Automatically Forwarded Email Policy

Purpose

To prevent the unauthorized or inadvertent disclosure of sensitive company information.

Scope

This policy covers automatic email forwarding, and thereby the potentially inadvertent transmission of sensitive information by all employees, vendors, and agents operating on behalf of (^Company^).

Policy

Employees must exercise utmost caution when sending any email from inside (^Company^) to an outside network. Unless approved by an employee's manager InfoSec, (^Company^) email will not be automatically forwarded to an external destination. Sensitive information, as defined in the Data Classification and Protection Policy, will not be forwarded via any means, unless that email is critical to business and is encrypted in accordance with the Acceptable Encryption Policy.

Policy Compliance

Compliance Measurement

The Infosec team will verify compliance to this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.

ExceptionsAny exception to the policy must be approved by the Infosec team in advance.

Non-ComplianceAn employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

Related Standards, Policies and Processes

Acceptable Encryption Policy
Data Classification and Protection Policy

Definitions and Terms

The following definition and terms can be found in the SANS Glossary located at:

https://www.sans.org/security-resources/glossary-of-terms/

Email
SMTP
Forwarded Email
Sensitive Information
Unauthorized Disclosure

Want a Policies & Procedures Wiki like this? Sign up and try Staff.Wiki by clicking here.

Next Topic:

v6.0.0.14090
Up Since 4/12/2024 11:49:28 PM

Change/Review Log
Date	Version	Initiated By	Approvers	Event
2/9/2022	1.0	juliehoang@workflowfirst.com		Initial Submission
SHOW ALL ENTRIES