[itdiscuss] IT policies
blloyd at buskercom.com
blloyd at buskercom.com
Mon Mar 22 08:56:57 EDT 2010
Ken
You are very gifted at writing policies. My complements to you.
From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Thompson, Ken
Sent: Monday, March 22, 2010 8:40 AM
To: IT Discussion Forum
Subject: Re: [itdiscuss] IT policies
I've removed our name but this should make sense to you and I hope it
can be helpful. You are very welcome to use whatever you find useful.
Comments are welcome, invited and appreciated very much. We're always
open and needful of improving policy.
Ken
Technology
------- desires that employees have proper and adequate equipment to do
their jobs, and that the equipment works as expected. It is also
important for ------- to provide a safe and secure technology
environment in which to work. With this goal in mind, please note the
following expectations regarding the proper use of ------- technology.
Personal Privacy
It is very important to note that all --------owned technology
including, but not limited to telephone systems, computers, e-mail,
voice mail systems and fax machines are the sole property of -------, as
well as all communications over and activity conducted on these systems.
An employee should have no expectation of personal privacy when using
------- systems. Improper statements can give rise to personal or
company liability. For business reasons, ------- monitors its systems,
and managers at their discretion may request reports pertaining to
computer, email and Internet usage.
Password Policy - Computer
------- maintains information that is of a sensitive nature. This
includes information related to donors, credit cards, employees,
missionaries, churches, partners, short-term workers, and more. It is
critical that this information be secure. One means ------- uses to
preserve the confidentiality of its information is through the use of
usernames and passwords to authenticate users. For this reason, asking
for and or sharing a password is not permitted, this includes sharing
information with IT staff. If a situation should arise that necessitates
access to another user's passwords, department director and Personnel
Director approval must be obtained.
------- requires the changing of personal passwords on a regular basis.
------- also has specific requirements with regards to length and
content of passwords. Follow the procedures given in the IT Welcome
Letter for setting up and changing your password. All employees are
required to report any violation or unauthorized use of passwords to the
Personnel Director.
Password Policy -- Telephones
Passwords are also used on ------- telephones prevent unauthorized
access to voice mail and other telephone features. Do not share your
telephone password.
If your supervisor and job responsibilities require your phone to be
configured for routing long distance calls from outside of the office
through the ------- phone system, a strong password of no less than six
characters is required. A supervisor must submit their approval for this
feature to be added to the ------- IT Department.
Hardware
-------'s intent is to provide employee access to appropriate
technologies that permit them to fulfill their job requirements.
Individuals approved to use the ------- wireless internet connection
with their personal computers and PDA's will not be able to use -------
printers or access ------- data for security reasons.
If you wish to access email via a personal phone/PDA then the
appropriate permission request form will need to be signed and submitted
to the ------- IT department.
Software Installation
For security and liability reasons, no personal software may be
introduced into the ------- network. ------- has standard software
applications that are provided to each employee for business purposes.
In cases where additional software is needed, appropriate permissions
can be obtained for these installations through one's manager and the IT
department.
Also, due to liability issues, no --------owned and licensed software
may be removed or copied without written permission from the IT
department. All ------- software is regularly audited for compliance
with US copyright laws.
Using the ------- Internet Connection
The ------- internet connection is critical to -------'s day to day
work. As such, it is to be used only for ------- business purposes.
Streaming video, video conferencing, playing and streaming audio files
is not permitted unless it is work related. Great care needs to be used
even in these situations as streaming multi-media content can create
situations where missionaries and ministry partners are kept from
accessing their information because our connection is too busy. Note
that all these activities may be monitored and logged so please use
these with care and wisdom.
Facebook, Twitter and other social networking sites
There are ------- business reasons for using these services and -------
expects that they can be used while in the ------- office during -------
regular business hours for business purposes. Please limit personal use
of these sites to non business hours from your personal computer.
Please discuss business reasons for using social networking sites with
your supervisor so as to be sure they are in agreement with your use of
these sites.
No software may be installed from these sites onto ------- computers.
Remote access
It is very important for remote users and staff with permission to work
from home to follow ------- guidelines for remote access. Remote access
established for ------- work is only for ------- business use. Remote
users will be required to have a hardware firewall in place (usually
called a router). Appropriate software firewalls and anti-virus software
are also required on any system that accesses the ------- network
remotely.
Data Files
All information stored on ------- systems belongs to ------- and cannot
be accessed, stored or retrieved for personal reasons. Personal files or
data should not be introduced into the ------- network without proper
permission from management, nor any ------- information downloaded or
stored on personal systems. Employees should have no expectation that
personal information be backed up, maintained, or able to be retrieved.
Downloading Files
Never download or open any files or messages with file attachments from
sources or people unknown. The proliferation of viruses and other
applications that can jeopardize the ------- network is a significant
risk. With regards to attached email files, it is important to 1) know
the source of the file, and 2) to have received an advance email
indicating that an attachment is coming along with the name of the
attachment and its purpose.
