Sample Internet Acceptable Use Policy:
Document History
Version | Date | Revised By | Description |
1.0 | 1 January 2010 <Current date> | Michael D. Peters <Owners's name> | This version replaces any prior version. |
Document Certification
Description | Date Parameters |
Designated document recertification cycle in days: | 30 - 90 - 180 - 365 <Select cycle> |
Next document recertification date: | 1 January 2011 <Date> |
Sample Internet Acceptable Use Standard
The <Your Company Name> (the "Company") Sample Acceptable Use Policy defines objectives for establishing specific standards on the appropriate business use of information assets.
This Internet Acceptable Use Standard builds on the objectives established in the Sample Acceptable Use Policy
, and provides specific instructions and requirements on the proper and appropriate business use of Internet resources.
I. Scope
All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to Company information or systems, are covered by this standard and must comply with associated guidelines and procedures.
Information assets are defined in the Sample Asset Identification and Classification Policy.
Internet Resources refer to the Company systems, networks, equipment, software, and processes that provide access to and/or use of the Internet, including accessing, downloading, transmitting, or storing data and information, as well as the operation of software products and tools.
Objectionable refers to anything that could be reasonably considered to be obscene, indecent, harassing, offensive, or any other uses that would reflect adversely on the Company including but not limited to comments or images that would offend, harass, or threaten someone on the basis of his or her race, color, religion, national origin, gender, sexual preference, or political beliefs.
Users refer to all individuals, groups, or organizations authorized by the Company to use Company Internet Resources.
II. Requirements
The requirements of the Internet Acceptable Use Standard, although specific, should not be considered a comprehensive listing. The Company considers consistency with requirements as the basis for considering the appropriateness of other activities and practices that are not specifically addressed.
- A. Business Use
- 1. Company Internet Resources are provided primarily for official and authorized Company business use and purposes.
- 1. Company Internet Resources are provided primarily for official and authorized Company business use and purposes.
- 2. Limited personal use of Company Internet Resources is acceptable as long as it does not conflict with Company business and interests.
- 2. Limited personal use of Company Internet Resources is acceptable as long as it does not conflict with Company business and interests.
- 3. The use of Company Internet Resources shall be in accordance with applicable laws and regulations.
- 3. The use of Company Internet Resources shall be in accordance with applicable laws and regulations.
- 4. Users shall be accountable for all Internet activity associated with their accounts.
- 4. Users shall be accountable for all Internet activity associated with their accounts.
- B. Improper Use
- 1. Any use of Company Internet Resources must not be illegal, must not be perceived as a conflict of Company interest, and must not interfere with normal business activities and operations.
- 1. Any use of Company Internet Resources must not be illegal, must not be perceived as a conflict of Company interest, and must not interfere with normal business activities and operations.
- 2. Users shall not violate any laws or regulations through the use of Company Internet Resources.
- 2. Users shall not violate any laws or regulations through the use of Company Internet Resources.
- 3. Company Internet Resources shall not be used to link, bookmark, access, download, transmit, or store objectionable material, images, or content.
- 3. Company Internet Resources shall not be used to link, bookmark, access, download, transmit, or store objectionable material, images, or content.
- 4. Company Internet Resources shall not be used to conduct personal or non-Company solicitations.
- 4. Company Internet Resources shall not be used to conduct personal or non-Company solicitations.
- 5. Participation in any chat groups, electronic bulletin boards, or forums is permitted only when conducting official and authorized Company business. Personal use of Company Internet Resources to participate in any chat groups, electronic bulletin boards, or forums is prohibited. Please refer to the Social Computing Guidelines for more information and guidance.
- 5. Participation in any chat groups, electronic bulletin boards, or forums is permitted only when conducting official and authorized Company business. Personal use of Company Internet Resources to participate in any chat groups, electronic bulletin boards, or forums is prohibited. Please refer to the Social Computing Guidelines for more information and guidance.
