Sample Corporate Acceptable Use Policy
Many thanks to Dshield.org for providing the initial framework. The following is not intended for use unless first reviewed by organization's attorneys. It is quite restrictive and should be considered in its entirety prior to implementation.
Our recommendation for implementation is to issue the AUP as a policy memo to existing employees. New employees should sign the AUP as part of their pre-employment package.
"Company"
Acceptable Use Policy
The purpose of this policy is to outline the acceptable use of Company's IT resources. These policies are in place to protect the employee and Company.
The objectives are threefold:
1. To protect Company's networks and equipment.
2. To reduce the Unsolicited Commercial Email " Spam" that is flooding Company's mail server.
3. To protect Company and its employees from activities that might expose them or Company to legal action.
"Company's resources", as used herein, is defined as comprising all computer equipment, including peripherals, that is owned, used or leased by Company or its affiliates as well as Company's networks, servers and off-site services that Company subscribes to.
The connection of any device, regardless of ownership or purpose, to any of Company's resources shall constitute use of Company's resources.
The policy extends to the use of any Company email account or subscription account provided to Company by any third party.
While Company 's Administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the company's resources, or while utilizing Company's resources, remains the property of Company. Management cannot guarantee the confidentiality of information stored on any computer device belonging to Company or connected to Company's resources.
Employees are responsible for exercising good judgment regarding the reasonableness of personal use.
For security and network maintenance purposes, authorized individuals within Company may monitor equipment, systems and network traffic at any time. Company reserves the right to audit networks and systems on a periodic basis to for any business purpose.
Passwords must remain secure and personnel are expressly prohibited from sharing accounts. Authorized users are responsible for the security of their passwords and accounts.
All PCs, laptops and workstations should be secured with a password protected screen saver with the automatic activation feature set at 10 minutes or less, or by logging off when the system will be unattended.
Company email accounts are provided for business related communications. We permit employees to provide their Company email address to known friends, family and associates. The use of Company email addresses for all other purposes is prohibited.
Any equipment that is connected to Company's networks must be approved by Company's IT Manager. Approval will be withheld unless there is an active anti-virus program running on the equipment with current anti-virus definitions. This anti-virus software is available from the Company's IT Manager.
Under no circumstances is an employee authorized to engage in any activity that is illegal under local, state, federal or international law while utilizing Company's s resources.
The following activities are expressly prohibited:
Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of "pirated" or other software products that are not appropriately licensed for use or the duplication or transmission of copyrighted or otherwise protected materials. This provision applies to materials that are considered "Company Confidential."
The use of any peer-to-peer file sharing software including, but not limited to, KaZAA, Grokster or Morpheus.
The use of any IRC or messenger software including, but not limited to AOL or other " Messengers", IRC or "chat" clients.
Unless specifically business related, posting or subscribing to newsgroups, on-line discussion boards or email list groups from Company's facilities.
Posting or subscribing to newsgroups, on-line discussion groups or email lists using a Company email address unless required for reasonable business purposes.
Participating in any on-line chat unless specifically required for business purposes.
Revealing your account password to others or allowing use of your account by others. This includes - but is not limited to - family and other household members when work is being done at home.
Using Company's resources to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws.
Effecting disruptions to, or interfering with, any other computer or network.
Sending unsolicited commercial email "spam," junk mail or any form of advertising.
Using any form of network monitoring which will intercept data not specifically intended for the employee unless this activity is a part of the employee's normal job responsibilities.
Circumventing user authentication or security of any host, network or account.
Providing information about, or lists of, Company's employees, customers or potential customers to any third party.
Unauthorized use, or forging, of email header information.
Connecting to the Internet, or sending email through, an anonymous proxy server or similar conveyance designed to obfuscate the user's identity.
Creating or forwarding "chain letters", "Ponzi" or other "pyramid" schemes of any type.
Installing any software that is not approved by Company's IT Manager.
This policy may be changed at any time, without prior notice, at the sole discretion of Company. Any changes will be provided to Employee in writing and shall have the full force and effect as if originally incorporated herein.
Employee's breach of this policy shall be grounds for disciplinary action and may result in termination of employment.
Company's failure to enforce any provision or provisions shall not operate to invalidate Company's rights to enforce any of the provisions of this policy including subsequent changes.
Should any provision of this policy be deemed invalid it shall not effect nor invalidate any other provision.
By my signature, below, I affirm that I have read, understand, agree to comply with and have received a copy of this Acceptable Use Policy.
Take the Boulder Pledge: DON'T SUBSIDIZE CRIMINALS
Some of Our Partners:
