Corporate Internet Policy

This article includes a complete corporate internet policy which you can download for free by signing up for QA Solutions free weekly E-zine. Then you can edit it to meet your company preferences.

Your company must consider equipment and information in any form as an asset and thus must be properly used and adequately protected. This includes the primary usage of company provided internet and intranet connections for business purposes.

Without a Corporate Internet Policy, your company could experience severe non-business abuse potentially resulting in embarrassment and / or trauma resulting in up to and including system unavailability.

Special note and refrain should be paid to the downloading of "freeware" and "shareware" which cause a dramatic increase in the likelihood of a computer virus, worm, or Trojan Horse attack.

Whether you take the hard-line approach or a softer approach, you still need published a Corporate Internet Policy to state company position / expectations for all, and to have a leg to stand on legally for the habitual abuser.

Internet Usage Risks

Following is a quick summary of some of them:

• Legal Liability - To have a leg to stand on at all companys need to, at a minimum, publish guidelines regarding the usage of their company provided Internet connections. If not, usually employers rather than employees, who come up short at court proceedings initiated by an ex-employee as a result of being released due to chronic Internet abuse.
• System Unavailability - Personal / non-business usage which involves the downloading of "freeware" and "shareware" cause a dramatic increase in the likelihood of a computer virus, worm, or Trojan Horse attack. This more than likely would create deteriorating response timeor, even worse, total system unavailability.
• Detrimental Resource Usage - Personal / non-business usage consisting of downloading large files, e.g., videos, pictures, etc. use substantial network bandwidth and disk space, which results in a reduced availability of these resources for business related needs.
• Lost Productivity - Surveys indicate that the majority of employees use company provided Internet connections for personal use. This may cause an impact on network bandwidth.
• Harm to Reputation - This can happen via access to pornographic or inappropriate material, or participating in "chat" rooms or "blogs".
• Confidentiality Violations - This can include the divulging of closely guarded company information via participation in "chat" rooms or "blogs", accidentally or on purpose.

Corporate Internet Policy

You can manage the above noted risks formally by publishing a Corporate Internet Policy  Following are some of the positives that can begin to result from publishing your policy:

• Greatly improved Internet Usage focus
• Fewer Internet Usage incidents
• Fewer audit concerns / comments
• Greatly improved business focus
• Reduced legal risk
• Delivery of best practice information to employees
• Enhances the professional perception of your business

Below starts the Corporate Internet Policy

Corporate Internet Policy Background

The company provided Internet connection is intended to be used primarily for business purposes. Any personal use must not interfere with normal business activities, involve solicitation, be associated with any for-profit outside business activity or potentially embarrass the company. Users are expected to act responsibly and in the company’s best interests whenever they use the company provided Internet connection.

Use of the Internet, as well as other company provided capabilities, tools, and assets, should be limited to situations related to work assignments. It is never acceptable to use company equipment to access or create material that is illegal or inappropriate. If in doubt, consult your manager.

The company encourages its departments to use the Internet to disseminate information to the public and its employees (collectively called "users") to improve communications with the public, and to carry out official business when such business can be accomplished consistent with the following: 1)  Use the Internet to accomplish official company business consistent with the company's mission, 2)  Company business conducted via the Internet shall comply with all statutory requirements as well as standards for integrity, accountability, and legal sufficiency, and  3) Company business conducted via the Internet should meet or exceed the standards of performance for traditional methods (such as meetings, use of telephone, etc.).

Scope Applies To

1. All Internet services provided, owned, or funded by the company.
2. All users and holders of company Internet accounts, regardless of intended use.

Scope Does Not Apply To

1. E-mail.
2. Voice Mail.
3. Audio and Video Conferencing.
4. Facsimile messages.

Indemnification of the Company

Users agree by virtue of access to the company's computing and Internet systems, to indemnify, defend and hold harmless the company for any suits, claims, losses, expenses or damages, including but not limited to litigation costs and attorney's fees, arising from or related to the user's access to or use of company Internet and computing systems, services and facilities.

Specific Usage Criteria

1.   Internet services are extended for the sole use of company staff, and other appropriately authorized users to accomplish tasks related to and consistent with the company's mission. Company Internet systems and services are company facilities, resources and property. Any Internet account assigned by the company to individuals or functions of the company, is the property of the company.

2.   When an individual's affiliation with the company ends, the account will be terminated.

3.   If you are using information from an Internet site for strategic company business decisions, you should verify the integrity of that information. You should verify whether the site is updated on a regular basis (the lack of revision date might indicate out-of-date information) and that it is a valid provider of the information you are seeking. Just because the site exists does not mean that the information is accurate or valid. The company has no control or responsibility for content on an external server not under our control. Therefore, information may be offensive and/or unsuitable for dissemination.

Usage Restrictions

The following require strict adherence. Any infraction thereof could result in disciplinary action. Disciplinary actions range from verbal warnings to termination; the severity of the infraction governs the severity of the disciplinary action.

a.  Internet use is restricted to "official company business". Authorization for Internet access must be obtained through the IT department. Once authorization is approved you are responsible for the security of your account password and you will be held responsible for all use or misuse of your account. You must maintain secure passwords and never use an account assigned to another user.

b.  Hacking is the unauthorized attempt or entry into any other computer. Never make an unauthorized attempt to enter any computer. Such an action is a violation of the Federal Electronic Communications Privacy Act

c.  Never copy or transfer electronic files without permission.

d.  Downloading a file from the Internet can bring viruses with it. Scan all downloaded files with company standard virus prevention software.

e.   Never send, post, or provide access to any confidential company materials or information.

Personal Use

For the purpose of this Corporate Internet Policy, Company internet services may be used for incidental personal purposes provided that such use does not:

1.  Directly or indirectly interfere with the company operation of computing facilities or Internet services.

2.  Interfere with the Internet user's employment or other obligations to the company.

3.  Violate these guidelines/policy, or any other applicable policy or law, including but not limited to use for personal gain, conflict of interest, harassment, defamation, copyright violation or illegal activities.

Violations

Suspected or known violations of this corporate internet policy or law should be confidentially reported to the appropriate supervisory level for the department in which the violation occurs. Violations will be processed by the appropriate company authorities and/or law enforcement agencies. Violations may result in revocation of Internet service privileges; Code of Conduct proceedings; disciplinary action up to and including dismissal; referral to law enforcement agencies; or other legal action.

Internet Usage Best Practices

Your support of the following a corporate internet policy best practices will assist us in providing you with fast and reliable Internet service:

• Respect the business purpose for which computers and access to communication network(s) has been granted.
• Use the computer resource capabilities in a manner that minimizes cost to the company while maximizing value for company business purposes.
• The company may report any violation of local, state, federal, or international laws to the appropriate authorities. Misuse of external networks in violation of these guidelines and/or other company policies may result in termination of employment and/or criminal penalties, including imprisonment and fines.

• Do not access or transmit any obscene, lewd, or pornographic material. This is strictly prohibited.
• Do not download any "shareware" or "freeware" without explicit authorization due to the potential negative consequences to company computing resources, i.e., viruses, worms, Trojan Horses, resulting in system unavailability.
• Abide by all applicable laws and regulations, e.g., copyright and software licensing.
• Protect all company information according to the provisions of the company Information Security Policy.