Sample Electronic Mail Acceptable Use Standard:: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
=='''Sample Electronic Mail Acceptable Use Standard'''== | =='''Sample Electronic Mail Acceptable Use Standard'''== | ||
<br> | <br> | ||
The Company | The '''<Your Company Name>''' (the "Company") [[Sample Acceptable Use Policy:|'''Sample Acceptable Use Policy''']] defines objectives for establishing specific standards on the appropriate business use of information assets.<br> | ||
<br> | <br> | ||
This Electronic Mail Acceptable Use Standard builds on the objectives established in the Acceptable Use Policy, and provides specific instructions and requirements on the proper and appropriate business use of Electronic Mail Resources.<br> | This Electronic Mail Acceptable Use Standard builds on the objectives established in the [[Sample Acceptable Use Policy:|'''Sample Acceptable Use Policy''']] | ||
, and provides specific instructions and requirements on the proper and appropriate business use of Electronic Mail Resources.<br> | |||
<br> | <br> | ||
=='''I. Scope'''== | =='''I. Scope'''== | ||
Line 9: | Line 10: | ||
All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to and use of Company Electronic Mail Resources, are covered by this standard and must comply with associated guidelines and procedures.<br> | All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to and use of Company Electronic Mail Resources, are covered by this standard and must comply with associated guidelines and procedures.<br> | ||
<br> | <br> | ||
Information assets are defined in the Asset Identification and Classification Policy.<br> | '''Information assets''' are defined in the [[Sample Asset Identification and Classification Policy:|'''Sample Asset Identification and Classification Policy''']].<br> | ||
<br> | <br> | ||
Electronic Mail Resources refer to the Company systems, networks, equipment, software, and processes that provide access to and/or use of the electronic mail, including accessing, downloading, transmitting, or storing data and information, as well as the operation of software products and tools.<br> | '''Electronic Mail Resources''' refer to the Company systems, networks, equipment, software, and processes that provide access to and/or use of the electronic mail, including accessing, downloading, transmitting, or storing data and information, as well as the operation of software products and tools.<br> | ||
<br> | <br> | ||
Objectionable refers to anything that could be reasonably considered to be obscene, indecent, harassing, offensive, or any other uses that would reflect adversely on the Company, including but not limited to comments or images that would offend, harass, or threaten someone on the basis of his or her race, color, religion, national origin, gender, sexual preference, or political beliefs.<br> | '''Objectionable''' refers to anything that could be reasonably considered to be obscene, indecent, harassing, offensive, or any other uses that would reflect adversely on the Company, including but not limited to comments or images that would offend, harass, or threaten someone on the basis of his or her race, color, religion, national origin, gender, sexual preference, or political beliefs.<br> | ||
<br> | <br> | ||
Users refer to all individuals, groups, or organizations authorized by the Company to access and use Company Electronic Mail Resources.<br> | '''Users''' refer to all individuals, groups, or organizations authorized by the Company to access and use Company Electronic Mail Resources.<br> | ||
<br> | <br> | ||
=='''II.Requirements'''== | =='''II.Requirements'''== | ||
<br> | <br> | ||
A. Business Use | :'''A. Business Use''' | ||
<br> | <br> | ||
::1. Company Electronic Mail Resources are provided primarily for official and authorized Company business use and purposes in support of the following business goals and objectives:<br> | |||
<br> | <br> | ||
::*<List, reference, or describe business goals><br> | |||
<br> | <br> | ||
::2. Limited personal use of Company Electronic Mail Resources is acceptable as long as it does not interfere with normal business operations, conflict with business interests, or has an adverse impact on the reputation of the Company.<br> | |||
<br> | <br> | ||
::3. The use of Company Electronic Mail Resources shall be in accordance with applicable laws and regulations.<br> | |||
<br> | <br> | ||
::4. Users shall be accountable for all Electronic Mail activity associated with their accounts.<br> | |||
<br> | <br> | ||
::5. All electronic mail transmissions outside the Company must have the following disclaimer attached:<br> | |||
<br> | <br> | ||
::"This E-mail and any of its attachments may contain <Company> proprietary information, which is privileged, confidential, or subject to copyright belonging to the <Company>. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout."<br> | |||
<br> | <br> | ||
B. Improper Use | :'''B. Improper Use''' | ||
<br> | <br> | ||
::1. Any use of Company Electronic Mail Resources must not be illegal, must not constitute or be perceived as a conflict of Company interest, must not violate Company policies, and must not interfere with normal business activities and operations.<br> | |||
<br> | <br> | ||
::2. Users shall not violate any laws or regulations through the use of Company Electronic Mail Resources.<br> | |||
<br> | <br> | ||
::3. Company Electronic Mail Resources shall not be used to forward chain letters, virus warnings, and hoaxes or support other such "re-mailing" activities.<br> | |||
<br> | <br> | ||
::4. Company Electronic Mail Resources shall not be used to download, transmit, or store objectionable material, images, or content.<br> | |||
<br> | <br> | ||
::5. Company Electronic Mail Resources shall not be used to conduct personal or non-Company solicitations.<br> | |||
<br> | <br> | ||
::6. Users must not allow others to access Electronic Mail Resources by using their accounts.<br> | |||
<br> | <br> | ||
C.Electronic Mail Software | :'''C.Electronic Mail Software''' | ||
<br> | <br> | ||
::1. Only Company-approved versions and configurations of electronic mail software may be used. The following electronic mail software is authorized for use:<br> | |||
<br> | <br> | ||
::*<Insert list of software><br> | |||
<br> | <br> | ||
::2. Users must not adjust the electronic mail software security settings to be less restrictive than the Company-approved configuration.<br> | |||
<br> | <br> | ||
::3. Users shall not use software or features that automatically forward electronic mail messages.<br> | |||
<br> | <br> | ||
::4. Users shall not use software or features (such as an anonymous mail sender) that obscures or masks the identity of the message sender.<br> | |||
<br> | <br> | ||
:'''D. Downloaded Materials''' | |||
<br> | <br> | ||
::1. Company Electronic Mail Resources shall not be used to send, receive or store any commercial software, shareware, or freeware without the Company's prior written authorization.<br> | |||
<br> | <br> | ||
::2. The content and attachments of electronic mail messages must be reviewed for malicious code and viruses in accordance with the [[Sample Asset Protection Policy:|'''Sample Asset Protection Policy''']] and the [[Sample Anti-Virus Standard:|'''Sample Anti-Virus Standard''']].<br> | |||
<br> | <br> | ||
::3. For security and performance purposes, electronic mail attachments must be less than <Enter size limit>.<br> | |||
<br> | <br> | ||
:'''E. Right to Monitor''' | |||
<br> | <br> | ||
::1. All Electronic Mail Resources and all messages created, received, processed, transmitted, and/or stored on Company Electronic Mail Resources are Company information assets and property.<br> | |||
<br> | <br> | ||
::2. The Company reserves the right to monitor and review all activities and messages using Company Electronic Mail Resources at any time by authorized Company personnel.<br> | |||
<br> | <br> | ||
::3. The Company reserves the right to disclose the nature and content of any User's messages and activities involving Company Electronic Mail Resources to law enforcement officials or other third parties without any prior notice to the User.<br> | |||
<br> | <br> | ||
:'''F. Privacy Expectations''' | |||
<br> | <br> | ||
::1. Users should have no expectations of privacy when using Company Electronic Mail Resources.<br> | |||
<br> | <br> | ||
:'''G. Storage Capacity''' | |||
<br> | <br> | ||
::1. Users shall delete unnecessary electronic mail message to avoid unnecessary accumulation of storage on the Company electronic mail servers.<br> | |||
<br> | <br> | ||
::2. Electronic mail messages containing business critical information should be stored on production servers to ensure proper data backup.<br> | |||
<br> | <br> | ||
::3. The approved record retention period for electronic mail messages is <Insert number> days.<br> | |||
<br> | <br> | ||
:'''H. Misuse Reporting''' | |||
<br> | |||
::1. Actual or suspected misuse of Company Electronic Mail Resources should be reported in accordance with the Misuse Reporting Standard.<br> | |||
<br> | |||
::2. Upon the receipt or continued receipt of objectionable electronic mail, Users should contact <Specify Contact> in accordance with the [[Sample Misuse Reporting Standard:|'''Sample Misuse Reporting Standard''']].<br> | |||
<br> | <br> | ||
=='''III. Responsibilities'''== | =='''III. Responsibilities'''== | ||
Line 109: | Line 112: | ||
=='''V. Review and Revision'''== | =='''V. Review and Revision'''== | ||
<br> | <br> | ||
The Electronic Mail Acceptable Use Standard will be reviewed and revised in accordance with the Information Security Program Charter.<br> | The Electronic Mail Acceptable Use Standard will be reviewed and revised in accordance with the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']].<br> | ||
<br> | <br> | ||
Approved: _______________________________________________________<br> | Approved: _______________________________________________________<br> |
Revision as of 13:48, 17 July 2006
Sample Electronic Mail Acceptable Use Standard
The <Your Company Name> (the "Company") Sample Acceptable Use Policy defines objectives for establishing specific standards on the appropriate business use of information assets.
