Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Similar documents
Policy. Sensitive Information. Credit Card, Social Security, Employee, and Customer Data Version 3.4

Mobility Policy Bundle

CIO IT Infrastructure Policy Bundle

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9

FERPA & Student Data Communication Systems

Employee Security Awareness Training Program

Wireless Communication Device Policy Policy No September 2, Standard. Practice

Acceptable Use Policy

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Violations of any portion of this policy may be subject to disciplinary action up to and including termination of employment.

GM Information Security Controls

EMPLOYEE USE OF TECHNOLOGY AGREEMENT

UWTSD Group Data Protection Policy

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

Effective security is a team effort involving the participation and support of everyone who handles Company information and information systems.

Acceptable Use Policy

ADMINISTRATIVE POLICY NO ISSUING MUNICIPAL EQUIPMENT (Computer, Lap Tops, Notebooks, ipads)

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

ACCEPTABLE USE OF HCHD INTERNET AND SYSTEM

BYOD (Bring Your Own Device): Employee-owned Technology in the Workplace

Acceptable Use Policy

Auditing and Monitoring for HIPAA Compliance. HCCA COMPLIANCE INSTITUTE 2003 April, Presented by: Suzie Draper Sheryl Vacca, CHC

ELECTRONIC MAIL POLICY

DATA PROTECTION POLICY THE HOLST GROUP

This Policy applies to all staff and other authorised users in St Therese School.

Internet, , and Computer Usage Policy

University Policies and Procedures ELECTRONIC MAIL POLICY

UCL Policy on Electronic Mail ( )

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY October 25, 2017

UWC International Data Protection Policy

HIPAA Privacy and Security Training Program

Acceptable Use Policy

Learning Management System - Privacy Policy

Virginia Commonwealth University School of Medicine Information Security Standard

Subject: Kier Group plc Data Protection Policy

1 Privacy Statement INDEX

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

SECURITY & PRIVACY DOCUMENTATION

<Criminal Justice Agency Name> Personally Owned Device Policy. Allowed Personally Owned Device Policy

Acceptable Use Policy

TERMS OF USE Terms You Your CMT Underlying Agreement CMT Network Subscribers Services Workforce User Authorization to Access and Use Services.

Cognizant Careers Portal Privacy Policy ( Policy )

Checklist: Credit Union Information Security and Privacy Policies

Motorola Mobility Binding Corporate Rules (BCRs)

Computer Use and File Sharing Policy

Communication and Usage of Internet and Policy

HIPAA Compliance Checklist

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

Terms used, but not otherwise defined, in this Agreement shall have the same meaning as those terms in the HIPAA Privacy Rule.

UNIVERSITY OF MASSACHUSETTS AMHERST INFORMATION SECURITY POLICY September 20, 2017

Table of Contents. PCI Information Security Policy

HIPAA. Developed by The University of Texas at Dallas Callier Center for Communication Disorders

BYOD Policy. Table of Contents

II.C.4. Policy: Southeastern Technical College Computer Use

Data Protection Policy

Privacy Policy Effective May 25 th 2018

GENERAL ORDER PORT WASHINGTON POLICE DEPARTMENT

RMU-IT-SEC-01 Acceptable Use Policy

Wireless Communication Device Use Policy

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

Table of Contents. Blog and Personal Web Site Policy

Information Technology Standards

BHIG - Mobile Devices Policy Version 1.0

Integrating HIPAA into Your Managed Care Compliance Program

ORA HIPAA Security. All Affiliate Research Policy Subject: HIPAA Security File Under: For Researchers

Data Processing Agreement DPA

SPRING-FORD AREA SCHOOL DISTRICT

Mobile Device policy Frequently Asked Questions April 2016

Mobile Device Policy. Augusta University Medical Center Policy Library. Policy Owner: Information Technology Support and Services

NOTE: The first appearance of terms in bold in the body of this document (except titles) are defined terms please refer to the Definitions section.

Security and Privacy Breach Notification

Red Flags/Identity Theft Prevention Policy: Purpose

HIPAA Privacy & Security Training. Privacy and Security of Protected Health Information

Acceptable Use Policy

DATA PROTECTION IN RESEARCH

Data Protection Policy

Information Security Policy

I. PURPOSE III. PROCEDURE

Beam Technologies Inc. Privacy Policy

Electronic Network Acceptable Use Policy

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

Privacy Impact Assessment (PIA) Tool

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

Southington Public Schools

VIACOM INC. PRIVACY SHIELD PRIVACY POLICY

Roche Directive on the Use of Roche Electronic Communication Tools

INFORMATION ASSET MANAGEMENT POLICY

REGULATION BOARD OF EDUCATION FRANKLIN BOROUGH

Department of Public Health O F S A N F R A N C I S C O

Policy General Policy GP20

Staff Information System Acceptable Use Policy

Seven Requirements for Successfully Implementing Information Security Policies and Standards

Commonwealth of Pennsylvania Governor's Office

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Privacy Shield Policy

IAM Security & Privacy Policies Scott Bradner

ACCEPTABLE USE POLICY

HIPAA UPDATE. Michael L. Brody, DPM

HPE DATA PRIVACY AND SECURITY

Guest Wireless Policy

Transcription:

