Usage Policy Document Number: OIL-IS-POL-EU

Transcription

1 Usage Policy Document Number: OIL-IS-POL-EU

2 Document Details Title Usage Policy Description Acceptable usage of s by users Version 1.0 Author Information Security Manager Classification Internal Review Date 25/02/2015 Reviewer & Custodian CISO Approved By Information Security Council (ISC) Release Date 23/03/2015 Owner CISO Distribution List Name Internal Distribution Only Version History Version Number Version Date /03/2015 Internal Page 2 of 8

3 Table of Content 1. Purpose Policy Application User Responsibility Account Creation Process Size of Mailbox and s Security of Gateway PC Management Rights to Review Content Maintaining logs Deactivation of Account Non Compliance... 8 Internal Page 3 of 8

4 1. Purpose This Policy supports the high level policy statements defined in Information Security Policy. forms a vital source of communication to carry out business processes at Oil India. The purpose of this policy is to ensure that s are used as an efficient mode of business communication and implement control procedures so that the services are not misused by the users. The Company should ensure that service and operations remain secure, efficient while communicating within intranet as well as through internet. 2. Policy 2.1. Application This policy applies to all the users of accounts approved to be used as corporate accounts to perform Oil India s business communication. This includes employees, including fulltime staff, part-time staff, contractors, freelancers, and other agents having accounts in Oil India User Responsibility Users will use Company s account only for the business purposes. Users will not use or access an account assigned to another employee of the organisation to either send or receive messages. Users will not download/ forward attachments that are from an unknown or non reliable source to prevent computer viruses. Users will not create or send computer viruses through . Users will zip all the attachements, where possible, while sending. client used by the users will be approved by the IT Department of the company. Use of any other client will be prohibited. Users will treat messages and files as confidential information. Users will not forge or try to forge messages. Internal Page 4 of 8

5 Users will not disguise or attempt to disguise their identity while sending messages. Users will not use their personal accounts for sending official mail. All official communication will take place via official account. Users will regularly archieve important messages or move these to word processing documents, text files, databases, and other files. systems are not intended for the archival storage of important information, as stored messages may be periodically purged by Systems Engineers, mistakenly erased by users, and otherwise lost when system problems occur. Users will not create their own, or forward externally provided messages which may be considered to be harassment or which may create a hostile work environment. In case a user encounters profane, obscure or derogatory remarks in , he/she will either communicate with the originator of the offensive s, asking him/her to stop sending such messages, or report such offensive s directly to the respective Head and/or CISO or ISWG member. Users will not automatically forward their s to any address outside the company s networks. Users will not transmit/re-transmit chain messages. Users will request permission from their supervisor before subscribing to a newsletter or group news. Users will write well-structured s and use short, descriptive subjects. The use of Internet abbreviations and characters such as smileys is not encouraged. User signatures will, at minimum, include employee s name, job title and company name. Following disclaimer will be added underneath users signature: The information contained herein (including attachments) is confidential and is intended solely for the addressee(s). If you have erroneously received this message, please notify the sender immediately and delete this message. If you are not the intended recipient, you are hereby notified that any disclosure, copying or distribution of this message or any accompanying document is strictly prohibited and is unlawful. Oil India Limited is not responsible for any damage caused by a virus or alteration of the by a third party or otherwise. Views or opinions in this are not necessarily those of Oil India Limited.. Internal Page 5 of 8

6 2.3. Account Creation Process An account will be created for every employee joining Oil India to be used for business purposes. accounts for persons other than company employees (fulltime/part time) will be created after adequate approval from Information Security Manager. ID created will be unique and will be identified with the employee name E.g.: 1) <first name>.<last 2) <first name + first letter of middle name>.<last name>@oilindia.in 2.4. Size of Mailbox and s The mailbox size for each user will be restricted to a suitable size. The size of incoming and outgoing s will be restricted to 10 MB for mails received and sent outside Oil India and 5 MB for mails sent within Oil India. The mailbox size for the users will be restricted to the following: Type of user Mailbox Size Warning Limit Senior Management 1 GB 980 MB Other Employees 180 MB 170 MB Users will not send or receive when the mail-box size exceeds the defined limit. The user will submit a formal request to the Systems Administrator, through the service desk tool for getting the service active Security of Gateway PC A firewall will be installed on the gateway PC, which connects the Company s Intranet to the Internet and also handles the Remote Access connections. Internal Page 6 of 8

7 The firewall will restrict all services and ports other than minimum required for applications. Anti-virus software will to be loaded on gateway computer to detect and repair the files affected by viruses possibly coming through the attachments Management Rights to Review Content All messages sent by employees through the company account are company records and management reserves the right to examine them at any time and without prior notice for: ensuring internal policy compliance; supporting internal investigations for suspected criminal activity; and assisting the management of information systems of the Company. Oil India reserves right to disclose messages sent or received through company account to law enforcement officials without prior notice to the employees who may have sent or received such messages Maintaining logs The Systems Engineers will be responsible for recording, retaining, archiving and destroying messages and the relevant accompanying logs. The logs will be reviewed on need basis in case of suspected virus incident Deactivation of Account The ID of an employee leaving the Company will be deactivated by IT Department within 12 hrs of receiving intimation from Personnel Department. The Personnel Department will immediately notify the IT Department upon the resignation, retirement, termination or transfer of employees. All the s of the employees leaving the organization will be archieved before deactivating the account only after only after approval of the reporting manager. Internal Page 7 of 8

8 3. Non Compliance Failure to comply with the Usage Policy may, at the full discretion of the Oil India, result in disciplinary action as per Information Security Policy. Internal Page 8 of 8