Policy
Resource Usage
Access to the Internet will be approved and provided only if reasonable business needs are identified. Internet services will be granted based on an employee’s current job responsibilities. If an employee moves to another business unit or changes job functions, a new Internet access request must be submitted within 5 days.
User Internet access requirements will be reviewed periodically by company departments to ensure that continuing needs exist.
Allowed Usage
Internet usage is granted for the sole purpose of supporting business activities necessary to carry out job functions. All users must follow the corporate principles regarding resource usage and exercise good judgment in using the Internet. Questions can be addressed to the IT Department.
Acceptable use of the Internet for performing job functions might include:
- Communication between employees and non-employees for business purposes;
- IT technical support downloading software upgrades and patches;
- Review of possible vendor web sites for product information;
- Reference regulatory or technical information.
- Research
Personal Usage
Using company computer resources to access the Internet for personal purposes, without approval from the user’s manager and the IT department, may be considered cause for disciplinary action up to and including termination.
All users of the Internet should be aware that the company network creates an audit log reflecting request for service, both in-bound and out-bound addresses, and is periodically reviewed.
Users who choose to store or transmit personal information such as private keys, credit card numbers or certificates or make use of Internet "wallets" do so at their own risk. (^Company^) is not responsible for any loss of information, such as information stored in the wallet, or any consequential loss of personal property.
Prohibited Usage
Information stored in the wallet, or any consequential loss of personal property.
Acquisition, storage, and dissemination of data which is illegal, pornographic, or which negatively depicts race, sex or creed is specifically prohibited.
(^Company^) also prohibits the conduct of a business enterprise, political activity, engaging in any form of intelligence collection from our facilities, engaging in fraudulent activities, or knowingly disseminating false or otherwise libelous materials.
Other activities that are strictly prohibited include, but are not limited to:
- Accessing (^Company^) information that is not within the scope of one’s work. This includes unauthorized reading of customer account information, unauthorized access of personnel file information, and accessing information that is not needed for the proper execution of job functions.
- Misusing, disclosing without proper authorization, or altering customer or personnel information. This includes making unauthorized changes to a personnel file or sharing electronic customer or personnel data with unauthorized personnel.
- Deliberate pointing or hyper-linking of (^Company^) Web sites to other Internet/WWW sites whose content may be inconsistent with or in violation of the aims or policies of (^Company^).
- Any conduct that would constitute or encourage a criminal offense, lead to civil liability, or otherwise violate any regulations, local, state, national or international law including without limitations US export control laws and regulations.
- Use, transmission, duplication, or voluntary receipt of material that infringes on the copyrights, trademarks, trade secrets, or patent rights of any person or organization. Assume that all materials on the Internet are copyright and/or patented unless specific notices state otherwise.
- Transmission of any proprietary, confidential, or otherwise sensitive information without the proper controls.
- Creation, posting, transmission, or voluntary receipt of any unlawful, offensive, libelous, threatening, harassing material, including but not limited to comments based on race, national origin, sex, sexual orientation, age, disability, religion, or political beliefs.
- Any form of gambling.
Unless specifically authorized under the provisions of section Personal Usage, the following activities are also strictly prohibited:
- Unauthorized downloading of any shareware programs or files for use without authorization in advance from the IT Department and the user’s manager.
- Any ordering (shopping) of items or services on the Internet.
- Playing of any games.
- Forwarding of chain letters.
- Participation in any on-line contest or promotion.
- Acceptance of promotional gifts.
Bandwidth both within the company and in connecting to the Internet is a shared, finite resource. Users must make reasonable efforts to use this resource in ways that do not negatively affect other employees. Specific departments may set guidelines on bandwidth use and resource allocation, and may ban the downloading of particular file types.
Software License
(^Company^) strongly supports strict adherence to software vendors’ license agreements. When at work, or when company computing or networking resources are employed, copying of software in a manner not consistent with the vendor’s license is strictly forbidden. Questions regarding lawful versus unlawful copying should be referred to the IT Department for review or to request a ruling from the Legal Department before any copying is done.
Similarly, reproduction of materials available over the Internet must be done only with the written permission of the author or owner of the document. Unless permission from the copyright owner(s) is first obtained, making copies of material from magazines, journals, newsletters, other publications and online documents is forbidden unless this is both reasonable and customary. This notion of "fair use" is in keeping with international copyright laws.
Using (^Company^) computer resources to access the Internet for personal purposes, without approval from the user’s manager and the IT department, may be considered cause for disciplinary action up to and including termination.
All users of the Internet should be aware that the company network creates an audit log reflecting request for service, both in-bound and out-bound addresses, and is periodically reviewed.
Users who choose to store or transmit personal information such as private keys, credit card numbers or certificates or make use of Internet "wallets" do so at their own risk.
Review of Public Information
All publicly-writeable directories on Internet-connected computers will be reviewed and cleared each evening. This process is necessary to prevent the anonymous exchange of information inconsistent with (^Company^) business. Examples of unauthorized public information include pirated information, passwords, credit card numbers, and pornography.
Expectation of Privacy
- Monitoring
Users should consider their Internet activities as periodically monitored and limit their activities accordingly.Management reserves the right to examine E-mail, personal file directories, web access, and other information stored on (^Company^) computers, at any time and without notice. This examination ensures compliance with internal policies and assists with the management of (^Company^) information systems.
- E-mail Confidentiality
Users should be aware that clear text E-mail is not a confidential means of communication. (^Company^) cannot guarantee that electronic communications will be private. Employees should be aware that electronic communications can, depending on the technology, be forwarded, intercepted, printed, and stored by others. Users should also be aware that once an E-mail is transmitted it may be altered. Deleting an E-mail from an individual workstation will not eliminate it from the various systems across which it has been transmitted.
Maintaining Corporate Image
- Representation
When using company resources to access and use the Internet, users must realize they represent (^Company^). Whenever employees state an affiliation to (^Company^), they must also clearly indicate that "the opinions expressed are my own and not necessarily those of (^Company^)". Questions may be addressed to the IT Department. - Company Materials
Users must not place company material (examples: internal memos, press releases, product or usage information, documentation, etc.) on any mailing list, public news group, or such service. Any posting of materials must be approved by the employee’s manager and the public relations department and will be placed by an authorized individual. - Creating Web Sites
All individuals and/or business units wishing to establish a WWW home page or site must first develop business, implementation, and maintenance plans. Formal authorization must be obtained through the IT Department. This will maintain publishing and content standards needed to ensure consistency and appropriateness.In addition, contents of the material made available to the public through the Internet must be formally reviewed and approved before being published. All material should be submitted to the Corporate Communications Directors for initial approval to continue. All (^Company^) pages are owned by, and are the ultimate responsibility of, the Corporate Communications Directors.
All (^Company^) web sites must be protected from unwanted intrusion through formal security measures which can be obtained from the IT department.
Periodic Reviews
- Usage Compliance Reviews
To ensure compliance with this policy, periodic reviews will be conducted. These reviews will include testing the degree of compliance with usage policies. - Policy Maintenance Reviews
Periodic reviews will be conducted to ensure the appropriateness and the effectiveness of usage policies. These reviews may result in the modification, addition, or deletion of usage policies to better suit company information needs.
Policy Compliance
Compliance Measurement
The Infosec team will verify compliance to this policy through various methods, including but not limited to, business tool reports, internal and external audits, and feedback to the policy owner.
Exceptions
Any exception to the policy must be approved by the Infosec Team in advance.
Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Additionally, (^Company^) may at its discretion seek legal remedies for damages incurred as a result of any violation. (^Company^) may also be required by law to report certain illegal activities to the proper enforcement agencies.
Before access to the Internet via company network is approved, the potential Internet user is required to read this Internet usage Policyand sign an acknowledgment form (located on the last page of this document). The signed acknowledgment form should be turned in and will be kept on file at the facility granting the access. For questions on the Internet usage Policy, contact the Information Technology (IT) Department.