INTERNET USAGE POLICY
Company Name’s (hereinafter “the Company”) computer network allows access to resources and services through Internet connectivity. This document formally defines our official policy regarding Internet usage, and all Internet users are expected to be familiar with and to comply with this policy.
For the purposes of this document the Internet is defined as a worldwide “network of networks” using Transmission Control Protocol/Internet Protocol (TCP/IP) for communication.
The Company is committed to preventing the occurrence of inappropriate, unethical, or unlawful behavior by any of the users of its computing systems and telecommunications networks. These responsibilities are not only mandated by the Company’s business interests but by legal and ethical obligations concerning the welfare and privacy of its customers and business partners. This Internet Usage Policy and its strict enforcement is an important and necessary part of the overall usage strategy.
The scope of this policy includes the following information:
· Internet services;
· Resource usage;
· Expectation of privacy;
· Corporate image;
· Contacts for usage issues and questions; and
· Periodic reviews.
The components outlined in this document focus on issues associated with the Company’s host computers, PCs, routers, terminal servers, and other devices that support access to the Internet. The scope of this document does not include application usage and non-Internet usage.
The Internet Usage Policy applies to all employees of the Company (individuals working for the company, including permanent full-time and part-time employees, contract workers, temporary agency workers, business partners, and vendors). The Company’s employees are expected to be familiar with and to comply with this policy, and are also required to use their common sense and exercise their good judgment while using Internet services.
C. Consequences of Violations
Violations of the Internet Usage Policy will be documented and can lead to revocation of system privileges and/or disciplinary action up to and including termination.
Additionally, the company may at its discretion seek legal remedies for damages incurred as a result of any violation. The company may also be required by law to report certain illegal activities to the proper enforcement agencies.
Before access to the Internet via company network is approved, the potential Internet user is required to read this Internet Usage Policy and sign an acknowledgment form (located on the last page of this document). The signed acknowledgment form should be turned in and will be kept on file at the facility granting the access. For questions on the Internet Usage Policy, contact __________ or __________ (hereinafter collectively referred to as “Management”).
II. USAGE THREATS
Internet connectivity presents the company with new risks that must be addressed to safeguard the facility’s vital information assets. These risks include:
A. Inappropriate Use of Resources
Access to the Internet by personnel that is inconsistent with business needs results in the misuse of resources. These activities may adversely affect productivity due to time spent using or “surfing” the Internet. Additionally, the company may face loss of reputation and possible legal action through other types of misuse.
· 30 percent to 40 percent of Internet access is non-business related (IDC Research)
· 70 percent of all Internet porn traffic occurs during the hours of 9am to 5pm
· 92 percent of Charles Schwab’s on-line customers trade from work
· 60 percent have disciplined or fired employees based on Internet Access issues (Strategic Surveys Int’l)
· 84 percent of employees have unlimited access to the Internet
In the absence of any constraints on Internet Usage, organizations leave themselves wide open to all manner of issues that may arise from improper use.
B. Misleading or False Information
All information found on the Internet should be considered suspect until confirmed by another reliable source. There is no quality control process on the Internet, and a considerable amount of its information is outdated or inaccurate.
III. INTERNET SERVICES
Access to the Internet will be provided to users to support business activities and only on an as-needed basis to perform their jobs and professional roles.
A. User Services
Internet access is to be used for business purposes only. Capabilities for the following standard Internet services will be provided to users as needed:
· E-mail – Send/receive E-mail messages to/from the Internet (with or without document attachments).
· Navigation – WWW services as necessary for business purposes, using a hypertext transfer protocol (HTTP) browser tool. Full access to the Internet; limited access from the Internet to dedicated company public web servers only.
· File Transfer Protocol (FTP) – Send data/files and receive in-bound data/files, as necessary for business purposes.
· Telnet – Standard Internet protocol for terminal emulation. User Strong Authentication required for Internet initiated contacts into the company.
