[itdiscuss] IT policies

[Thompson, Ken]

I've removed our name but this should make sense to you and I hope it can be helpful. You are very welcome to use whatever you find useful. Comments are welcome, invited and appreciated very much. We're always open and needful of improving policy.

Ken


Technology


------- desires that employees have proper and adequate equipment to do their jobs, and that the equipment works as expected. It is also important for ------- to provide a safe and secure technology environment in which to work.  With this goal in mind, please note the following expectations regarding the proper use of ------- technology.

Personal Privacy
It is very important to note that all --------owned technology including, but not limited to telephone systems, computers, e-mail, voice mail systems and fax machines are the sole property of -------, as well as all communications over and activity conducted on these systems.  An employee should have no expectation of personal privacy when using ------- systems.  Improper statements can give rise to personal or company liability. For business reasons, ------- monitors its systems, and managers at their discretion may request reports pertaining to computer, email and Internet usage.

Password Policy - Computer
------- maintains information that is of a sensitive nature.  This includes information related to donors, credit cards, employees, missionaries, churches, partners, short-term workers, and more.  It is critical that this information be secure. One means ------- uses to preserve the confidentiality of its information is through the use of usernames and passwords to authenticate users. For this reason, asking for and or sharing a password is not permitted, this includes sharing information with IT staff. If a situation should arise that necessitates access to another user's passwords, department director and Personnel Director approval must be obtained.

------- requires the changing of personal passwords on a regular basis. ------- also has specific requirements with regards to length and content of passwords. Follow the procedures given in the IT Welcome Letter for setting up and changing your password.  All employees are required to report any violation or unauthorized use of passwords to the Personnel Director.

Password Policy -- Telephones
Passwords are also used on ------- telephones prevent unauthorized access to voice mail and other telephone features. Do not share your telephone password.

If your supervisor and job responsibilities require your phone to be configured for routing long distance calls from outside of the office through the ------- phone system, a strong password of no less than six characters is required. A supervisor must submit their approval for this feature to be added to the ------- IT Department.

Hardware
-------'s intent is to provide employee access to appropriate technologies that permit them to fulfill their job requirements.

Individuals approved to use the ------- wireless internet connection with their personal computers and PDA's will not be able to use ------- printers or access ------- data for security reasons.

If you wish to access email via a personal phone/PDA then the appropriate permission request form will need to be signed and submitted to the ------- IT department.

Software Installation
For security and liability reasons, no personal software may be introduced into the ------- network. ------- has standard software applications that are provided to each employee for business purposes. In cases where additional software is needed, appropriate permissions can be obtained for these installations through one's manager and the IT department.

Also, due to liability issues, no --------owned and licensed software may be removed or copied without written permission from the IT department. All ------- software is regularly audited for compliance with US copyright laws.

Using the ------- Internet Connection
The ------- internet connection is critical to -------'s day to day work. As such, it is to be used only for ------- business purposes. Streaming video, video conferencing, playing and streaming audio files is not permitted unless it is work related. Great care needs to be used even in these situations as streaming multi-media content can create situations where missionaries and ministry partners are kept from accessing their information because our connection is too busy. Note that all these activities may be monitored and logged so please use these with care and wisdom.

Facebook, Twitter and other social networking sites
There are ------- business reasons for using these services and ------- expects that they can be used while in the ------- office during ------- regular business hours for business purposes. Please limit personal use of these sites to non business hours from your personal computer.

Please discuss business reasons for using social networking sites with your supervisor so as to be sure they are in agreement with your use of these sites.

No software may be installed from these sites onto ------- computers.

Remote access

It is very important for remote users and staff with permission to work from home to follow ------- guidelines for remote access. Remote access established for ------- work is only for ------- business use.  Remote users will be required to have a hardware firewall in place (usually called a router). Appropriate software firewalls and anti-virus software are also required on any system that accesses the ------- network remotely.

Data Files
All information stored on ------- systems belongs to ------- and cannot be accessed, stored or retrieved for personal reasons. Personal files or data should not be introduced into the ------- network without proper permission from management, nor any ------- information downloaded or stored on personal systems. Employees should have no expectation that personal information be backed up, maintained, or able to be retrieved.

Downloading Files
Never download or open any files or messages with file attachments from sources or people unknown. The proliferation of viruses and other applications that can jeopardize the ------- network is a significant risk. With regards to attached email files, it is important to 1) know the source of the file, and 2) to have received an advance email indicating that an attachment is coming along with the name of the attachment and its purpose.

Collaboration of documents is a part of everyday work at ------- and as such it is important to not engage in the propagation of non-essential business file attachments (e.g. jokes, movie clips, etc.). Non-essential files also present the possibilities of introducing harmful applications and or, most often, cause problems for the ------- network.

Know that downloading or installing music files is also problematic to the ------- network (e.g. music files from the internet or from personal CD's) so it is expected that users will not do so.

Copy-written Material
Due to copyright laws, employees are not permitted to copy, transfer, rename, add, or delete information or programs belonging to others unless given express, written permission to do so by said owner. Failure to observe copyright or license agreements may result in disciplinary action by ------- and/or legal action by the copyright owner.

Computer viruses & spyware
Computer viruses and spyware are programs designed to make unauthorized changes to programs and data or to send unauthorized information to outside sources. Therefore, both can cause destruction of ------- resources. Computer viruses and spyware installations are much easier to prevent than to cure. Defenses against computer viruses include protection against unauthorized access to computer systems, using only trusted sources for data and programs, and maintaining virus-scanning software. ------- installs and maintains appropriate antivirus software on all computers. The IT department also responds to all virus attacks, destroys any viruses detected, and documents each incident.

Employees will not knowingly introduce a computer virus into company computers. Employees will not load flash drives, CD's, DVD's or other media sources of unknown origin. Any media source needs to be scanned for viruses before files are downloaded or opened on the ------- network. Any employee who suspects that his/her workstation or data has been infected by a virus must notify the IT help desk.

Email
Due to the amount of e-mail each employee must handle each day, it is important that messages sent are of a business or informative nature.  Do not send email of a personal nature to ------- employees or ------- distribution groups (e.g. e-mails containing jokes, funny stories, devotionals, prayer requests, for sale items, etc.) Prayer requests and some personal information can be shared on the ------- portal. It is very important that the ------- e-mail system not be used for sending chain letters, advertisements or solicitations unless authorized by appropriate management.

Please do not use your ------- email address when creating an account on internet sites like Facebook, MySpace, etc. This includes using your ------- email account for ANY website where you sign up and create an account for future logins. However, we recognize that sometimes these are ------- work related and it is better to use your ------- email account. Please use discretion as often these sites sell their email addresses to companies that send lots of spam.

Instant Messaging Services

IM services (Skype) has been installed on some terminals and should be used with discretion.

Other Communications
------- policy and local state and federal law prohibit some forms of communication, including obscenity; defamation; advocacy directed to incite or produce lawless action; threats of violence; disruption of the working environment; harassment based on sex, race, disability or other protected status; and anonymous or repeated messages designed to annoy, abuse or torment.  In addition, ------- forbids employees to knowingly use ministry resources to access Internet sites with inappropriate sexual themes.

All employee blogging or web postings (even if made after hours and/or from home) that mention -------, its employees and/or ministry, should be of a respectful nature and not contain any sensitive or confidential information.  Posting the ------- logo on a website or weblog should first be cleared through the Communications Manager.  ------- will not normally monitor employee's personal blogs or websites, but if a complaint is received, employees will be dealt with on a case-by-case basis and disciplinary action may be taken.

Appropriate use of Technology
The computers and software provided to you by ------- are for ------- work. Please do not misuse or abuse them. With this in mind, please note that employees should not:
*        Attempt to gain access to information that is private or protected
*        Run programs that attempt to identify passwords or codes
*        Interrupt programs that protect data or secure systems, or attempt to do so
*        Monitor or tamper with another person's e-mail without prior permission from that person
*        Read, copy, change or delete another person's work
*        Use another person's password, or allow others to use theirs
*        Attempt to gain network privileges to which one is not entitled
Install software or hardware without prior approval from ones manager and with the IT department's participation

From: discuss-bounces at itdiscuss.org [mailto:discuss-bounces at itdiscuss.org] On Behalf Of Kelley Langkamp
Sent: Sunday, March 21, 2010 1:23 PM
To: discuss at itdiscuss.org
Subject: [itdiscuss] [BULK] IT policies

Is anyone willing to share their IT policies with me? I am looking for examples of things like email use, data storage and software installation policies. We currently don't have any policies in place and need to start working with leadership to develop policies for our staff/volunteers. If you are willing to share so we have some examples to look at that would be very helpful.

Thank you,

Kelley Langkamp
IT Administrator
Fox River Christian Church
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20100322/db52423a/attachment-0001.htm