Email Policy Electronic communication policy

Internet, E Mail and
Electronic Communication Policy

This policy is twenty-three (23) page in length, is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and covers:

Appropriate use of equipment
Internet access
Electronic Mail
Retention of e-mail on personal systems
E-mail and business records retention
Copyrighted materials
Banned activities
Ownership of information
Security
Sarbanes-Oxley
Abuse

Included with the policy are forms that can be used to facilitate the implementation of the policy. Included are these ready to use forms:

Internet & Electronic Communication Employee Acknowledgement (short form)
E-Mail - Employee Acknowledgement (short form)
Internet Use Approval Form
Internet Access Request Form
Security Access Application Form

The WORD template uses the latest CSS style sheet and can easily be modified to conform to the style used in your enterprise policy manual.

Latest Policy News

Training supervisors on supporting staff improves productivity

February 9th, 2012

The demand to improve productivity has created a workplace environment of intense competition and increased stress for many. Paradoxically, these conditions often stymie organizational efforts to become more efficient and effective.

A new study offers a way to improve worker productivity - training direct supervisors to provide support. While it may seem a common-sense notion, many employers do not train supervisors on the necessity of support or on techniques to provide assistance.

In earlier studies, scholars have shown stress at the workplace (due to high job demands and low control) can cause workers to develop psychological strain that translates into physiological symptoms, such as headaches, stomach aches and fatigue.

When the boss offers support in the form of, for example, a lightened work load or stress management training, it is more likely to keep the worker from taking sick leave. This is because the worker feels more inclined to reciprocate the supportive treatment by keeping their work effort high.

Researchers determined that co-worker support early on, when the employee begins to experience workday stress, plays a role in reducing the physical effects of stress, thereby reducing the likelihood of even developing the need for sickness absence.
- more info

H-1B discriminates against US IT workers

February 3rd, 2012
H-1B workers are better educated than U.S. born workers and earn more. The report by two economists at the non-partisan Public Policy Institute of California, found that, on average, H-1B workers are about 10 years younger than U.S. born workers.

The report's findings concerning pay indirectly challenge beliefs about the H-1B program held by its backers. In a recent column in the Financial Times, it was argued that restrictions on the H-1B program protect "many high earners from skilled migrant competitors." He called the H-1B program "a subsidy for the wealthy," meaning well-paid IT workers.

But according to this study, the conclusion U.S. IT workers are a "privileged elite is wrong." The study found that the average annual earnings of H-1B workers are about 10% higher than the average annual earnings of U.S. workers, after adjustments for age, occupation and education.

The study is drawing reaction from those who see current H-1B policies as a detriment to U.S. workers.
- more info

Anonymous implements social media hacks

January 28th, 2012

Anonymous distributed links to specially crafted Web pages via its Twitter feed which was re-tweeted widely, and links also popped up on Internet Relay Chat rooms, Facebook, Tumblr and other social networking sites. Some of the links led to PasteHTML.com, a site that looks a little like the popular text-sharing site Pastebin frequently used by Anonymous to issue statements. A variation of this method allowed users to type in the IP address of target Web servers before the JavaScript code began executing.



Most of the links were obscured using URL shortening services such as bit.ly. Several Anonymous Twitter accounts have thousands of followers, and some gained "hundreds of thousands of new fans overnight" during the course of the campaign, according to Cluley.

The new method appears to have helped knock Universal Music and other sites offline during last week's Megaupload-revenge attacks
- more info

FedRAMP to drive cloud solution providers

January 14th, 2012
The Federal CIO Council released the security control requirements for the Federal Risk and Authorization Management Program (FedRAMP) - the new, innovative IT risk management program created to foster the adoption of cloud computing by the Federal government. FedRAMP provides a standardized approach to the security authorization process for cloud products and services, adopting requirements agreed upon by all Federal agencies and approved by the FedRAMP Joint Authorization Board (JAB). The security controls baseline is the basis for FedRAMPsstandardized approach to the security authorization process for cloud products and services. The release of the FedRAMP controls is the critical first step that to successfully launching FedRAMP.

