Sample Electronic Mail Acceptable Use Standard:

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 19:34, 16 January 2014 by Mdpeters (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Sample Electronic Mail Acceptable Use Standard

The Electronic Mail Acceptable Use Standard builds on the objectives established in the Acceptable Use Standard, and provides specific instructions and requirements on the proper and appropriate business use of Electronic Mail Resources.

Objectives

  1. Business Use
    1. Company Electronic Mail Resources are provided primarily for official and authorized Company business use and purposes in support of the following business goals and objectives: Support of the Company mission.
    2. Limited personal use of Company Electronic Mail Resources is acceptable as long as it does not interfere with normal business operations, conflict with business interests, or has an adverse impact on the reputation of the Company.
    3. The use of Company Electronic Mail Resources shall be in accordance with applicable laws and regulations.
    4. Users shall be accountable for all Electronic Mail activity associated with their accounts.
    5. All electronic mail transmissions outside the Company must have the following disclaimer attached: "This e-mail message (and any attachment) is intended for the use of the individual or entity to which it is addressed. This message contains information from Lazarus Alliance, LLC. that may be privileged, confidential, or exempt from disclosure under applicable law. If you are not the intended recipient or authorized to receive this for the intended recipient, any use, dissemination, distribution, retention, archiving, or copying of this communication is strictly prohibited. If you have received this e-mail in error, please notify the sender immediately by reply e-mail, delete this message, and delete the material from all computers."
  2. Improper Use
    1. Any use of Company Electronic Mail Resources must not be illegal, must not constitute or be perceived as a conflict of Company interest, must not violate Company policies, and must not interfere with normal business activities and operations.
    2. Users shall not violate any laws or regulations through the use of Company Electronic Mail Resources.
    3. Company Electronic Mail Resources shall not be used to forward chain letters, virus warnings, and hoaxes or support other such "re-mailing" activities.
    4. Company Electronic Mail Resources shall not be used to download, transmit, or store objectionable material, images, or content.
    5. Company Electronic Mail Resources shall not be used to conduct personal or non-Company solicitations.
    6. Users must not allow others to access Electronic Mail Resources by using their accounts.
    7. The use of third party Electronic Mail Resources such as personal Electronic Mail accounts outside of Company provided Electronic Mail Resources in the transmission of Company information is prohibited. Accessing third party personal Electronic Mail Resources is only permitted while an employee is off duty and while an employee is not using Company resources. The usage of Company owned resources is for business purposes only.
  3. Electronic Mail Software
    1. Only Company approved versions and configurations of electronic mail software listed within the Company System of Record documentation may be used.
    2. Users must not adjust the electronic mail software security settings to be less restrictive than the Company approved configuration.
    3. Users shall not use software or features that automatically forward electronic mail messages.
    4. Users shall not use software or features (such as an anonymous mail sender) that obscures or masks the identity of the message sender.
  4. Downloaded Materials
    1. Company Electronic Mail Resources shall not be used to send, receive or store any commercial software, shareware, or freeware without the Company's prior written authorization.
    2. The content and attachments of electronic mail messages must be reviewed for malicious code and viruses in accordance with the Asset Protection Standard and the Anti-Virus Standard.
    3. For security and performance purposes, electronic mail attachments must be less than [35 MB].
  5. Right to Monitor
    1. All Electronic Mail Resources and all messages created, received, processed, transmitted, and/or stored on Company Electronic Mail Resources are Company information assets and property.
    2. The Company reserves the right to monitor and review all activities and messages using Company Electronic Mail Resources at any time by authorized Company personnel.
    3. The Company reserves the right to disclose the nature and content of any User's messages and activities involving Company Electronic Mail Resources to law enforcement officials or other third parties without any prior notice to the User.
  6. Privacy Expectations
    1. Users should have no expectations of privacy when using Company Electronic Mail Resources.
  7. Storage Capacity
    1. Users shall delete unnecessary electronic mail message to avoid unnecessary accumulation of storage on the Company electronic mail servers.
    2. Electronic mail messages containing business critical information should be stored on production servers to ensure proper data backup.
    3. The approved record retention period for electronic mail messages is governed by the Records Retention Schedule.
  8. Misuse Reporting
    1. Actual or suspected misuse of Company Electronic Mail Resources should be reported in accordance with the Misuse Reporting Standard.
    2. Upon the receipt or continued receipt of objectionable electronic mail, Users should contact Information Security in accordance with the Misuse Reporting Standard.


Document Examples

Use these samples as a guide for your policy development. Fully customizable versions are available from The Policy Machine.