tasteless Defamatory, and/or Offensive Content Racially offensive, Promoting Violence, Intolerance and/or Hatred D. Internet Use Filtering Exceptions If a site is blocked, then personnel may only access that blocked site with prior written permission if appropriate and necessary for business purposes. If any personnel need access to a site that is blocked and appropriately categorized, they must submit a request to their appraisal manager. They will then present all approved exception requests to in writing or by e-mail, and will evaluate the request and consider unblocking that site or category. 5

V. Enforcement A. personnel are expected to report suspected violations of this policy to the management. B. Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. VI. Definitions Hacking Sites - Sites that provide content about breaking or subverting computer security controls. Incident - A reported security event or group of events that has proven to be a verified information technology security breach. An incident may also be an identified violation or imminent threat of violation of information technology security policies, or a threat to the security of system assets. Some examples of possible information technology security incidents are, but are not limited to: Loss of confidentiality of information Compromise of integrity of information Loss of system availability Denial of service Misuse of service systems or information Internet - an unclassified electronic communications network that connects computer networks and organizational computer facilities around the world. Internet Filtering Using technology that monitors each instance of communication between devices on the corporate network and the Internet and blocks traffic that matches specific rules. Intrusion detection - The process of monitoring the events occurring in a computer system or network and analyzing them for signs of possible incidents, which are violations or imminent threats of violation of computer security policies, acceptable use policies, or standard security practices. IP Address Unique network address assigned to each device to allow it to communicate with other devices on the network or Internet. Peer to Peer File Sharing Services or protocols that allow Internet connected hosts to make files available to or download files from other hosts. Phishing attempting to fraudulently acquire sensitive information by masquerading as a trusted entity in an electronic communication. SMTP Simple Mail Transfer Protocol. The Internet Protocol that facilitates the exchange of mail messages between Internet mail servers. 6

Social Networking Services Internet sites such as Myspace and Facebook that allow users to post content, chat, and interact in online communities. SPAM Unsolicited Internet Email. User ID User Name or other identifier used when an associate logs into the corporate network. VII. Amendments This Policy may be amended or revised from time to time. Personnel will be provided with copies of all amendments and revisions, and unless otherwise stated in a respective amendment or revision text, compliance with amendments and revisions will be enforceable immediately upon receipt. VIII. Revision History This Policy draft is dated April 4, 2011. NOTE: The language and provisions in this form must be carefully reviewed and adapted to your company s specific needs and circumstances by your legal counsel in conjunction with your IT management team prior to utilization. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information