Dear Jidaw,
Subject: POLICY ON INTERNET/INTRANET/EXTRANET
What are the likely things to consider when articulating
a corporate policy on the above?
Your suggestions will be highly appreciated.
DP
Reply:
Dear DP,
Thanks for your mail and here are some key points
to note.
Establishing an Internet policy to manage Internet,
Intranet and Web use needs to be a corporate priority.
Your corporate policy on Internet/Intranet/Extranet
should be thorough and reflect corporate strategy for this computing
environment and associated facilities. Policies should be written to
be applicable to all scenarios within the organization. An Internet
policy should include everything from the adoption and use of technology,
as well as training issues.
The purpose of the policy must be stated in an introduction.
The scope of the policy as to who and what facilities
should be clearly defined. This policy statement should provide specific
instructions on the ways users would use facilities that are made available
to them.
The policy should include:
1. Conditions of use: Permitted uses and activities
/ Prohibited Uses and activities, i.e. Rights and Privileges, Privacy
rights, confidentiality, etiquette (professional and appropriate language),
public representations on the internet, Network monitoring, data and
application ownership, email retention, company's right to monitor,
executable graphics and/or programs, downloading, visiting pornographic
sites, sending abusive e-mail messages, personal email accounts, passwords,
appropriate use of software, systems, equipment, editorial control,
copyright. Specific procedures / controls / confirmations on downloads
data and application ownership, procedure for non-company users, appropriate
use of equipment, e-mail, and the Internet, user account and password
management and selection guidelines, security awareness training and
testing, incident reporting, and virus handling.
2. Responsibilities and accountability of users.
Separate user activities and accountability. The policy should have
clear lines of authority and responsibility.
3. Violations – how are they treated and managed?
Processes include: Disciplinary process, policy enforcement process,
policy breach response process. These processes should allow you to
Correct, Alert and Audit.
4. Signing off of policy agreement by all users.
5. There should be a contact point for questions
about the policy.
6. It may be appropriate to include a section for
definitions of the terms used in the policy.
7. There must be policy awareness. Since all Internet
users are expected to be familiar with and comply with these policies,
it should be accessible to all concerned.
I hope you have found this useful. These guidelines
are by no means an exhaustive list of what should be in your corporate
Internet policy, but they are the foundation you should use to create
an effective Internet / Extranet / Intranet policy.
All the best with your policy formulation,
Jide Awe
Jide Awe is the Publisher of Jidaw.com.
For more coverage and information related to this
topic, head to the IT Articles and Management Resource Center:
http://www.jidaw.com/articles.html
more on:
Free IT Career Empowerment Seminar (Closing the empowerment
gap)
More on the:
Free Career Empowerment Seminar
