Home
Affiliations
Resources
Contact
Products A-Z
Products by Category
How to buy
On-LineStore.htm
Texas CISV Catalog

         E-Policy - What is it?

 

What is it?

E-policy is a corporate statement and set-of-rules to protect the organization from casual or intentional abuse that could result in the release of sensitive information, IT system failures or litigation against the organization by employees or other parties.


Why is it needed?
With the growth of e-mail usage and ease of access to the Internet, it is easy for employees to:

  • Send out documents that are confidential or copyrighted. These actions could be commercially damaging or may result in a legal process
  • Receive documents that are copyrighted. If these documents are not in the public domain, they could be seen as not being in your legal possession
  • Browse the Internet and be unproductive in their assigned role, and/or browse sites or join listservs that are unacceptable to the organization
  • Send around material, perhaps gathered from outside the company, that could lead to other employee action (e.g. jokes leading to sexual harassment charges)
  • Receive external documents containing viruses, which could harm or seriously damage your system and cause severe disruption to the organization
     

Be aware, technology is only part of the solution and can only help you enforce your policy.

Whose responsibility is it?
The responsibility for successful e-policy lies with both management and employees.

  • Management needs to decide what is appropriate to the organization, lay down a set of rules or guidelines (a policy) and inform all employees of this
  • Employees need to understand the risks to the organization and ramifications of not following the procedures laid down
     

The key to this is EDUCATION

What do you need to do to implement an effective E-policy?
 

  • Monitor messaging and Internet activity, prior to implementing a policy. Try to understand how your system is being used. This will enable you to focus on the key issues
  • Produce guidelines and a methodology of working that will define the organization's requirements for an e-policy
  • Get buy-in and participation from all senior management
  • Use your staff training set-up or Human Resources department to put together a formal education program for employees to make them aware of the issues and the consequences to the organization and its employees of policy breaches. This will result in a statement of acceptable behavior
  • Give employees an addendum to their contract, or add a section to the employee handbook, that lays out what they should and should not do and the consequences of contravening the rules
  • Ensure your employees understand how enforcement will take place, and have formal procedures for discipline and grievances
  • Monitor your system after implementation of a policy and make sure employees understand this is happening
  • Ensure you are not placing unrealistic expectations on your staff in the management of your system security. For example, if you are using e-mail encryption, ensure that key management is properly structured in personnel terms, not just left to a junior technician to manage
  • Measure your results

What do you need to be aware of?

  • Local laws - privacy laws and enforcing your e-policy
  • Viruses and use of e-mail attachments - the damage they can do, and how you can prevent them (at the desktop, server or gateway)
  • Copyright material - your company’s own trade secrets and copyright material as well as other company’s copyrighted material
  • Privacy – employees’ rights and expectations
  • Spoofing and Spamming - changes in laws; how offenders can be tracked down
  • Inappropriate content and/or inappropriate destination of e-mails - methods of enforcing and tracking this; the use of disclaimers
  • Inappropriate web browsing - methods of identifying this
  • Personal use of company equipment and wasting resources - using company e-mail addresses for personal mail; joining inappropriate listservs and newsgroups
  • Taking software or company material home (and vice-versa) - including illegal copying of software


"Some of this seems petty!…"
Perhaps, but with the electronic age, the internal office is changing rapidly. The concept of workgroups - where a group of co-workers on a project may reside in different countries or continents - is common business practice.

Whether you think tolerances in the UK are liberal or puritanical, they are very different from other countries. Political, sexual and religious beliefs and rights vary widely and cannot and must not be taken for granted. At best an inappropriate joke may cause offence, at worst it could lead to claims against your organization.

Laws vary from country to country and internet abuse is being taken very seriously, with legal action being taken against offending organizations and individuals.

Many of the above topics can be addressed by use of some form of technology, but the technology can only be used to enforce some beliefs - it is no use having a police force if there are no laws for them to uphold.

What technology do you need?
There are a number of software packages around to help you counter these points, but not all of these are addressed in one product. You will probably require software that can provide:

  • Virus scanning, preferably at your internet connector, but also at the desktop and mail server
  • Content monitoring – to check and/or block the content of incoming or outgoing e-mails
  • Location monitoring – to monitor and block e-mail access to and from certain addresses
  • Message system traffic analysis – to report on employee system usage

 

  Copyright 2003 Messaging Solutions LLC Last updated: 01/26/2008 04:32:38 PM -0700  |  Contact Info | Privacy Policy