Information Technology Policies and Procedures
|
Name: |
____________________________________ |
Signature: |
____________________________________ |
Date: |
____________________________________ |
Policy Purpose:
To outline information systems policies for NAME OF AGENCY GOES HERE (hereinafter referred to as "AGENCY NAME").
Policy Statement:
The corporate information systems, data, and computing assets, which include but are not limited to computers, computer networks, printers, and other related pieces of equipment and/or systems, are the property of AGENCY NAME and are valuable corporate assets.. Individuals using and having access to these corporate assets must take reasonable and prudent steps to preserve the integrity of the systems and their data and to protect the assets. These assets are to be used for appropriate business-related functions only.
All communications emanating from AGENCY NAME or made and transmitted within AGENCY NAME shall be professional in nature as they represent the corporation, its employees, board of directors, and those individuals it serves
Policy Acknowledgment:
Prior to the use of AGENCY NAME data and telecommunication systems, the employee or company/individual hired by AGENCY NAME is required to read AGENCY NAME corporate information policies and sign an acknowledgment statement.
Policy Guidelines:
Corporate information assets include but is not limited to the hardware, software, and data that make up the client workstations, local area networks, wide area networks, and telephone and other communication systems. All information services (IS) acquisitions and must go through a certification process managed by the information services group, accordingly all changes, modifications, and alterations to computing assets must be made by the IS group.
Violation of policy or misuse of corporate assets is subject to disciplinary action up to an including termination. Failure to report violations in policy in itself constitutes a violation in policy and is therefore subject to disciplinary action.
These policies are intended to augment existing State, Federal, and copyright laws. Failure to comply with applicable State, Federal, or copyright laws is considered a violation in policy and subject to disciplinary action up to and including termination and may be subject to criminal prosecution.
Rights Reserved by Corporation:
AGENCY NAME reserves the right to monitor, audit, screen, and preserve data as AGENCY NAME deems necessary in to maintain compliance with corporate policy. Any dissemination, unauthorized use or benefit from this may result in disciplinary and or legal action being taken
Potential Disciplinary Action:
Failure to comply with AGENCY NAME policy may result in disciplinary actions including but not limited to the loss of applicable corporate privileges or more severe disciplinary actions including employment termination.
Authorized By: |
____________________________________ |
Revision Date: |
____________________________________ |
Authorization Date: |
____________________________________ |
Original Issue Date: |
____________________________________ |
Policy Purpose:
To outline physical and data security policies for AGENCY NAME.
Policy Statement:
Every employee or company/individual hired by AGENCY NAME is responsible for the corporate resources entrusted to them. Due diligence and care should be exercised to ensure the security and integrity of these corporate resources, including but not limited to corporate data and corporate information systems.
Policy Guidelines:
Reasonable and prudent steps should be taken to protect corporate data and corporate information systems. At no time should these steps be breached, evaded, bypassed, or circumvented.
Any action which breaches, evades, or circumvents these reasonable and prudent steps should be immediately reported to AGENCY NAME management. Failure to report these actions is a violation of policy and subject to disciplinary action.
Corporate data and corporate information systems should only be used as authorized by executive management and/or the security committee. Access to corporate data and corporate information systems should conform with an individual’s job function and/or description.
Data security and client confidentiality procedures are an indispensable and integral part of the information system policies and procedures followed at AGENCY NAME. These procedures may include but are not limited to the granting and prudent administering of passwords.
Corporate data must be protected from negligent and intentional damage. Recovery from this damage is imperative if AGENCY NAME is to operate without business interruption. The IS group shall develop, implement, and be responsible for redundant backup systems that ensure the safe and effective storage of critical corporate data. The IS group shall also develop and implement an anti-virus protocol meant to protect AGENCY NAME data and data systems from software that can damage or otherwise corrupt the agency's data and data systems.
Rights Reserved by Corporation:
Corporate data and corporate information systems are corporate resources and must be considered private. AGENCY NAME reserves the right to monitor its uses, audit policy implementation, and review the content of any files. Any dissemination unauthorized use or benefit from the use of this data may result in disciplinary and/or legal action being taken.
Potential Disciplinary Action:
Failure to comply with AGENCY NAME policy may result in disciplinary actions including but not limited to the loss of applicable corporate privileges or more severe disciplinary actions including employment termination.
Authorized By: |
____________________________________ |
Revision Date: |
____________________________________ |
Authorization Date: |
____________________________________ |
Original Issue Date: |
____________________________________ |
Policy Purpose:
To outline data ownership policies for AGENCY NAME.
Policy Statement:
The corporate information systems, data, and computing assets are the property of AGENCY NAME and are valuable corporate assets. All corporate data and corporate information systems are the property of AGENCY NAME. The (IS) manager assumes responsibilities for information maintained on the network and other central (IS) systems while the primary or assigned staff assumes responsibility for data maintained on the individual computer/workstation.
Policy Guidelines:
Information systems and all data associated with same are valuable corporate assets and the property of AGENCY NAME. Information systems and data which is accessed on the client workstation becomes the direct responsibility of the client user.
Critical information systems and their data should be stored using network backup facilities. Information stored on client drives is the direct responsibility of the individual using the client. Therefore, individuals with corporate data must regularly back up their client drives.
Information stored, maintained, or accessed on individual computers that is in violation of any state or federal laws, including but not limited to copyright laws, will be construed as a violation of these policies.
Corporate data and corporate information systems should only be used as authorized by AGENCY NAME management. Access to corporate data and corporate information systems should conform to an individual’s job function and/or description. Release of data should be in compliance or in keeping with corporate, client, funder confidentiality policies. Violations of this policy must immediately be reported to AGENCY NAME management.
Rights Reserved by Corporation:
The corporate information systems, data, and computing assets are the property of AGENCY NAME and are valuable corporate assets and must not be considered private. AGENCY NAME reserves the right to monitor its use, screen, and audit policy compliance, and review the content of file (corporate or otherwise) maintained and/or accessed through AGENCY NAMEs' network. In addition, network backup device and client drives, or client backup device is also subject to this audit/screening.
Any dissemination, unauthorized use, or benefit from this access may result in disciplinary action and/or legal action taken.
Potential Disciplinary Action:
Failure to comply with AGENCY NAME policy may result in disciplinary actions including but not limited to the loss of applicable corporate privileges or more severe disciplinary actions including employment termination.
Authorized By: |
____________________________________ |
Revision Date: |
____________________________________ |
Authorization Date: |
____________________________________ |
Original Issue Date: |
____________________________________ |
Policy Purpose:
To outline Internet and Internet services policies for AGENCY NAME.
Policy Statement:
The Internet may only be used solely for purposes that benefit AGENCY NAME and that are directly applicable to an employee’s job function and authority.
Policy Guidelines:
The Internet or Internet connections shall not be used to transfer information that
is in violation of State, Federal, or copyright laws, or that or contradicts the intent or spirit of these policies or procedures
The Internet must not be used for commercial purposes outside those directly related to or benefit AGENCY NAME.
Access to a corporate Internet account is limited to those expressly authorized by AGENCY NAME.
The internet may be accessed only through an Internet service provider engaged by AGENCY NAME or another form of Internet access provided by AGENCY NAME. Accessing the Internet through a means other than that provided by AGENCY NAME is strictly prohibited.
The Internet may not be used to access other systems for which the user has no authorization.
Unauthorized Internet use must be immediately reported to AGENCY NAME management. Failure to report unauthorized Internet use is a violation of corporate policy and subject to disciplinary action up to and including immediate termination.
Rights Reserved by Corporation:
Internet access provided by AGENCY NAME is a corporate asset and may not be considered private. AGENCY NAME reserves the right to monitor, audit, screen, and review Internet use Any dissemination, unauthorized use or benefit as a result of this access may result in disciplinary action and/or legal action being taken.
Potential Disciplinary Action:
Failure to comply with AGENCY NAME policy may result in disciplinary actions including but not limited to the loss of applicable corporate privileges or more severe disciplinary actions including employment termination.
Authorized By: |
____________________________________ |
Revision Date: |
____________________________________ |
Authorization Date: |
____________________________________ |
Original Issue Date: |
____________________________________ |
Policy Purpose:
To outline electronic mail ("e-mail") policies for AGENCY NAME.
Policy Statement:
E-mail is a corporate asset and may be used solely for purposes that benefit AGENCY NAME and by authorized individuals.
Policy Guidelines:
E-mail is a corporate resource and may be used solely for purposes other than those that directly benefit AGENCY NAME.
E-mail may not be used:
in violation of Federal or State laws,
to provide corporate information or corporate performance information without prior written consent of management or Corporate Communications, or
to distribute material that contradicts or is in violation of AGENCY NAME policies,
to conduct personal business beyond what is reasonable and usual during the course of a business day.