TABLE OF CONTENTS Internet, Email, Social Networking, Mobile Device, and... 2 Risks and Costs Associated with Email, Social Networking, Electronic Communication, and Mobile Devices... 2 Appropriate use of Equipment... 2 BYOD Security... 2 Internet Access... 3 Internet Browsing Best Practices... 3 Tablets, PDAs, and SmartPhones... 3 Federal Rules of Civil Procedures... 4 Enterprise Acceptable Use Overview for Electronic Communications... 5 Electronic Mail... 5 Retention of Email on Personal Systems... 10 Email Forwarding Outside of ENTERPRISE... 10 Email User Best Practices... 10 Commercial Email... 13 Best Practices for Opt-In email... 14 Social Networking... 15 Copyrighted Materials... 18 Ownership of Information... 18 Security... 18 Skype... 19 Text Messaging... 20 Forms... 21 Internet & Electronic Communication - Employee Acknowledgment Form... 22 Email - Employee Acknowledgement Form... 23 Internet Use Approval Form... 24 Internet Access Request Form... 26 Security Access Application Form... 27 Social Networking Policy Compliance Agreement... 28 Telecommuting Work Agreement... 29 Text Messaging Sensitive Information Agreement... 32 Reference Section... 33 Canada's Anti-spam Law (CASL), Bill C-28... 33 Liability... 34 Best Practices to Meet Compliance Requirement... 34 Definitions... 35 What s News... 37 1 2018 Janco Associates, Inc. -- All Rights Reserved

Internet, Email, Social Networking, Mobile Device, and Risks and Costs Associated with Email, Social Networking, Electronic Communication, and Mobile Devices ENTERPRISE is faced with many risks and cost as it comes to depend more on the new technologies. This policy must be followed in order to minimize security risks and economic loss to ENTERPRISE. As new risks are identified these procedures will be updated. Some of the risks and costs that these procedures address are: Appropriate use of Equipment The loss of general ENTERPRISE data and files. The disclosure to competitors of key financial data, sales contacts, suppliers, and strategies. The physical loss of a mobile device. The time to recover from the loss. The introduction of viruses and malware into the enterprise's computer base, when synchronizing mobile device in the office and on a home PC. Personnel https://www.e-janco.com/securityaudit.html business being conducted on enterprise equipment and systems The ENTERPRISE provides PC s, PDA s, laptops, servers, SmartPhones, USB Storage Devices, telephones, video players, televisions, and other equipment as tools for use by employees working on business objectives. This equipment is not to be used for personal use. Inappropriate use of the equipment, including installing nonbusiness related software could result in appropriate disciplinary action up to and including termination. The systems are not to be used for commercial ventures, religious or political causes, outside organizations, or other personal matters unrelated to your job. BYOD Security By adopting strategies that are flexible and scalable and taking advantage of new and upcoming security features, ENTERPRISE will be better-equipped to deal with incoming challenges to their security infrastructure posed by the use of employees own devices. Follow the formal BYOD policies of ENTERPRISE Implement locking of the device after 5 minutes of inactivity Implement a remote wipe of the BYOD if the device is lost or stolen Limit the storage of sensitive and confidential information 2 2018 Janco Associates, Inc. -- All Rights Reserved

Regulations and Industry Impact Regulation Industry Impacted Retention Implications Penalties Sarbanes-Oxley All publicallytraded companies Audit records must be maintained for 7 years AFTER the audit Fines up to $5,000,000 & imprisonment up to 20 years Section 17a-4 Financial Services Email records must be kept for 3 years, trading records thru the end of the account plus 6 years Case by case HIPAA Healthcare Hospital records must be kept for 5 years, medical records for the life of the patient plus 2 years Fines up to $250,000 & imprisonment up to 10 years Regulations and Industry Impact Table Keys to Email Archiving Compliance In the e-discovery and compliance areas, establishing an audit trail is critical, allowing the company to demonstrate unequivocally that e-mails and other evidence have not been tampered with. Since many e-mails contain critical corporate or customer data that should not be accessible to just anyone, the capability may be useful from the standpoint of ensuring that critical data is not accessed by unauthorized users. There are four objectives that must be met. They are: Discovery - Information must be easy to access and consistently available in to meet legal discovery challenges from regulatory committees. Legibility - Information must have the ability to be read today and in the future, regardless of technology. When selecting archiving technology, companies should look for solutions that are based on open systems, in the event that their Email application should change. For example, if a company migrates from Microsoft Exchange to Lotus Notes, they must still be able to quickly access and read archived Emails. Auditability - An Email archiving solution must have the ability to allow third parties to review information and validate that it is authentic. Authenticity - Information must meet all security requirements, account for alteration, and provide an audit trail from origin to disposition. An audit trail can track any changes made to an Email. 9 2018 Janco Associates, Inc. -- All Rights Reserved