This Electronic Mail Acceptable Use Standard builds on the objectives established in the Sample Acceptable Use Policy
, and provides specific instructions and requirements on the proper and appropriate business use of Electronic Mail Resources.
I. Scope
All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to and use of Company Electronic Mail Resources, are covered by this standard and must comply with associated guidelines and procedures.
Information assets are defined in the Sample Asset Identification and Classification Policy.
Electronic Mail Resources refer to the Company systems, networks, equipment, software, and processes that provide access to and/or use of the electronic mail, including accessing, downloading, transmitting, or storing data and information, as well as the operation of software products and tools.
Objectionable refers to anything that could be reasonably considered to be obscene, indecent, harassing, offensive, or any other uses that would reflect adversely on the Company, including but not limited to comments or images that would offend, harass, or threaten someone on the basis of his or her race, color, religion, national origin, gender, sexual preference, or political beliefs.
Users refer to all individuals, groups, or organizations authorized by the Company to access and use Company Electronic Mail Resources.
II.Requirements
- A. Business Use
- 1. Company Electronic Mail Resources are provided primarily for official and authorized Company business use and purposes in support of the following business goals and objectives:
- 1. Company Electronic Mail Resources are provided primarily for official and authorized Company business use and purposes in support of the following business goals and objectives:
- <List, reference, or describe business goals>
- <List, reference, or describe business goals>
- 2. Limited personal use of Company Electronic Mail Resources is acceptable as long as it does not interfere with normal business operations, conflict with business interests, or has an adverse impact on the reputation of the Company.
- 2. Limited personal use of Company Electronic Mail Resources is acceptable as long as it does not interfere with normal business operations, conflict with business interests, or has an adverse impact on the reputation of the Company.
- 3. The use of Company Electronic Mail Resources shall be in accordance with applicable laws and regulations.
- 3. The use of Company Electronic Mail Resources shall be in accordance with applicable laws and regulations.
- 4. Users shall be accountable for all Electronic Mail activity associated with their accounts.
- 4. Users shall be accountable for all Electronic Mail activity associated with their accounts.
- 5. All electronic mail transmissions outside the Company must have the following disclaimer attached:
- 5. All electronic mail transmissions outside the Company must have the following disclaimer attached:
- "This E-mail and any of its attachments may contain <Company> proprietary information, which is privileged, confidential, or subject to copyright belonging to the <Company>. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout."
- "This E-mail and any of its attachments may contain <Company> proprietary information, which is privileged, confidential, or subject to copyright belonging to the <Company>. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout."
- B. Improper Use
- 1. Any use of Company Electronic Mail Resources must not be illegal, must not constitute or be perceived as a conflict of Company interest, must not violate Company policies, and must not interfere with normal business activities and operations.
- 1. Any use of Company Electronic Mail Resources must not be illegal, must not constitute or be perceived as a conflict of Company interest, must not violate Company policies, and must not interfere with normal business activities and operations.
- 2. Users shall not violate any laws or regulations through the use of Company Electronic Mail Resources.
- 2. Users shall not violate any laws or regulations through the use of Company Electronic Mail Resources.
- 3. Company Electronic Mail Resources shall not be used to forward chain letters, virus warnings, and hoaxes or support other such "re-mailing" activities.
- 3. Company Electronic Mail Resources shall not be used to forward chain letters, virus warnings, and hoaxes or support other such "re-mailing" activities.
- 4. Company Electronic Mail Resources shall not be used to download, transmit, or store objectionable material, images, or content.
- 4. Company Electronic Mail Resources shall not be used to download, transmit, or store objectionable material, images, or content.
- 5. Company Electronic Mail Resources shall not be used to conduct personal or non-Company solicitations.
- 5. Company Electronic Mail Resources shall not be used to conduct personal or non-Company solicitations.
- 6. Users must not allow others to access Electronic Mail Resources by using their accounts.
- 6. Users must not allow others to access Electronic Mail Resources by using their accounts.
- C.Electronic Mail Software
- 1. Only Company-approved versions and configurations of electronic mail software may be used. The following electronic mail software is authorized for use:
- 1. Only Company-approved versions and configurations of electronic mail software may be used. The following electronic mail software is authorized for use:
- <Insert list of software>
- <Insert list of software>
- 2. Users must not adjust the electronic mail software security settings to be less restrictive than the Company-approved configuration.
- 2. Users must not adjust the electronic mail software security settings to be less restrictive than the Company-approved configuration.
- 3. Users shall not use software or features that automatically forward electronic mail messages.
- 3. Users shall not use software or features that automatically forward electronic mail messages.
- 4. Users shall not use software or features (such as an anonymous mail sender) that obscures or masks the identity of the message sender.
- 4. Users shall not use software or features (such as an anonymous mail sender) that obscures or masks the identity of the message sender.
- D. Downloaded Materials
- 1. Company Electronic Mail Resources shall not be used to send, receive or store any commercial software, shareware, or freeware without the Company's prior written authorization.
- 1. Company Electronic Mail Resources shall not be used to send, receive or store any commercial software, shareware, or freeware without the Company's prior written authorization.
- 2. The content and attachments of electronic mail messages must be reviewed for malicious code and viruses in accordance with the Sample Asset Protection Policy and the Sample Anti-Virus Standard.
- 2. The content and attachments of electronic mail messages must be reviewed for malicious code and viruses in accordance with the Sample Asset Protection Policy and the Sample Anti-Virus Standard.
- 3. For security and performance purposes, electronic mail attachments must be less than <Enter size limit>.
- 3. For security and performance purposes, electronic mail attachments must be less than <Enter size limit>.
- E. Right to Monitor
- 1. All Electronic Mail Resources and all messages created, received, processed, transmitted, and/or stored on Company Electronic Mail Resources are Company information assets and property.
- 1. All Electronic Mail Resources and all messages created, received, processed, transmitted, and/or stored on Company Electronic Mail Resources are Company information assets and property.
- 2. The Company reserves the right to monitor and review all activities and messages using Company Electronic Mail Resources at any time by authorized Company personnel.
- 2. The Company reserves the right to monitor and review all activities and messages using Company Electronic Mail Resources at any time by authorized Company personnel.
- 3. The Company reserves the right to disclose the nature and content of any User's messages and activities involving Company Electronic Mail Resources to law enforcement officials or other third parties without any prior notice to the User.
- 3. The Company reserves the right to disclose the nature and content of any User's messages and activities involving Company Electronic Mail Resources to law enforcement officials or other third parties without any prior notice to the User.
- F. Privacy Expectations
- 1. Users should have no expectations of privacy when using Company Electronic Mail Resources.
- 1. Users should have no expectations of privacy when using Company Electronic Mail Resources.
- G. Storage Capacity
- 1. Users shall delete unnecessary electronic mail message to avoid unnecessary accumulation of storage on the Company electronic mail servers.
- 1. Users shall delete unnecessary electronic mail message to avoid unnecessary accumulation of storage on the Company electronic mail servers.
- 2. Electronic mail messages containing business critical information should be stored on production servers to ensure proper data backup.
- 2. Electronic mail messages containing business critical information should be stored on production servers to ensure proper data backup.
- 3. The approved record retention period for electronic mail messages is <Insert number> days.
- 3. The approved record retention period for electronic mail messages is <Insert number> days.
- H. Misuse Reporting
- 1. Actual or suspected misuse of Company Electronic Mail Resources should be reported in accordance with the Misuse Reporting Standard.
- 1. Actual or suspected misuse of Company Electronic Mail Resources should be reported in accordance with the Misuse Reporting Standard.
- 2. Upon the receipt or continued receipt of objectionable electronic mail, Users should contact <Specify Contact> in accordance with the Sample Misuse Reporting Standard.
- 2. Upon the receipt or continued receipt of objectionable electronic mail, Users should contact <Specify Contact> in accordance with the Sample Misuse Reporting Standard.
III. Responsibilities
The Chief Information Security Officer (CISO) approves the Electronic Mail Acceptable Use Standard. The CISO also is responsible for ensuring the development, implementation, and maintenance of the Electronic Mail Acceptable Use Standard.
Company management is responsible for ensuring that the Electronic Mail Acceptable Use Standard is properly communicated and understood within its respective organizational units. Company management also is responsible for defining, approving, and implementing processes and procedures in its organizational units, and ensuring their consistency with the Electronic Mail Acceptable Use Standard.
Users are responsible for familiarizing themselves and complying with the Electronic Mail Acceptable Use Standard and the associated guidelines provided by Company management. Users also are responsible for reporting misuse of Company Electronic Mail Resources to management, and cooperating with official Company security investigations relating to misuse of such resources.
IV.Enforcement and Exception Handling
Failure to comply with the Electronic Mail Acceptable Use Standard and associated guidelines and procedures can result in disciplinary actions up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.
Requests for exceptions to the Electronic Mail Acceptable Use Standard should be submitted to <Insert Title> in accordance with the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organizations identified in the scope of this standard will continue to observe the Electronic Mail Acceptable Use Standard.
V. Review and Revision
The Electronic Mail Acceptable Use Standard will be reviewed and revised in accordance with the Sample Information Security Program Charter.
Approved: _______________________________________________________
- Signature
- Signature
- <Insert Name>
- <Insert Name>
- Chief Information Security Officer
- Chief Information Security Officer