Collaboration of documents is a part of everyday work at ------- and as
such it is important to not engage in the propagation of non-essential
business file attachments (e.g. jokes, movie clips, etc.). Non-essential
files also present the possibilities of introducing harmful applications
and or, most often, cause problems for the ------- network.
Know that downloading or installing music files is also problematic to
the ------- network (e.g. music files from the internet or from personal
CD's) so it is expected that users will not do so.
Copy-written Material
Due to copyright laws, employees are not permitted to copy, transfer,
rename, add, or delete information or programs belonging to others
unless given express, written permission to do so by said owner. Failure
to observe copyright or license agreements may result in disciplinary
action by ------- and/or legal action by the copyright owner.
Computer viruses & spyware
Computer viruses and spyware are programs designed to make unauthorized
changes to programs and data or to send unauthorized information to
outside sources. Therefore, both can cause destruction of -------
resources. Computer viruses and spyware installations are much easier to
prevent than to cure. Defenses against computer viruses include
protection against unauthorized access to computer systems, using only
trusted sources for data and programs, and maintaining virus-scanning
software. ------- installs and maintains appropriate antivirus software
on all computers. The IT department also responds to all virus attacks,
destroys any viruses detected, and documents each incident.
Employees will not knowingly introduce a computer virus into company
computers. Employees will not load flash drives, CD's, DVD's or other
media sources of unknown origin. Any media source needs to be scanned
for viruses before files are downloaded or opened on the -------
network. Any employee who suspects that his/her workstation or data has
been infected by a virus must notify the IT help desk.
Email
Due to the amount of e-mail each employee must handle each day, it is
important that messages sent are of a business or informative nature.
Do not send email of a personal nature to ------- employees or -------
distribution groups (e.g. e-mails containing jokes, funny stories,
devotionals, prayer requests, for sale items, etc.) Prayer requests and
some personal information can be shared on the ------- portal. It is
very important that the ------- e-mail system not be used for sending
chain letters, advertisements or solicitations unless authorized by
appropriate management.
Please do not use your ------- email address when creating an account on
internet sites like Facebook, MySpace, etc. This includes using your
------- email account for ANY website where you sign up and create an
account for future logins. However, we recognize that sometimes these
are ------- work related and it is better to use your ------- email
account. Please use discretion as often these sites sell their email
addresses to companies that send lots of spam.
Instant Messaging Services
IM services (Skype) has been installed on some terminals and should be
used with discretion.
Other Communications
------- policy and local state and federal law prohibit some forms of
communication, including obscenity; defamation; advocacy directed to
incite or produce lawless action; threats of violence; disruption of the
working environment; harassment based on sex, race, disability or other
protected status; and anonymous or repeated messages designed to annoy,
abuse or torment. In addition, ------- forbids employees to knowingly
use ministry resources to access Internet sites with inappropriate
sexual themes.
All employee blogging or web postings (even if made after hours and/or
from home) that mention -------, its employees and/or ministry, should
be of a respectful nature and not contain any sensitive or confidential
information. Posting the ------- logo on a website or weblog should
first be cleared through the Communications Manager. ------- will not
normally monitor employee's personal blogs or websites, but if a
complaint is received, employees will be dealt with on a case-by-case
basis and disciplinary action may be taken.
Appropriate use of Technology
The computers and software provided to you by ------- are for -------
work. Please do not misuse or abuse them. With this in mind, please note
that employees should not:
* Attempt to gain access to information that is private or
protected
* Run programs that attempt to identify passwords or codes
* Interrupt programs that protect data or secure systems, or
attempt to do so
* Monitor or tamper with another person's e-mail without prior
permission from that person
* Read, copy, change or delete another person's work
* Use another person's password, or allow others to use theirs
* Attempt to gain network privileges to which one is not
entitled
Install software or hardware without prior approval from ones manager
and with the IT department's participation
From: discuss-bounces at itdiscuss.org
[mailto:discuss-bounces at itdiscuss.org] On Behalf Of Kelley Langkamp
Sent: Sunday, March 21, 2010 1:23 PM
To: discuss at itdiscuss.org
Subject: [itdiscuss] [BULK] IT policies
Is anyone willing to share their IT policies with me? I am looking for
examples of things like email use, data storage and software
installation policies. We currently don't have any policies in place and
need to start working with leadership to develop policies for our
staff/volunteers. If you are willing to share so we have some examples
to look at that would be very helpful.
Thank you,
Kelley Langkamp
IT Administrator
Fox River Christian Church
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://optimus.thompsonic.com/pipermail/discuss/attachments/20100322/cdfe7602/attachment-0001.htm
More information about the discuss
mailing list