· Other – Management reserves the right to add or delete services as business needs change or conditions warrant. All other services will be considered unauthorized access to/from the Internet and will not be allowed.
B. Request & Approval Procedures
Internet access will be provided to users to support business activities and only as needed to perform their jobs.
· Request for Internet Access – As part of the Internet access request process, the employee is required to read this Internet Usage Policy. The user must then sign the statement (located on the last page of this document) that he/she understands and agrees to comply with the policies. Users not complying with these policies could be subject to disciplinary action up to and including termination. Policy awareness and acknowledgment, by signing the acknowledgment form, is required before access will be granted.
· Revision and Renewal – This policy and all changes must be reviewed annually, by all users, and a new Internet Usage Policy Acknowledgment Form must be signed.
· Removal of privileges – Internet access will be discontinued upon termination of employee, completion of contract, end of service of non-employee, or disciplinary action arising from violation of this policy.
IV. USAGE POLICIES
A. Allowed Usage
Internet usage is granted for the sole purpose of supporting business activities necessary to carry out job functions. All users must follow the corporate principles regarding resource usage and exercise good judgment in using the Internet. Questions can be addressed to Management.
Acceptable use of the Internet for performing job functions might include:
· Communication between employees and non-employees for business purposes;
· IT technical support downloading software upgrades and patches;
· Review of possible vendor web sites for product information;
· Reference regulatory or technical information; and
B. Personal Usage
Using company computer resources to access the Internet for personal purposes, without approval, may be considered cause for disciplinary action up to and including termination. Notwithstanding the foregoing, if someone is on lunch break, he/she may use the Internet for personal use, as long as the usage is not Prohibited Usage as defined below.
NOTE: All users of the Internet should be aware that the company network creates an audit log reflecting web usage, sites visited and length of time at a site. This log is periodically reviewed.
Users who choose to store or transmit personal information such as private keys, credit card numbers or certificates or make use of Internet “wallets” do so at their own risk. The company is not responsible for any loss of information, such as information stored in the wallet, or any consequential loss of personal property.
C. Prohibited Usage
Acquisition, storage, and dissemination of data which is illegal, pornographic, or which negatively depicts race, sex or creed is specifically prohibited.
The company also prohibits the conduct of a business enterprise, political activity, engaging in any form of intelligence collection from our facilities, engaging in fraudulent activities, or knowingly disseminating false or otherwise libelous materials.
Other activities that are strictly prohibited include, but are not limited to:
· Accessing company information that is not within the scope of one’s work. This includes unauthorized reading of customer account information, unauthorized access of personnel file information, and accessing information that is not needed for the proper execution of job functions.
· Misusing, disclosing without proper authorization, or altering customer or personnel information. This includes making unauthorized changes to a personnel file or sharing electronic customer or personnel data with unauthorized personnel.
· Deliberate pointing or hyper-linking of company Web sites to other Internet/WWW sites whose content may be inconsistent with or in violation of the aims or policies of the company.
· Any conduct that would constitute or encourage a criminal offense, lead to civil liability, or otherwise violate any regulations, local, state, national or international law including without limitations US export control laws and regulations.
· Use, transmission, duplication, or voluntary receipt of material that infringes on the copyrights, trademarks, trade secrets, or patent rights of any person
or organization. Assume that all materials on the Internet are copyright and/or patented unless specific notices state otherwise.
· Transmission of any proprietary, confidential, or otherwise sensitive information without the proper controls.
· Creation, posting, transmission, or voluntary receipt of any unlawful, offensive, libelous, threatening, harassing material, including but not limited to comments based on race, national origin, sex, sexual orientation, age, disability, religion, or political beliefs.
· Any form of gambling.
Unless specifically authorized under the provisions of section IV.B, the following activities are also strictly prohibited:
· Unauthorized downloading of any shareware programs or files for use without authorization in advance from Management.
· Any ordering (shopping) of items or services on the Internet.
· Playing of any games.
· Forwarding of chain letters.
· Participation in any on-line contest or promotion.
· Acceptance of promotional gifts.
Bandwidth both within the company and in connecting to the Internet is a shared, finite resource. Users must make reasonable efforts to use this resource in ways that do not negatively affect other employees.
If you have any questions about Acceptable Use, contact Management.
D. Software License
The company strongly supports strict adherence to software vendors’ license agreements. When at work, or when company computing or networking resources are employed, copying of software in a manner not consistent with the vendor’s license is strictly forbidden. Questions regarding lawful versus unlawful copying should be referred to Management for review.
Similarly, reproduction of materials available over the Internet must be done only with the written permission of the author or owner of the document. Unless permission from the copyright owner(s) is first obtained, making copies of material from magazines, journals, newsletters, other publications and online documents is forbidden unless this is both reasonable and customary. This notion of “fair use” is in keeping with international copyright laws.
E. Review of Public Information
All publicly-writeable directories on Internet-connected computers will be reviewed and cleared each evening. This process is necessary to prevent the anonymous exchange of information inconsistent with company business. Examples of unauthorized public information include pirated information, passwords, credit card numbers, and pornography.
F. Expectation of Privacy
· Monitoring – Users should consider their Internet activities as periodically monitored and limit their activities accordingly. Management reserves the right to examine E-mail, personal file directories, web access, and other information stored on company computers, at any time and without notice. This examination ensures compliance with internal policies and assists with the management of company information systems.
· E-mail Confidentiality – Users should be aware that E-mail is not a confidential means of communication. The company cannot guarantee that electronic communications will be private. Employees should be aware that electronic communications can, depending on the technology, be forwarded, intercepted, printed, and stored by others. Users should also be aware that once an E-mail is transmitted it may be altered. Deleting an E-mail from an individual workstation will not eliminate it from the various systems across which it has been transmitted.
G. Maintaining Corporate Image
· Representation – When using company resources to access and use the Internet, users must realize they represent the company. Whenever employees state an affiliation to the company, they must also clearly indicate that “the opinions expressed are my own and not necessarily those of the company.” Questions may be addressed to Management.
· Company Materials – Users must not place company material (examples: internal memos, press releases, product or usage information, documentation, etc.) on any mailing list, public news group, or such service. Any posting of materials must be approved by the employee’s manager and Management and will be placed by an authorized individual.
H. Periodic Reviews
· Usage Compliance Reviews – To ensure compliance with this policy, periodic reviews will be conducted. These reviews will include testing the degree of compliance with usage policies.
· Policy Maintenance Reviews – Periodic reviews will be conducted to ensure the appropriateness and the effectiveness of usage policies. These reviews may result in the modification, addition, or deletion of usage policies to better suit company information needs.
A. Points of Contact
If you need assistance regarding the following topics related to Internet usage, contact Management for additional assistance:
· Corporate Level:
· Acceptable Use
· Public Representation
· Web Site
· Corporate Communications Directors
· Corporate Principles
· Access or Connection Problems
VI. INTERNET USAGE COVERAGE ACKNOWLEDGMENT FORM
After reading this policy, please sign the coverage form and submit it to ________ for archival.
By signing below, the individual requesting Internet access through company computing resources hereby acknowledges receipt of and compliance with the Internet Usage Policy. Furthermore, the undersigned also acknowledges that he/she has read and understands this policy before signing this form.
Internet access will not be granted until this acknowledgment form is signed by the individual’s manager. After completion, the form is filed in the individual’s human resources file (for permanent employees), or in a folder specifically dedicated to Internet access (for contract workers, etc.), and maintained by the company. These acknowledgment forms are subject to internal audit.
I have read the Internet Usage Policy. I understand the contents, and I agree to comply with the said Policy.
Employee printed name:
Employee signature: Date:
Management signature: Date: