This policy lays down the law of the land regarding how workers on the corporate network use the Internet. It should come to no surprise to most employees that Internet access is monitored, but this policy provides a crucial general control, policy-wise. Legal and Human Resources departments will look to you for hard evidence to document when a worker violates this policy.
Read on for excerpts from the actual policy:
This policy applies to all _COMPANY employees, contractors, vendors, and any other users authorized to access the Internet via the _COMPANY’s network.
The following rules define _COMPANY’s policy regarding Internet usage on the corporate network:
- Internet access is reserved for those who have a demonstrable business need for such access. With the exception of electronic mail, all access to the Internet with _COMPANY information systems must be approved in advance by the relevant department manager.
- _COMPANY blocks certain Internet (Web) sites. _COMPANY information systems routinely prevent users from connecting with certain web sites. Workers using _COMPANY information systems who discover they have connected with a Web site that contains sexually explicit, racist, or other potentially offensive material must immediately disconnect from that site. The ability to connect with a specific Web site does not in itself imply that workers are permitted to visit that site.
- _COMPANY information classified as “Confidential” or “Restricted” must never be sent over the Internet unless it has first been appropriately secured by approved methods. See Data Security Policy for information about
- All software and files down-loaded from non-_COMPANY sources via the Internet (or any other public network) must be screened with virus detection software. This screening must take place prior to the software being run or files opened using another program, such as a word processing package.
- No software or data files may be uploaded from a _COMPANY system to another computer without authorization.
- No _COMPANY material may be posted on the Internet. Users must not place _COMPANY material (software, internal memos, press releases, etc.) on any publicly-accessible Internet computer system unless approved by the relevant department manager.
- Production systems that rely on data from Internet sources must have the source of the data verified. Aside from information provided by prospects, customers, suppliers, business partners, or government agencies, _COMPANY information systems must not depend on “general purpose” information obtained through the Internet. This rule exists because the timeliness, accuracy, author bias, and continued availability of such information may not be reliable. Verification can be accomplished through a contract with the data provider or a statement of authenticity from the source.