Sample Telecommunication Acceptable Use Standard:

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Document History


Version Date Revised By Description
1.0 1 January 2010 <Current date> Michael D. Peters <Owners's name> This version replaces any prior version.


Document Certification


Description Date Parameters
Designated document recertification cycle in days: 30 - 90 - 180 - 365 <Select cycle>
Next document recertification date: 1 January 2011 <Date>


Sample Telecommunications Acceptable Use Standard


The <Your Company Name> (the "Company") Sample Acceptable Use Policy defines objectives for establishing specific standards on the appropriate business use of information assets.

This Telecommunications Acceptable Use Standard builds on the objectives established in the Sample Acceptable Use Policy, and provides specific instructions and requirements on the proper and appropriate business use of telecommunications resources.

I. Scope


All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to Company information or systems, are covered by this standard and must comply with associated guidelines and procedures.

Information Assets are defined in the Sample Asset Identification and Classification Policy.

Telecommunications Resources refer to the Company telecommunications systems and equipment including telephones (cellular, digital, wireless, satellite, etc.) and wireless devices (phones, personal digital assistants (PDAs), etc.), as well as voice mail, fax, pager, and modem communications.

Objectionable refers to anything that could be reasonably considered to be obscene, indecent, harassing, offensive, or any other uses that would reflect adversely on the Company including but not limited to comments or images that would offend, harass, or threaten someone on the basis of his or her race, color, religion, national origin, gender, sexual preference, or political beliefs.

Users refer to all individuals, groups, or organizations authorized by the Company to use Company telecommunications resources.

II. Requirements


The requirements of the Telecommunications Acceptable Use Standard, although specific, should not be considered a comprehensive listing. The Company considers consistency with requirements as the basis for considering the appropriateness of other activities and practices that are not specifically addressed.

A. Business Use


1. Company Telecommunications Resources are provided primarily for official and authorized Company business use and purposes.


2. Limited personal use of Company Telecommunications Resources is acceptable as long as it does not conflict with Company business and interests.


3. The use of Company Telecommunications Resources shall be in accordance with applicable laws and regulations.


4. Users shall be accountable for all activity associated with their assigned Company Telecommunications Resources.


B. Improper Use


1. Any use of Company Telecommunications Resources must not be illegal, must not be perceived as a conflict of Company interest, and must not interfere with normal business activities and operations.


2. Users shall not violate any laws or regulations through the use of Company Telecommunications Resources.


3. Company Telecommunications Resources shall not be used to access, download, transmit, or store objectionable material, images, or content.


4. Company Telecommunications Resources shall not be used to conduct personal or non-Company solicitations.


5. Users must not allow others to access the Telecommunications by using their accounts.


C. Company Telephone Systems


1. Company private branch exchange (PBX) systems must be programmed to disable access to unauthorized information services or exchanges where charges beyond those for normal telephone calls can be assessed.


2. Company sites are prohibited from enabling the direct inward system access (DISA) features on private PBX telephone systems.


3. The use of speaker phones, microphones, loudspeakers, tape recorders, video-conferencing audio and video recorders or similar technologies must be announced to and consent obtained from all participants of the call.


4. Long distance and conference-bridge calls shall be reserved for those employees who have an ongoing legitimate business need for the service as determined by Company management.


5. Users shall avoid discussing sensitive or proprietary Company business or information in environments where such information can be disclosed to an unauthorized third party.


6. Users shall avoid using Company wireless devices or mobile phones when discussing sensitive or proprietary information.


D. Non-Company Telephone Systems


1. Users must avoid the placement of direct dial telephone credit card calls through non-Company PBX systems or other systems that can record the credit card and PIN numbers that may later be used to place fraudulent calls.


2. While using public pay phones, users should swipe telephone or other credit cards rather than keying in or speaking the numbers for bill-to information.


3. Users must avoid using "ringing" telephones in publicly accessible areas.


E. Voice mail


1. Voice mail passwords must be used to protect disclosure of proprietary and sensitive information.


2. Default voice mail passwords must be changed as soon as issued.


3. Calls can only be forwarded internally.


4. Users shall delete unnecessary voice mail message to avoid unnecessary accumulation of storage on the Company telephone systems.


F. Faxes


1. All Company fax transmissions require a cover page with the following disclaimer statement:


"This fax and any of its contents may contain <Your Company Name> proprietary information, which is privileged, confidential, or subject to copyright belonging to the <Your Company Name>. This fax is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this fax, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this fax is strictly prohibited and may be unlawful. If you have received this fax in error, notify the sender immediately and permanently delete the original and any copy of this fax."


G. Modems


1. Modems must be used in accordance with the Remote Access Standard.


H. Right to Monitor


1. The Company reserves the right to monitor and review all activities and messages using Company Telecommunications Resources.


2. The Company reserves the right to disclose the nature and content of any User's activities involving Company Telecommunications Resources to law enforcement officials or other third parties without any prior notice to the User.


I. Privacy Expectations


1. Users should have no expectations of privacy when using Company Telecommunications Resources.


J. Misuse Reporting


1. Actual or suspected misuse of Company Telecommunications Resources should be reported in accordance with the Sample Misuse Reporting Standard.


2. Upon the receipt or continued receipt of objectionable content or messages, Users should contact <SPECIFY CONTACT> in accordance with the Sample Misuse Reporting Standard.


III. Responsibilities


The Chief Information Security Officer (CISO) approves the Telecommunications Acceptable Use Standard. The CISO also is responsible for ensuring the development, implementation, and maintenance of the Telecommunications Acceptable Use Standard.

Company management is responsible for ensuring that the Telecommunications Acceptable Use Standard is properly communicated and understood within its respective organizational units. Company management also is responsible for defining, approving, and implementing processes and procedures in its organizational units, and ensuring their consistency with the Telecommunications Acceptable Use Standard.

Users are responsible for familiarizing themselves and complying with the Telecommunications Acceptable Use Standard and the associated guidelines provided by Company management. Individuals also are responsible for reporting misuse of Company Telecommunications Resources and cooperating with official Company security investigations relating to misuse of such resources.

IV. Enforcement and Exception Handling


Failure to comply with the Telecommunications Acceptable Use Standard and associated guidelines and procedures can result in disciplinary actions, up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.

Requests for exceptions to the Telecommunications Acceptable Use Standard should be submitted to <Insert Title> in accordance with the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organizations identified in the scope of this standard will continue to observe the Telecommunications Acceptable Use Standard.

V. Review and Revision


The Telecommunications Acceptable Use Standard will be reviewed and revised in accordance with the Sample Information Security Program Charter.

Approved: _______________________________________________________

Signature


<Insert Name>


Chief Information Security Officer