Are you an IT manager with the task of working up policies for the way your organization’s employees use their computers for e-mail and the Internet? TechRepublic can help you write the consummate policy.

Two of our most popular downloads address e-mail, Internet use, and security-related policies. Several TechRepublic members contributed copies of their policies that you can use as a template for your own. You can get them by clicking on these links:

  • Our updated list of e-mail and Internet use policies for your enterprise“: Should you allow your employees to send and receive personal e-mail at work or monitor the Web sites they visit? Download this report for a selection of acceptable-use policies submitted by TechRepublic members.
  • Information Security Policy“: This download is a sample policy on information security that covers software, downloading from the Internet, computer viruses, access codes, physical security, and licensing.

In this article, we’ll discuss how these downloads and articles have been helpful to other IT managers who are developing security and usage policies.

E-mail and Internet abuse can rock your world
Internet usage policies are quickly being adopted following numerous media reports concerning e-mail and Internet abuses in the workplace. Organizations are trying to protect themselves and their employees by establishing guidelines for appropriate employee behavior.

When you download “Our updated list of e-mail and Internet use policies for your enterprise,” you’ll find samples of e-mail and Internet usage policies from the following four companies:

The documentation from Gerontology Network is particularly valuable because it includes company policies on cell phones, telecommunications, network, and PC use.

Having a policy can protect you and your company when an employee abuses his or her e-mail privileges at work, according to Joyce Graff, vice president and research director for electronic mail for Gartner in Stamford, CT. (TechRepublic is a subsidiary of Gartner.)

It is important, Graff said, to make sure employees are aware of the policies and that they are constantly reminded that the policies exist. If employees abuse the policies, they should face disciplinary actions and possibly termination.

“If you lay that out, then you’re less likely to get into trouble, because there have been suits where employees said, ‘I didn’t know that’ and, ‘We expected this was our private account,'” Graff said. “It’s generally not held up in court, but you can get yourself out of that whole argument if you have a policy and especially if you have the employee’s signature on that policy.”

You can read more of Graff’s comments, and comments from others, in “Liability@work: What’s your corporate e-mail policy?

What about access codes and passwords?
What about computer viruses that often are received through e-mail? How about unregistered or unauthorized programs? Do you have policies that deal with physical security and access codes and passwords?

IS manager Henry Dumas of Hano Document Printers in Springfield, MA, provided TechRepublic with his company’s guidelines for all of these issues in “Information Security Policy.”

Dumas’ policy covers both the employees’ and the organization’s obligations concerning:

  • Internet and e-mail
  • Computer viruses
  • Access codes and passwords
  • Physical security
  • Copyrights and license agreements

If you are just putting together a policy, these two downloads can get you started. If you already have policies in place, compare yours to these and see if you can improve them.
What has been your experience with employees and IT-related policies? Are they effective or ignored? Start a discussion below or send us a note.