Usage Policy Document Number: OIL-IS-POL-EU

Similar documents
Technical Vulnerability and Patch Management Policy Document Number: OIL-IS-POL-TVPM

Violations of any portion of this policy may be subject to disciplinary action up to and including termination of employment.

Acceptable Use Policy

REGULATION BOARD OF EDUCATION FRANKLIN BOROUGH

Acceptable Use Policy

ELECTRONIC MAIL POLICY

Acceptable Use Policy (AUP)

Writer Corporation. Data Protection Policy

19 Dec The forwarding and returning obligation does not concern messages containing malware or spam.

Columbine Knolls South/Estates Policy

Effective security is a team effort involving the participation and support of everyone who handles Company information and information systems.

Internet, , and Computer Usage Policy

ACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010

UCL Policy on Electronic Mail ( )

Acceptable Use Policy

POLICY BURLINGTON TOWNSHIP BOARD OF EDUCATION. PROGRAM 2361/page 1 of 8 Acceptable Use of Computer Network/Computers and Resources M

INFORMATION ASSET MANAGEMENT POLICY

TERMS & CONDITIONS PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE USING THE SITE

This Policy applies to all staff and other authorised users in St Therese School.

Policy General Policy GP20

Acceptable Use Policy

Virginia Commonwealth University School of Medicine Information Security Standard

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

COMPUTER & INFORMATION TECHNOLOGY CENTER. Information Transfer Policy

Acceptable Use Policy

University Policies and Procedures ELECTRONIC MAIL POLICY

INTERNET ACCESS SERVICE AGREEMENT PLEASE READ CAREFULLY

Security and Privacy Breach Notification

Electronic Network Acceptable Use Policy

Responsible Officer Approved by

Staff Information System Acceptable Use Policy

ICT Acceptable Use Policy (AUP)

POLICIES AND PROCEDURES

Employee Security Awareness Training Program

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9

Name of Policy: Computer Use Policy

Acceptable Use Policy

Roche Directive on the Use of Roche Electronic Communication Tools

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Corporate Policy. Revision Change Date Originator Description Rev Erick Edstrom Initial

Little Blue Studio. Data Protection and Security Policy. Updated May 2018

ACCEPTABLE USE OF INFORMATION SYSTEMS

SPRING-FORD AREA SCHOOL DISTRICT

Information Technology Cyber Security Policy. Convergint Technologies, LLC

Wireless Communication Stipend Effective Date: 9/1/2008

Information Security Data Classification Procedure

Enterprise Income Verification (EIV) System User Access Authorization Form

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

IT Appropriate Use - Best Practice for Guidelines. Section 1 - Purpose / Objectives. Section 2 - Scope / Application. Section 3 - Definitions

EA-ISP-009 Use of Computers Policy

IEEE Electronic Mail Policy

Communication and Usage of Internet and Policy

Information Security Management Criteria for Our Business Partners

FERPA & Student Data Communication Systems

Data Protection Policy

Policies & Regulations

2.1 Website means operated and owned by UCS Technology Services, including any page, part of element thereof;

Wireless Communication Device Use Policy

II.C.4. Policy: Southeastern Technical College Computer Use

Data Processing Agreement

CARROLL COUNTY PUBLIC SCHOOLS ADMINISTRATIVE REGULATIONS BOARD POLICY EHB: DATA/RECORDS RETENTION. I. Purpose

HPE DATA PRIVACY AND SECURITY

Management: A Guide For Harvard Administrators

IT ACCEPTABLE USE POLICY

Institute of Technology, Sligo. Information Security Policy. Version 0.2

UTAH VALLEY UNIVERSITY Policies and Procedures

TERMS OF USE Terms You Your CMT Underlying Agreement CMT Network Subscribers Services Workforce User Authorization to Access and Use Services.

1 Privacy Statement INDEX

Guidelines for Account Management and Effective Usage

ACCEPTABLE USE POLICY

Louisiana State University System

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

PRIMUS ACCEPTABLE USE POLICY

DISCLAIMERS The legal and practical issues White Paper

POLICY FOR DATA AND INFORMATION SECURITY AT BMC IN LUND. October Table of Contents

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

POLICY 8200 NETWORK SECURITY

Computer Use and File Sharing Policy

PS 176 Removable Media Policy

Apex Information Security Policy

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

Acceptable Use Policy Document ID: SER-POL-001

Acceptable Use Policy

SECURITY & PRIVACY DOCUMENTATION

ADMINISTRATIVE POLICY NO ISSUING MUNICIPAL EQUIPMENT (Computer, Lap Tops, Notebooks, ipads)

EMPLOYEE USE OF TECHNOLOGY AGREEMENT

Records Retention Policy

Springfield, Illinois Police Department

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

Physical and Environmental Security Policy Document Number: OIL-IS-POL-PES

Access to personal accounts and lawful business monitoring

STUDENT ACCEPTABLE USE OF IT SYSTEMS POLICY

Terms and Conditions 01 January 2016

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Information Security Incident Response and Reporting

DATA PROTECTION LAWS OF THE WORLD. Bahrain

UNIVERSITY OF HOUSTON SYSTEM ADMINISTRATIVE MEMORANDUM. SECTION: Information Technology NUMBER: 07.A.07

Breckenridge Financial Supplies Website Use Policy

region16.net Acceptable Use Policy ( AUP )

PCA Staff guide: Information Security Code of Practice (ISCoP)

Transcription:

Email Usage Policy Document Number: OIL-IS-POL-EU

Document Details Title Email Usage Policy Description Acceptable usage of emails by users Version 1.0 Author Information Security Manager Classification Internal Review Date 25/02/2015 Reviewer & Custodian CISO Approved By Information Security Council (ISC) Release Date 23/03/2015 Owner CISO Distribution List Name Internal Distribution Only Version History Version Number Version Date 1.0 04/03/2015 Internal Page 2 of 8

Table of Content 1. Purpose... 4 2. Policy... 4 2.1. Application... 4 2.2. User Responsibility... 4 2.3. Account Creation Process... 6 2.4. Size of Mailbox and Emails... 6 2.5. Security of Gateway PC... 6 2.6. Management Rights to Review Email Content... 7 2.7. Maintaining Email logs... 7 2.8. Deactivation of Email Account... 7 3. Non Compliance... 8 Internal Page 3 of 8

1. Purpose This Policy supports the high level policy statements defined in Information Security Policy. Email forms a vital source of communication to carry out business processes at Oil India. The purpose of this policy is to ensure that emails are used as an efficient mode of business communication and implement control procedures so that the email services are not misused by the users. The Company should ensure that email service and operations remain secure, efficient while communicating within intranet as well as through internet. 2. Policy 2.1. Application This policy applies to all the users of email accounts approved to be used as corporate email accounts to perform Oil India s business communication. This includes employees, including fulltime staff, part-time staff, contractors, freelancers, and other agents having email accounts in Oil India. 2.2. User Responsibility Users will use Company s Email account only for the business purposes. Users will not use or access an Email account assigned to another employee of the organisation to either send or receive messages. Users will not download/ forward attachments that are from an unknown or non reliable source to prevent computer viruses. Users will not create or send computer viruses through Email. Users will zip all the attachements, where possible, while sending. Email client used by the users will be approved by the IT Department of the company. Use of any other client will be prohibited. Users will treat Email messages and files as confidential information. Users will not forge or try to forge email messages. Internal Page 4 of 8

Users will not disguise or attempt to disguise their identity while sending email messages. Users will not use their personal Email accounts for sending official mail. All official Email communication will take place via official Email account. Users will regularly archieve important email messages or move these to word processing documents, text files, databases, and other files. Email systems are not intended for the archival storage of important information, as stored Email messages may be periodically purged by Systems Engineers, mistakenly erased by users, and otherwise lost when system problems occur. Users will not create their own, or forward externally provided Email messages which may be considered to be harassment or which may create a hostile work environment. In case a user encounters profane, obscure or derogatory remarks in email, he/she will either communicate with the originator of the offensive Emails, asking him/her to stop sending such messages, or report such offensive Emails directly to the respective Head and/or CISO or ISWG member. Users will not automatically forward their emails to any address outside the company s networks. Users will not transmit/re-transmit chain messages. Users will request permission from their supervisor before subscribing to a newsletter or group news. Users will write well-structured emails and use short, descriptive subjects. The use of Internet abbreviations and characters such as smileys is not encouraged. User signatures will, at minimum, include employee s name, job title and company name. Following disclaimer will be added underneath users signature: The information contained herein (including attachments) is confidential and is intended solely for the addressee(s). If you have erroneously received this message, please notify the sender immediately and delete this message. If you are not the intended recipient, you are hereby notified that any disclosure, copying or distribution of this message or any accompanying document is strictly prohibited and is unlawful. Oil India Limited is not responsible for any damage caused by a virus or alteration of the e-mail by a third party or otherwise. Views or opinions in this email are not necessarily those of Oil India Limited.. Internal Page 5 of 8

2.3. Account Creation Process An email account will be created for every employee joining Oil India to be used for business purposes. Email accounts for persons other than company employees (fulltime/part time) will be created after adequate approval from Information Security Manager. Email ID created will be unique and will be identified with the employee name E.g.: 1) <first name>.<last name>@oilindia.in 2) <first name + first letter of middle name>.<last name>@oilindia.in 2.4. Size of Mailbox and Emails The mailbox size for each user will be restricted to a suitable size. The size of incoming and outgoing Emails will be restricted to 10 MB for mails received and sent outside Oil India and 5 MB for mails sent within Oil India. The mailbox size for the users will be restricted to the following: Type of user Mailbox Size Warning Limit Senior Management 1 GB 980 MB Other Employees 180 MB 170 MB Users will not send or receive email when the mail-box size exceeds the defined limit. The user will submit a formal request to the Systems Administrator, through the service desk tool for getting the service active. 2.5. Security of Gateway PC A firewall will be installed on the gateway PC, which connects the Company s Intranet to the Internet and also handles the Remote Access connections. Internal Page 6 of 8

The firewall will restrict all services and ports other than minimum required for Email applications. Anti-virus software will to be loaded on gateway computer to detect and repair the files affected by viruses possibly coming through the Email attachments. 2.6. Management Rights to Review Email Content All messages sent by employees through the company Email account are company records and management reserves the right to examine them at any time and without prior notice for: ensuring internal policy compliance; supporting internal investigations for suspected criminal activity; and assisting the management of information systems of the Company. Oil India reserves right to disclose Email messages sent or received through company email account to law enforcement officials without prior notice to the employees who may have sent or received such messages. 2.7. Maintaining Email logs The Systems Engineers will be responsible for recording, retaining, archiving and destroying Email messages and the relevant accompanying logs. The e-mail logs will be reviewed on need basis in case of suspected virus incident. 2.8. Deactivation of Email Account The Email ID of an employee leaving the Company will be deactivated by IT Department within 12 hrs of receiving intimation from Personnel Department. The Personnel Department will immediately notify the IT Department upon the resignation, retirement, termination or transfer of employees. All the emails of the employees leaving the organization will be archieved before deactivating the email account only after only after approval of the reporting manager. Internal Page 7 of 8

3. Non Compliance Failure to comply with the E-mail Usage Policy may, at the full discretion of the Oil India, result in disciplinary action as per Information Security Policy. Internal Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback