Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012



Similar documents
Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Information Security and Electronic Communications Acceptable Use Policy (AUP)

Institute of Education University of London Computer Security Policy

UNIVERSITY OF ST ANDREWS. POLICY November 2005

The Bishop s Stortford High School Internet Use and Data Security Policy

Internet Use Policy and Code of Conduct

Policy and Code of Conduct

Online Communication Services - TAFE NSW Code of Expected User Behaviour

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

INTERNET, USE AND

Acceptable Use of Information and Communication Systems Policy

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014

Dene Community School of Technology Staff Acceptable Use Policy

INFORMATION SYSTEM GENERAL USAGE POLICY

How To Protect Decd Information From Harm

Estate Agents Authority

Acceptable Use of ICT Policy For Staff

Secure Mail Registration and Viewing Procedures

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

Services Policy

COMPUTER USAGE -

UTC Cambridge ICT Policy

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

A Guide to Information Technology Security in Trinity College Dublin

Social Media. Scope. Computer Use Employee Code of Conduct Privacy Emergency Management Plan Communications Strategy Community Engagement Strategy

University of Liverpool

Embedded Network Solutions Australia Pty Ltd (ENSA) INTERNET ACCEPTABLE USE POLICY

Newcastle University Information Security Procedures Version 3

Acceptable Use of ICT Policy. Staff Policy

Summary Electronic Information Security Policy

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Network Service, Systems and Data Communications Monitoring Policy

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Acceptable Usage Policy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:

Conditions of Use. Communications and IT Facilities

HUMAN RESOURCES POLICIES & PROCEDURES

BERKELEY COLLEGE DATA SECURITY POLICY

Standard: and Campus Communication

Forrestville Valley School District #221

Student Laptop Program

Acceptable Use of Information Systems Standard. Guidance for all staff

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

POLICY ON USE OF INTERNET AND

ICT Student Usage Policy

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

Information Security Code of Conduct

INTERNET ACCEPTABLE USE POLICY

Policy For Staff and Students

Acceptable Use of Information Technology Policy

Angard Acceptable Use Policy

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

Secure Frequently Asked Questions

Information & Communications Technology Usage Policy Olive AP Academy - Thurrock

Acceptable Use Policy

Acceptable Use Policy

ICT Acceptable Use Policy

Digital Device LOAN CHARTER

How To Use The School Network Safely

Guidance for sending and receiving an encrypted NHSmail

MSI Secure Mail Tutorial. Table of Contents

51 JS-R STUDENT USE OF INFORMATION TECHNOLOGY RESOURCES

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY

INTERNET, AND COMPUTER USE POLICY.

INFORMATION SECURITY POLICY

Sibford School Student Computer Acceptable Use Policy

'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy

This document provides a brief, end-user overview of the Cisco Registered Envelop Service which has been implemented by Sterne Agee.

Transcription:

Electronic Messaging Policy 1. Document Status Security Classification Level 4 - PUBLIC Version 1.0 Status DRAFT Approval Life 3 Years Review By June 2012 Owner Secure Research Database Analyst Retention Change History 1

Contents 1. Document Status... 1 1. Introduction... 3 2. Scope... 3 3. Accessing IOE Email... 3 4. Email Security... 4 5. Appropriate Use of Institute Email Systems... 5 6. Unacceptable Use of Email Systems... Error! Bookmark not defined. 7. Privacy... 6 Appendix A: Procedure for Handling Compromised User and Email Accounts.. Error! Bookmark not defined. 1. Background... Error! Bookmark not defined. 2. Impact... Error! Bookmark not defined. 3. Remedial Actions... Error! Bookmark not defined. Deleted: 5 Deleted: 7 Deleted: Deleted: Deleted: 2

1. Introduction 1.1 This policy sets out the proper use of email for IOE-related purposes. All users of the Institute email systems can find further information in the Information Security Policy, the Data Security Policy, the Conditions of Use for Computer Users form and other accompanying guideline documents. 2. Scope 2.1 This policy covers all electronic messaging utilized by authorized IOE users. 2.2 All forms of electronic messaging, including email, instant messaging, tweeting and blogging, are covered without exception by this policy. The use of the word email will, for the purposes of this policy, cover all forms of electronic messaging. 3. Accessing IOE Email 3.1 IOE email accounts are given to staff, students and approved third parties who agree to adhere to and abide by the Institute s Information Security Policy and other related policies, codes of practice and guidelines. 3.2 IOE email systems have been designed to enable use from IOE workstations, external computers and other end user devices (such as XDAs, smartphones etc). Access is therefore only controlled by single-factor authentication (the possession of something you know a username and password) and is available anywhere on many different devices. 3.3 All material sent from, received by, uploaded to or downloaded from the IOE email servers must be handled in a manner appropriate to its Data Classification (see Data Security Policy). 3

4. Email Security 4.1 Usernames and passwords are for individual use only, and must not normally be disclosed to third parties, whether within or outside the IOE. 4.2 Any user knowing or believing that they have disclosed their account details, or who knows or suspects that their email account has been compromised, must contact the computer helpdesk immediately in order to outline the situation. 4.3 In order to maintain the confidentiality, integrity and availability of IOE systems and services, and also to ensure that the IOE is not blacklisted by ISPs or has its internet access removed by JANET, compromised email and user accounts will be dealt with in a uniform manner, the details of which are available to IOE staff upon request. There will be no exceptions. 4.4 Email is considered an inherently insecure method of communication. There is no guarantee that the recipient of a message is in fact genuine, nor is there any guarantee that the sender of a message is genuine. Email should therefore not normally be used to transmit data classified as Confidential or Restricted. 4.5 Once a message has been SENT, recipients may intentionally or accidentally forward the message to other individuals. Therefore users of electronic messaging should have no expectation that any electronic message will remain private. 4.6 Users cannot currently send nor receive email messages containing encrypted attachments. Encrypted attachments cannot be scanned by firewalls, anti-virus or anti-malware applications. The authenticity and malware-free status of the attachment cannot therefore be guaranteed, and in order to ensure the confidentiality, integrity and availability of IOE systems the sending and receiving of unscannable files must be blocked. 4.7 The IOE has put into place spam filters and anti-virus filters at the email gateways. These filters are there to protect the IOE s information systems resources from viruses and unsolicited email. Whilst the IOE is constantly updating these filters it cannot guarantee that it will provide 100% protection against all viruses and spam. If any users feel that they are receiving excessive amounts of unsolicited email or are being caused distress by the receipt of offensive email they may contact the IT Services helpdesk for further guidance. 4

5. Appropriate Use of Institute Email Systems 5.1 The use of IOE-provided email is subject to all relevant laws, policies, codes of practice and guidelines. All users must comply with the IOE s Information Security Policy, the Data Security Policy and the Conditions of Use for Computer Users. 5.2 IOE email services are provided to staff, students and approved third parties to conduct official Institute-related business. Emails of a personal nature may be sent using the IOE system so long as they do not breach the Conditions of Use for Computer users or other terms and conditions of employment. 5.3 Official IOE business should not normally be conducted from email accounts other than those provided by the IOE. Although it is recognised that this might be necessary in some exceptional circumstances, users should be also be aware that the use of third-party email providers for IOE work may breach contractual, legislative, ethical and policy requirements. 5.4 Users must not send messages or message content that may harass or offend (including racist, sexist, defamatory or obscene material). 5.5 Users must not send messages from someone else s account except under proper delegate and send on behalf of arrangements which retain individual accountability. 5.6 Users should not normally auto forward mail to a non-ioe email system (this includes internet email systems such as hotmail or gmail) see 5.3 above. 5.7 Users should not normally enter into contractual agreements by email. 5.8 Users must not use IOE email for personal gain or profit. 5.9 Users must not use IOE email to represent themselves as someone else. 5.10 Users are encouraged not to use IOE email as a means of storing information. All important information should be stored within the Q: drive, a research project folder, a user s N: drive, or other IOE-provided storage as appropriate to the nature and classification of the information. Attachments should be detached from messages and saved appropriately. 5.11 IOE email should not be accessed by any end user device that has been deliberately or knowingly cracked or jailbroken, or that may otherwise prove a threat to the Confidentiality, Integrity and Accessibility of IOE user accounts, networks and data. 5

6. Privacy 6.1 Under the terms of this policy no person shall monitor another user s email account unless written authorisation has been granted to do so. The monitoring and or inspection of email accounts may only occur in accordance the Information Security Policy and the Monitoring and Logging Policy. 6.2 The IOE, in accordance with its legal and audit obligations, and for legitimate operational purposes, reserves the right to access and disclose the contents users email messages. The Institute also reserves the right to demand where necessary the disclosure of decryption keys so that it may fulfil its right of access to users email messages in such circumstances. The IOE also reserves the right to monitor users email accounts where necessary as set out in the Information Security Policy and the Monitoring and Logging Policy in line with the Regulation of Investigatory Powers Act (RIPA) 2000, the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000, the Digital Economy Act 2010 and the Terrorism Act 2006. 7. Mailbox Termination 7.1 Staff mailboxes will be deleted at the termination of the staff member s employment. 7.2 Where explicitly requested in writing by a head of department, a mailbox of a staff member who has left may be kept open for a period of not more than two months, with an Out of Office reply directing enquiries to a different email address. 7.3 Any email addressed to a named staff member who has left may NOT be redirected to another email address. Such emails may contain personal, confidential or inappropriate content that may place the IOE or IOE staff at risk if it is opened. 7.4 Staff mobile devices which are used to connect to IOE-provided mailboxes or which contain data owned by or held by the IOE will be wiped at the termination of a staff member s employment. 7.5 Mailboxes not logged into or utilized for a period of one year will be disabled. If no request is received within a further three months requesting their reenablement, they will be permanently deleted. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information