E-mail can be used to solicit support for company-sponsored events and company-supported charities.
Access to e-mail is limited to those expressly authorized by AGENCY NAME.
Unauthorized e-mail use must be immediately reported to AGENCY NAME management. Failure to report unauthorized e-mail use is a violation of corporate policy and subject to disciplinary action.
Recognizing that use of the Internet, and in particular the content that can be printed and copied from it, can reflect negatively on the agency, use will be made of the Internet with the sole purpose of benefiting the agency.
Rights Reserved by Corporation:
E-mail resources and files are a corporate asset and must not be considered private. AGENCY NAME reserves the right to monitor its use and review the content of all messages and files on the e-mail system. Any dissemination, unauthorized use or benefit from this access may result in disciplinary actions and/or legal actions taken.
In addition to AGENCY NAME's access and use, E-mail information is also subject to review by law enforcement or government agencies; this information may be used and accessed during said investigative review.
Potential Disciplinary Action:
Failure to comply with AGENCY NAME policy may result in disciplinary actions including but not limited to the loss of applicable corporate privileges or more severe disciplinary actions including employment termination.
Authorized By: |
____________________________________ |
Revision Date: |
____________________________________ |
Authorization Date: |
____________________________________ |
Original Issue Date: |
____________________________________ |
Policy Purpose:
To outline voice communications equipment and voice mail policies for AGENCY NAME.
Policy Statement:
Voice communications equipment and voice mail may be used solely for purposes that benefit AGENCY NAME and that are directly applicable to an employee’s job function.
Policy Guidelines:
The voice communications equipment and voice mail systems are corporate resources and are not to be considered private. Use of this equipment is limited to those purposes that directly benefit AGENCY NAME. Voice communications include but are not be limited to cellular telephone, telephone, voice mail messages, or radio.
The voice communications equipment or voice mail system will not be used:
in violation of Federal or State laws,
to provide corporate information or corporate performance information without express consent of management or Corporate Communications, or
to distribute material or information that contradicts or violates the spirit of AGENCY NAME's policies,
to conduct personal business beyond what is reasonable and usual during the course of a business day.
The voice communications equipment and voice mail system must not be used for commercial purposes other than those authorized or which solely benefit AGENCY NAME.
The voice communications equipment and voice mail system may be used to solicit support for company-sponsored events and company-supported charities.
Access to the voice communications equipment and voice mail systems is limited to those expressly authorized by AGENCY NAME. Voice mail access will not be provided to individuals not specifically authorized for its use.
Unauthorized voice communications equipment or voice mail use must be immediately reported to AGENCY NAME management. Erroneous communications charges must be immediately reported to AGENCY NAME management and immediately investigated. Failure to report unauthorized use is a violation of corporate policy and subject to disciplinary action.
Voice communications and voice mail content must be professional in nature. Unprofessional and inappropriate use of voice mail including but not limited to the use of disparaging, discourteous, insulting, ethnic, harassing, or abusive language, or slanderous, defamatory, coercive, extortive content is strictly prohibited. Violation of this policy my result in disciplinary action up to and including termination. In addition, appropriate legal action may be taken.
Conversations conducted using corporate voice communications equipment and voice mail files are accessible and audited corporate asset and must not be considered private. AGENCY NAME reserves the right to monitor the use of voice communications systems and review the content of all messages and files on the voice mail system.
Prudent use of corporate voice communications equipment is expected; excessive or reckless charges may result in a loss of privileges or more severe disciplinary action.
Voice communications equipment phone number listings are published for internal use only. External requests for these listings should be immediately referred to AGENCY NAME management.
Rights Reserved by Corporation:
Voice communications equipment and voice mail systems are corporate assets and must not be considered private. AGENCY NAME reserves the right to monitor their use and review the content of all messages and files on the voice mail system. Any dissemination, unauthorized use or benefit as a result of this access may result in disciplinary action and/or legal action taken.
Voice mail information is subject to review by law enforcement or government agencies; this information may be provided as a result of an investigative request.
Potential Disciplinary Action:
Failure to comply with AGENCY NAME policy may result in disciplinary action including but not limited to the loss of applicable corporate privileges or more severe disciplinary actions including employment termination.
Authorized By: |
____________________________________ |
Revision Date: |
____________________________________ |
Authorization Date: |
____________________________________ |
Original Issue Date: |
____________________________________ |