Sample Acceptable Use Policy:: Difference between revisions
No edit summary |
No edit summary |
||
| Line 40: | Line 40: | ||
Requests for exceptions to the Acceptable Use Policy should be submitted to <Title>. Exceptions shall be permitted only on receipt of written approval from <Title>.<br> | Requests for exceptions to the Acceptable Use Policy should be submitted to <Title>. Exceptions shall be permitted only on receipt of written approval from <Title>.<br> | ||
<br> | <br> | ||
=='''V.Review and Revision'''== | =='''V. Review and Revision'''== | ||
<br> | <br> | ||
The Acceptable Use Policy will be reviewed and revised in accordance with the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']].<br> | The Acceptable Use Policy will be reviewed and revised in accordance with the [[Sample Information Security Program Charter:|'''Sample Information Security Program Charter''']].<br> | ||
Revision as of 11:45, 16 July 2007
Sample Acceptable Use Policy
As stated in the Company Sample Information Security Program Charter, the Company will follow a risk management approach to develop and implement Information Security policies, standards, guidelines, and procedures. The Information Security Program will protect information assets by establishing policies to identify, classify, define protection and management objectives, and define acceptable use of Company information assets.
This Acceptable Use Policy defines Company objectives for establishing specific standards on appropriate business use of the Company's information and telecommunications systems and equipment.
I. Scope
All employees, contractors, part-time and temporary workers, and those employed by others to perform work on Company premises, or who have been granted access to Company information or systems, are covered by this policy and must comply with associated standards and guidelines.
II. Objectives
Company information and telecommunications systems and equipment, including Internet, electronic mail, telephone, pager, voice mail and fax, are provided for official and authorized Company business purposes. Any use of such systems and equipment perceived to be illegal, harassing, offensive, or in violation of other Company policies, standards or guidelines, or any other uses that would reflect adversely on Company, can be considered a violation of this policy.
The Company reserves the right to monitor, record, or periodically audit use of any of its information and telecommunications systems and equipment. Use of these systems and equipment constitutes expressed consent by those covered by the scope of this policy to such monitoring, recording, and auditing. Actual or suspected misuse of these systems should be reported to the appropriate Company management representative in a timely manner. Specific instructions and requirements for reporting misuse of Company information and telecommunications systems and equipment are provided in the Misuse Reporting Standard.
Specific instructions and requirements for appropriate business use of the Internet are provided in the Sample Internet Acceptable Use Policy.
Specific instructions and requirements for appropriate business use of the Company electronic mail system are provided in the Sample Electronic Mail Acceptable Use Standard
.
Specific instructions and requirements for appropriate business use of telephones, pagers, faxes, and voice mail are provided in the Sample Telecommunication Acceptable Use Standard.
Specific instructions and requirements for appropriate business use of software and programs are provided in the Sample Software Acceptable Use Standard.
III. Responsibilities
The Chief Information Officer (CIO) is the approval authority for the Acceptable Use Policy.
The Chief Information Security Officer (CISO) is responsible for the development, implementation, and maintenance of the Acceptable Use Policy and associated standards and guidelines.
Company management is accountable for ensuring that the Acceptable Use Policy and associated standards and guidelines are properly communicated and understood within their respective organizational units. Company management is also responsible for defining, approving, and implementing procedures in its organizational units and ensuring their consistency with the Acceptable Use Policy and associated standards and guidelines.
All individuals, groups, or organizations identified in the scope of this policy are responsible for familiarizing themselves and complying with the Acceptable Use Policy and associated standards and guidelines.
IV. Policy Enforcement and Exception Handling
Failure to comply with the Acceptable Use Policy and associated standards, guidelines, and procedures can result in disciplinary actions up to and including termination of employment for employees or termination of contracts for contractors, partners, consultants, and other entities. Legal actions also may be taken for violations of applicable regulations and laws.
Requests for exceptions to the Acceptable Use Policy should be submitted to <Title>. Exceptions shall be permitted only on receipt of written approval from <Title>.
V. Review and Revision
The Acceptable Use Policy will be reviewed and revised in accordance with the Sample Information Security Program Charter.
Approved: _______________________________________________________
Signature
<Insert Name>
Chief Information Officer