- 6. Users must not allow others to access the Internet by using their accounts.
- C. Browser Software
- 1. Users can use only Company-approved versions and configurations of browser software when using Company Internet Resources.
- 1. Users can use only Company-approved versions and configurations of browser software when using Company Internet Resources.
- 2. Users must not adjust the browser security settings to be less restrictive than the Company-approved configuration.
- 2. Users must not adjust the browser security settings to be less restrictive than the Company-approved configuration.
- D. Downloaded Materials
- 1. Company Internet Resources shall not be used to access, download, transmit, or operate any commercial software, shareware, or freeware that has not been authorized by the Company.
- 1. Company Internet Resources shall not be used to access, download, transmit, or operate any commercial software, shareware, or freeware that has not been authorized by the Company.
- 2. All material and content that has been downloaded using Company Internet Resources must be reviewed for malicious code and viruses in accordance with the Sample Asset Protection Policy and the Sample Anti-Virus Standard.
- 2. All material and content that has been downloaded using Company Internet Resources must be reviewed for malicious code and viruses in accordance with the Sample Asset Protection Policy and the Sample Anti-Virus Standard.
- E. Right to Monitor
- 1. The Company reserves the right to monitor and review all activities and messages using Company Internet Resources.
- 1. The Company reserves the right to monitor and review all activities and messages using Company Internet Resources.
- 2. The Company reserves the right to disclose the nature and content of any User's activities involving Company Internet Resources to law enforcement officials or other third parties without any prior notice to the User.
- 2. The Company reserves the right to disclose the nature and content of any User's activities involving Company Internet Resources to law enforcement officials or other third parties without any prior notice to the User.
- F. Privacy Expectations
- 1. Users should have no expectations of privacy when using Company Internet Resources.
- 1. Users should have no expectations of privacy when using Company Internet Resources.
- G. Misuse Reporting
- 1. Actual or suspected misuse of Company Internet Resources should be reported in accordance with the Sample Misuse Reporting Standard.
- 1. Actual or suspected misuse of Company Internet Resources should be reported in accordance with the Sample Misuse Reporting Standard.
- 2. Upon the receipt or continued receipt of objectionable content, Users should contact <Specify Contact> in accordance with the Sample Misuse Reporting Standard.
- 2. Upon the receipt or continued receipt of objectionable content, Users should contact <Specify Contact> in accordance with the Sample Misuse Reporting Standard.
III. Responsibilities
The Chief Information Security Officer (CISO) approves the Internet Acceptable Use Standard. The CISO also is responsible for ensuring the development, implementation, and maintenance of the Internet Acceptable Use Standard.
Company management is responsible for ensuring that the Internet Acceptable Use Standard is properly communicated and understood within their respective organizational units. Company management also is responsible for defining, approving, and implementing processes and procedures in its organizational units, and ensuring their consistency with the Internet Acceptable Use Standard.
Users are responsible for familiarizing themselves and complying with the Internet Acceptable Use Standard and the associated guidelines provided by Company management. Individuals also are responsible for reporting misuse of Company Internet Resources and cooperating with official Company security investigations relating to misuse of such resources.
IV. Enforcement and Exception Handling
Failure to comply with the Internet Acceptable Use Standard and associated guidelines and procedures can result in disciplinary actions, up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.
Requests for exceptions to the Internet Acceptable Use Standard should be submitted to <Insert Title> in accordance with the Information Security Standards Exception Procedure. Prior to official management approval of any exception request, the individuals, groups, or organizations identified in the scope of this standard will continue to observe the Internet Acceptable Use Standard.
V. Review and Revision
The Internet Acceptable Use Standard will be reviewed and revised in accordance with the Sample Information Security Program Charter.
Approved: _______________________________________________________
- Signature
- Signature
- <Insert Name>
- <Insert Name>
- Chief Information Security Officer
- Chief Information Security Officer