Internet & Electronic Communication - Employee Acknowledgment Form If you have questions or concerns about this Policy, contact the ENTERPRISE s CIO before signing this agreement 1. I have read the ENTERPRISE s electronic communication and Internet Usage Policy and agree to abide by it. I understand the violation of any of the above terms may result in discipline, up to and including my termination. Employee Name ID Number Job Title Location Do you need internet or computer training? No Yes (Novice) Yes (Intermediate) Yes (Advanced) Signature Date Approval Process Supervisor IT Department Approved Approved User ID Security Level Basic user Comments Supervisor Manager System Administrator 1 Please retain one copy of this policy with your signature with your records and forward a copy of the signed page to the office of the CIO. 22 2018 Janco Associates, Inc. -- All Rights Reserved

Internet Use Approval Form It is the policy of ENTERPRISE that Internet use on behalf of the ENTERPRISE should be strictly limited to appropriate business purposes. Initials 1. Access to Internet Services A. Employees must be authorized in writing by their management to use the ENTERPRISE s resources to access and use Internet services. When necessary and appropriate, customers and suppliers or other third parties may be authorized, but only in writing, to use the ENTERPRISE s resources to access and use Internet services. B. Access to Internet services may only be authorized after individuals agree in writing to abide by this policy. C. Management who authorizes the use of Internet facilities is responsible for promptly notifying the appropriate Internet administrator when the employee or authorized third party terminates, changes departments or no longer requires the use of Internet service so that access can be terminated. 2. Appropriate Uses of the Internet Initials Initials The Internet should be used for ENTERPRISE business, the performance of work-related duties and professional training and education. Electronic communications in furtherance the ENTERPRISE s business activities with professional associates, colleagues, supplier representatives and others are permitted. 3. Improper Uses of the Internet Although the Internet represents a valuable information resource for legitimate business a technical research and information sharing, it also presents a significant opportunity for abuse, lost employee productivity and potential liability for both the ENTERPRISE and the employee. The following are examples of activities, which could result in revocation of Internet access privileges or other disciplinary action, not excluding termination. A. Personal activities that incur additional costs to the ENTERPRISE or interfere with employee s work performance. B. Profit-making activities that accrue to the employee. C. Political activities. D. Unlawful activities, including sending or receiving copyrighted materials in violation of copyright laws or license agreements. E. Sending or retrieving sexually explicit or offensive messages, cartoons or jokes, ethnic slurs, racial epithets or any other statement or image that might be construed as harassment, disparagement or libel. F. Sending ENTERPRISE proprietary or confidential materials to anyone not entitled to kno or possess them. 24 2018 Janco Associates, Inc. -- All Rights Reserved

Internet Access Request Form Page 1 of 2 1. Read and sign the Internet Use policy. 2. Complete and sign the Internet Access Request Form. 3. Obtain signature approval from your Department Head. 4. Have your local Information Services group complete the required information. 5. Forward all pages to Attn: HELP DESK, for processing. 6. A copy of this document will be returned to you upon Internet activation. Employee Name ID Number Job Title Email By signing this form, I agree to comply with the policies and guidelines set forth in the attached Internet Use Policy. Detailed Business Justification: Signature Date Do you need Internet training? No Yes (Novice) Yes (Intermediate) Yes (Advanced) Approval Process Dept. Head IT Department Approved Approved Signature User Level Basic user Comments Date: Click here to enter a date. Supervisor Manager Administrator 26 2018 Janco Associates, Inc. -- All Rights Reserved

What s News Version 4.6 Added section on text messaging Added section on SKYPE type calls Updated to meet the latest compliance requirement Version 4.5 Updated to meet the latest mandated and regulatory compliance requirements Added Social Networking Policy Compliance Form Added Telecommuting Work Agreement Form Added Text Messaging Sensitive Information Form Version 4.4 Added a section on the Federal Rules of Civil Procedures Added a section on BYOD Security Updated compliance materials for auditing and e-discovery Listed 10 action steps to be followed in the enterprise s acceptable use policy Version 4.3 Updated all of the forms Added section on Best Practices for Internet browsing Version 4.2 Updated Forms Added electronic version of forms Added reference section Canada's Anti-spam Law (CASL), Bill C-28 Update styles Version 4.1 Added section on policies for tablets, PDA s, and SmartPhones Version 4.0 Added Section for commercial Email Added Best Practices for Opt-In Email Reviews and revised policy to comply with all current security and privacy legislation Version 3.3 Added Social Networking Policy Update prior materials to include social networking policy 37 2018 Janco Associates, Inc. -- All Rights Reserved

Version 3.2 Updated Email retention and destruction with materials from the Records Retention and Destruction policy Expanded Email policy to include specifics on materials that are mandated to be archived Version 3.1 Updated policy to include email user best practices Updated stylesheet to be CSS and WORD 2007 compliant Updated forms Version 3.0 Updated policy to cover mobile devices Added materials for Smartphones and USB Storage Devices Defined risks and costs associated with mobile devices Forms Added: Internet & Electronic Communication Employee Acknowledgement Form Email Employee Acknowledgement Form Internet Use Approval Form Internet Access Request Form Security Access Application Form Version 2.2 Added table for Regulations and Industry Impact Version 2.1 Email Forwarding Added 38 2018 Janco Associates, Inc. -- All Rights Reserved

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback