Social Computing Guidelines

Document History

Document Certification

Sample Social Computing Guidelines

The <Your Company Name> (the "Company”) Social Computing Guidelines defines objectives for establishing specific standards for the responsible engagement for those Employee’s who choose to create or participate in a blog, wiki, online social network or any other form of online publishing or discussion. Emerging online collaboration platforms are fundamentally changing the way Employees work and engage with each other, clients and partners.

The Social Computing Guidelines builds on the objectives established in the Sample Acceptable Use Standard, and provides specific instructions and requirements for the responsible interaction and participation in social computing systems.

I. Scope

All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, at hosted or outsourced sites supporting the Company, or who have been granted access to Company information or systems, are covered by this policy and must comply with associated standards and guidelines.

Information Asset is defined as any data, or an aggregate of data, that has value to the organization. This includes all data, whether in the form of electronic media or physical records that are used by the Company or in support of Company business processes, including all data maintained or accessed through systems owned or administered by or on the behalf of the Company. Information Assets include all personal, private, or financial data about employees, clients, contractors, or other organizations that must be protected in accordance with relevant legislative, regulatory, or contractual requirements.

Risk refers to the likelihood of loss, damage, or injury to information assets. Risk is present if a threat can exploit an actual vulnerability to adversely impact a sensitive information asset.

Sensitive information refers to information that is classified as Restricted or Confidential. Refer to the Information Classification Standard for confidentiality classification categories.

Social Networking or Computing refers to online, network and Internetwork based participative environments where users contribute commentary and electronic information that is available to the general public or privately to an audience consisting of more than the author contributor.

Threats are the intentional or accidental actions, activities or events that can adversely impact Company information assets, as well as the sources, such as the individuals, groups, or organizations, of these events and activities.

II. Requirements

As an innovation-based company, we believe in the importance of open exchange and learning between Company Employees and our customers and among the many constituents of our emerging business and societal ecosystem. The rapidly growing phenomenon of user generated web content such as blogging, social web-applications and networking are emerging important arenas for that kind of engagement and learning.

Requirements overview:

• Know and follow <Your Company Name> End User Computing and Technology Policy.
  

• Employees are personally responsible for the content they publish on blogs, wikis or any other form of user-generated media. Be mindful that what you publish will be public for a long time—protect your privacy.
  

• Identify yourself—name and, when relevant, role at <Your Company Name>—when you discuss <Your Company Name> or Company related matters.
  

• Write in the first person. You must make it clear that you are speaking for yourself and not on behalf of <Your Company Name>.
  

• If you publish content to any website outside of <Your Company Name> and it has something to do with work you do or subjects associated with <Your Company Name>, use a disclaimer such as this: "The postings on this site are my own and don't necessarily represent <Your Company Name> positions, strategies or opinions."
  

• Respect copyright, fair use and financial disclosure laws.
  

• Don't provide <Your Company Name> or another's confidential or other proprietary information. Ask permission to publish or report on conversations that are meant to be private or internal to <Your Company Name>.
  

• Don't cite or reference clients, partners or suppliers without their approval. When you do make a reference, where possible link back to the source.
  

• Respect your audience. Don't use ethnic slurs, personal insults, obscenity, or engage in any conduct that would not be acceptable in <Your Company Name> workplace. You should also show proper consideration for others' privacy and for topics that may be considered objectionable or inflammatory—such as politics and religion.
  

• Find out who else is blogging or publishing on the topic, and cite them.
  

• Be aware of your association with <Your Company Name> in online social networks. If you identify yourself as an Employee, ensure your profile and related content is consistent with how you wish to present yourself with colleagues and clients.
  

• Don't pick fights, be the first to correct your own mistakes, and don't alter previous posts without indicating that you have done so.
  

• Try to add value. Provide worthwhile information and perspective. <Your Company Name> brand is best represented by its people and what you publish may reflect on the Company’s brand.
  

Online social media enables individuals to share their insights, express their opinions and share information within the context of a globally distributed conversation. Each tool and medium has proper and improper uses. While <Your Company Name> encourages all of its employees to join a global conversation, it is important for Employees who choose to do so to understand what is recommended, expected and required when they discuss Company-related topics, whether at work or on their own time.

Know the <Your Company Name> End User Computing and Technology Policy. If you have any confusion about whether you ought to publish something online, chances are the EUC will resolve it. Pay particular attention to what the EUCs have to say about proprietary information, about avoiding misrepresentation and about competing in the field. If, after checking the <Your Company Name> End User Computing and Technology Policy, you are still unclear as to the propriety of a post, it is best to refrain and seek the advice of management.

III. Responsibilities

The Chief Information Security Officer (CISO) approves the Social Computing Guidelines. The CISO also is responsible for ensuring the development, implementation, and maintenance of the Social Computing Guidelines.

Company management is responsible for ensuring that the Social Computing Guidelines is properly communicated and understood within its respective organizational units. Company management also is responsible for planning education and awareness activities.

Users are the individuals, groups, or organizations authorized by the Owner to access to information assets. Users are responsible for reporting suspected or actual violations of the End User Computing and Technology Policy to Information Security or Management in a timely manner.

IV. Enforcement and Exception Handling

Failure to comply with the Social Computing Guidelines and associated procedures can result in disciplinary actions up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.

Social networks are regularly monitored by Information Security, Physical Security, Marketing, and other corporate departments.

Requests for exceptions to the Social Computing Guidelines should be submitted to the CISO in accordance with the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organizations identified in the scope of this standard will continue to observe the Social Computing Guidelines.

V. Review and Revision

The Social Computing Guidelines will be reviewed and revised in accordance with the Sample Information Security Program Charter.


Approved: _______________________________________________________

Signature

<Typed Name>

Chief Information Security Officer