FedRAMPs unified risk management process will evaluate IT services offered by vendors on behalf of Federal agencies, saving agencies from conducting their own risk management programs. By reducing duplicative risk management efforts, FedRAMP will enable Federal agencies to focus their evaluations of IT services on their agencys specific needs, as well as their privacy and security requirements. In the coming month, GSA will release the FedRAMP Concept of Operations, further detailing the processes for Federal agencies and CSPs to meet FedRAMP requirements.
- more info

IT job descriptions updated to meet all compliance requirements

January 7th, 2012

Internet and Information Technology Position Descriptions HandiGuide®

243 Job Descriptions and Organization Charts Sensitive Information Policy Compliance Agreement

The IT job descriptions contained within the Internet and Information Technology Position Descriptions HandiGuide^® were completed in 2012 and contains over 700 pages; in a new easy to read format; and, includes sample organization charts, a job progression matrix, and 243 Internet and Information Technology (IT) job descriptions.   The book also addresses Fair Labor Standards and the ADA, and sexual harassment. Each job description meets ADA standards and the position description is delivered in electronic format - word which is editable and PDF which is printed.

More...
- more info

Security ignored by younger employees

December 20th, 2011

Employees aged 18-30 tend to have lax attitudes about computer security and are more likely than their older ounterparts to ignore IT policies, according to a recent Cisco report.

About 61 percent of young employees surveyed by Cisco researchers feel corporate IT security isn't their responsibility and should be handled by their employer or the device manufacturer, the researchers wrote in the third installation of Cisco's "Connected World Technology" report. "Young employees" in this report included 1,400 college students polled between the ages of 18 and 23 and 1,400 professionals polled under the age of 30.

Seven out of 10 young employees polled also frequently ignore IT policies and 67 percent feel the IT policies on social media and device usage are outdated and need to be modified to "address real-life demands for more work flexibility," according to Cisco. The younger workforce has "different" expectations of what should be allowed at work, and over time these policies and restrictions may become a deciding factor in where they choose to work.



The Security Manual for the Internet and Information Technology is over 240 pages in length. The template is compliant with ISO 27000 (formerly ISO 17799), Sarbanes-Oxley, Patriot Act and HIPAA and includes a PCI DSS Audit program. All versions of the Security Manual template include both the Business & IT Impact Questionnaire and the Threat & Vulnerability Assessment Tool (both were redesigned to address Sarbanes Oxley compliance).   In addition, the Security Manual Template PREMIUM Edition contains 16 detail job descriptions that apply specifically to security and Sarbanes Oxley.
- more info

Meeting productivity improvement

November 22nd, 2011
Ideas to improve meeting productivity

Have agendas with goals objectives. It's considered bad business manners to send a meeting request without providing an agenda. When calling a meeting focus agenda on expressly stating the goal(s) of the meeting.
Replace the default 60-minute meeting time slot with a 20-minute meeting unit. For some inexplicable reason, people seem to naturally default to 60 minutes as the amount of time needed for a meeting. And while that may be the case in certain circumstances, it should not be the default position. In place of a 60-minute default time slot, adopt the 20-minute meeting unit. If a particular topic needs more time than that, it is up to the meeting organizer to convince the participants that two (or three, or four) meeting units of 20 minutes are necessary.
Have people stand during meeting. It is too easy to "waste time" when everyone is sitting.
Orient the meeting toward follow-ups and actions. Meetings produce lots of ideas and discussion. That's wonderful. But the real purpose of most meetings is to agree on next steps and actions. Keep a focus on targeted actions and your meetings will be productive. Allow them to become discussion forums for "important issues," and they will feel long and painful.
- more info

Security risk from easy access to user logon information

November 11th, 2011

Users have dozens of logins and passwords spread out across an equal number of sites and applications and it's no wonder the average user tends to forget their secret info. Even with a tried and true system for generating memorable but complex passwords, the formula could easily fall apart if you just can't remember it.

So rather than continually clicking the "Forget Your Password?" help link, folks are readily hiding login information around their computer station.

And given that there's little variety in those secret locations, "hiding" might be a stretch. Typically user passwords was somewhere on their desk in one of these easy-to-find locations.



The most common locations where folks hide their login information are:

Under the keyboard

Under the phone

Under the mouse pad

On the monitor

In the top drawer

Under the desk

In other words, you're not doing yourself any favors if your entire system is compromised by a casual, passing glance from someone outside your office window.

Instead of the highly visible Post-It note on the monitor, Janco Associats recommends secure password aggregators to keep your login information secure.
- more info

Is the death knell for Adobe Flash sounding

November 9th, 2011
Adobe Systems is ending development of its Flash plug-ins for mobile browsers, the company confirmed today. Instead, Adobe will focus on HTML5 and, to a lesser extent, its AIR runtime environment. Adobe says it will work on tools that convert Flash content and apps to HTML5 and AIR versions for use on mobile, rather than continue to develop its mobile Flash Player.

At the same time there continue to be reported problems with Adobe Flash with IE in the 64 bit environment along with the frustration of users with the Adobe Update process.

Adobe has been working on mobile Flash for years, but shipped an Android version only a year ago and on both HP WebOS and the RIM BlackBerry PlayBook tablet this summer. Apple has adamantly refused to allow Flash on iOS over performance concerns (though it does allow AIR), and Flash has also not appeared in the BlackBerry smartphone OS or in Microsoft's Windows Phone 7 despite Adobe's promises to do so.
- more info

How to terminate an employee

November 7th, 2011
When you are going to terminate an employee and have prepared property then you should follow these best practices. Terminations are one of the most difficult personnel issues managers have to deal with; it's easy to bungle them. Avoiding the following pitfalls will reduce your risk of a wrongful termination lawsuit.

Plan for the termination meeting - Winging a meeting with an employee you are firing is a bad idea. If you don't prepare what you're going to say to the employee, you could speak out of turn, and your comments could be the basis for a lawsuit.

What they're going to say during the meeting

What's going to happen after the meeting
Whether the employee will be allowed to collect his belongings from his desk, or whether the company will pack them up and send them to him
If the employee has company files at home, the manger needs to figure out how to get those files
Have in hand the employee's final paycheck and include pay for any unused vacation
Provide the employee with a COBRA notice so he knows how much it will cost to continue his health insurance.

Planning the details of the termination helps demonstrate respect for the employee. It shows you care enough about the employee to think about the questions and issues the employee will face.

Have two people present in the meeting other than the individual being fired. That way if you end up in litigation, it's not one person's word against the other. It's better to have a second person from the company who can indicate exactly what was said.

Be serious and do not joke about what is going to happen and do not treat it like a cattle call. Some employers who have to do large layoffs round up employees like cattle in a conference room and tell them all at once that they're getting pink slips. This disrespectful tactic breeds ill will among the affected employees toward their former employer.

Get to the point quickly - Managers should never start a meeting with an employee in which they're going to be terminated with pleasantries. It's cruel to mislead the person about the conversation," she says. Instead, managers should cut to the chase. "We're meeting today because your position has been eliminated' or 'because we need to let you go.'"

If the termination is due to the employee's poor performance, managers should have a line and stick to it, such as, 'We've discussed your performance several times. This job is no longer a good fit.'
If the employee is part of a layoff motivated by economic or financial circumstances, it's best to say something simple such as, 'Your employment is being terminated due to a necessary reduction in force. The reason we have to do a reduction in force is because of the tough economic climate,' and leave it at that.

Be truthful about the reason for the termination Managers who feel badly about having to lay off staff will sometimes try to soften the blow to the employee during the termination meeting. The manager might say, "We have to cut you, but it has nothing to do with your performance. You were a great employee, but I need to let you go, and it's completely and solely related to cost reasons".
Such non-truths become problematic when the decision to lay off the employee was in fact performance related. If that individual decides to file a lawsuit alleging he was fired because of his age, the company will respond to the claim by saying, 'You weren't fired for your age. You were fired because your performance was the lowest among the people we chose. The plaintiff will in turn respond, 'During my termination meeting, you told me my performance was great and that it had nothing to do with the reason for my termination.' That alone can make an employer liable.

Do not broadcast the termination news over social media. Today there are lawsuits and legal claims related to updates managers have posted to Facebook, Twitter or LinkedIn, in which they disclose details of employee terminations.

Offer employees a severance agreement in return for a release of all legal claims It helps the employee because it aids in their transition and doesn't preclude them from seeking unemployment insurance. From the employer's perspective, the severance agreements are important because the employee will release the employer of all claims related to or arising out of the employment -- if they accept the severance package. That will take care of tort claims, contract claims, discrimination claims and wrongful termination claims.
- more info