- archived -

Re: EMail Policies and Procedures

[ Follow Ups ] [ Archive ] [ Intranet eXchange ] [ IDM Home ]

In Reply to: EMail Policies and Procedures posted by Doug Solomon on April 28, 1997 at 21:21:44:

Since this needs to be tuned to your environment I'll just provide a general outline. I would guess that since you require a comprehensive policy for E-Mail, chances are you have policy in place for many aspects of your employees activities, as we did.

Our E-Mail policy references three other policy manuals, our Employee Handbook with our general rules, Code of Conduct with our how you should act rules, and Data/Information Security with the rules on how you handle, use, and protect data and systems.

The bare essentials were:

1. Introduction

Why you have E-Mail and why we created this policy. Pretty standard policy stuff, company resources may only be used for company business and so on....We also covered the risk to our organization's image and business.

2. Categorically what it can and can not be used for.

This one requires some thought, E-Mail adds some new twists, especially when you consider attachments. We used this section to help educate users to the risks to their PC's and the companies data.

We also added things like no hate mail, no harassment of any form, no chain letters, no smut, no $$$ opportunity letters, no copy lists over 5000 without informing E-Mail administration, no attachments over size X, and so on.

We also covered what is allowed in attachments very specifically, we did not want our customer or corporate data being E-Mail all over the place.

Same on the incoming side, warning about virus scanning, references to policy on installing freeware or shareware, and so on.

We also ban the use of PGP or any other encryption method not approved by Information Security. (We could not lose the ability to audit.)

3. What could happen if you break the rules.

We did mention here or there that your employment could be terminated for misusing the email and we described the logs and audit trails to make it clear that there is no point in trying, you will get caught.

4. What to do if you have a problem.

Who to contact if you are being harassed, if you get hate mail, or get suspicious attachment, suspect abuse or whatever.

We send out a condensed version that contains only the references to the other policies in an e-mail when we turn on the account, they must agree to the policy before using it.

We have had very little problem with E-Mail mis/abuse, nothing near the problems with people surfing the Internet...

Bill

Follow Ups: