When you lay down a law, make sure it is not disobeyed
The Art of War

Preface

The Internet Acceptable Use Policy (AUP) should be a part of a clearly communicated corporate strategy with employees. In an environment where users require freedom and flexibility in using Internet applications such as instant messaging and Google, the AUP states and enforces a desired acceptable use; namely that the Internet is to be used to further the company's business and improve customer service and not for personal entertainment or gain. Enforcing the AUP is made possible by a specialized system developed by Fidelis Security Systems that monitors information traffic on all channels.

Definitions

Digital assets

• Customer Lists
• Trading information with customers and suppliers
• Proprietary pricing and methods
• Credit cards
• Strategic marketing plans
• Documents marked as 'Classified' or 'Confidential'

Ownership of digital assets

The firm stakes claim to all digital assets generated, copied, processed, and stored by staff during the course of employ. This includes digital assets stored on personal workstations, removable devices, hosted servers, office servers and transferred using an Internet communications channel or a removable USB device.

Internet channels

Internet channels are a means of sending or receiving company messages, files and digital assets. Channels include all Internet TCP/IP protocols. Typical channels are:

• Email (SMTP, POP3)
• Web (HTTP) and .NET (XML Web services).
• Web applications such as OFC, E-Groupware and Rap Net 99
• Instant messaging, P2P applications such as Skype and Kazaa

Acceptable use of PC and network

Physical Security

The staff is required to maintain and protect the physical security of digital assets, i.e. protecting mobile devices such as notebooks, PDAs, USB storage devices and smart phones from being lost or stolen. For example don't put a notebook on an airport conveyor belt unattended or leave a smart phone on your desk unattended.

Password security

The staff is responsible to maintain secrecy of workstation and server passwords. For example: passwords should not be written down on Post-IT notes stuck to a desk or PC. Passwords should be changed immediately if any staff feels that the secrecy is in question.

Personal activities

The firm discourages the use of systems for personal activities. The firm reserves the right to charge staff (at commercial rates) for abuse of corporate systems.

Acceptable use of bandwidth

The staff will not use nor provide video streaming or peer-to-peer file sharing services.

Privacy

Certain staff members may have access to personal records of employees, customers, suppliers and business partners and will not leak or steal these digital assets.

Acceptable Use of Internet channels

• Maximum size of attachments 4mb., Other files need to be delivered in a different manner
• No toolbars to be installed in browswers including Google and MSN
• No use of internet for tickers (such as sport scores, ie high bandwidth usage)
• No use of Internet radio
• No uploading or downloading for personal use (like photos to shutterfly)
• Email: Be careful with the TO: and CC: fields in email. Email messages should not be forwarded to people who are not privy to the subject matter of the email. When sending email to distribution lists and groups in the firm directory, make sure that the entire group needs to see the message.
• Email attachments: Delete email before reading from people you don't know or email with attachments whose content is unfamiliar or unexpected.
• Click here: The staff will not download software or other content by clicking on a link on a Web site. If a staff member needs a particular software application, a request should be sent to the network manager or other person in charge.
• Abusive content: The staff will not be a willing originator of abusive or discriminatory content by mail, Web, IM or any other online channel.
• Phishing: Do not respond to emails asking you to click on a link in order to update personal account information. Never register at Web sites with your corporate email account.
• Data leakage: The staff will not deliberately leak or steal company digital assets.

Enforcement

• The firm reserves the right to terminate employment for any staff who violates this Acceptable Use Policy. Grounds for termination will be deliberate distribution of abusive content, deliberate leakage of digital assets without proper authorization, disclosure of information to a third party not constrained by a NDA (non-disclosure agreement), impersonating another person, aiding a hacker or initiating or participating in a denial of service attack.
• In order to enforce the AUP, the firm will monitor Internet channels.

Acceptable Use Policy Agreement

The following is a suggested AUP agreement signed between the company and each of the employees.

I hereby state that I have read and understood the Acceptable Use Policy and as a condition of my employment I agree to accept and bide by the principles, behavior and policies outlined.