IT Employment

General discussion


Computer/Internet Usage Policy

By mpd881 ·

I'm not in management, but my bosses want me to come up with a good computer/internet usage policy. Any ideas where a guy can find some good guidelines/templates/examples to help with this daunting task?

Thank you in advance.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Try our downloads center

by Jay Garmon Contributor In reply to Computer/Internet Usage P ...

We have several titles in our Downloads Center, including:

-Authorized downloads and executables policy
-Peer-to-peer file-sharing policy
-IM Policy template
-Virus protection policy
-Internet usage policies

You can reach the Downloads Center from the TR home page, and then perform a search for any of the titles I listed above.

However, if you are really serious about designing a custom policy tuned to your specific situation, I recommend you get a copy of our "IT Professional's Guide to Policies and Procedures, Third Edition," which is available in our Books & CDs page, linked off the front door.

Collapse -

That was some good advice above

by HAL 9000 Moderator In reply to Computer/Internet Usage P ...

But even with the best documents you still need to follow some common sense. These are I suppose Business computers connected to a Business ISP and should be treated as such. So just make up the rules that you think need to apply in this position rather than going at things like a bull in a china shop.

What you have to remember is that as a company computer-network it is the company rather than the individual user who will bear the consequences of any improper use of the system. Most companies do not object to the occasional incoming/outgoing personal e-mail or the odd look for something provided it doesn't take too long. But quite rightly there are some sites that should never bee visited under any circumstances and here it isn't the slightest bit important if it is during working hours or after hours or at lunch time when the person isn't paid to work.

Remember that just because they are provided with a terminal for their work doesn't mean it is their property it always remains Company Property and as such it is the company who carries the responsibility when something goes wrong.

Also it should be included in any Internet Usage Policy of any company that all Incoming/outgoing e-mails are recorded and may be looked at as well as internet usage. Whatever else is put on paper this is necessary even if never followed by the company at least by making it known from the very start you are letting the people involved know where the line is drawn.


Collapse -

Identify the stakeholders

by JamesRL In reply to That was some good advice ...

Through sometimes bitter experience, you will find that you can't put anything in a policy until you get agreement from all the stakeholders. IT Security will want to have a say. HR should be involved. There may be multiple players in other departments.

At the end of the day, not only do you have to have policies, but you have to have clearly defined roles - who enforces the policy(not IT hopefully - HR should be the one telling someone's manager about policy violations), what the consequences are, the escalation etc.

I have seen good policies killed by indifferent line management or HR people who were not fully bought in to the idea.

You can probably get everyone in a room and do some brainstorming.

One good idea that has been effective is to make everyone sign the doc acknowledging the policy and have all new users sign the policy before granting them network access.


Collapse -

James every good or for that matter bad

by HAL 9000 Moderator In reply to Identify the stakeholders

Computer usage police is a collaborative effort of various parties in the business. The bigger the business the more compromises that have to be made like the CEO who wants to access the company network from his/her home computer which has no security what so ever on it and is an open gateway into the system.

While it is one thing to get the policy in place and the bigger the company the harder it is to get any form of consensus. It is a totally different matter in Policing the policy as you quite rightly said it should be the HR department who Polices the stated policy as this isn't the job of the IT section. The most that the IT section should be involved in policing the policy is in observing/logging the traffic and if there is any abnormal items which pop up it should then be passed onto the HR department for the appropriate action whatever that may be.

Conversely the smaller the company the easier it is to get a "Policy" in place but then it will be the IT staff who carry the main responsibility in Policing the Policy {as if we already don't have enough to do.}

While I was only speaking in very general terms above as I really don't know what type of business is involved here and who will be responsible for Policing any policy that is finally put in place. Similarly there will always be unforeseen things that occur that are not covered by any Policy no matter how good it originally was but the very least that should be done is to make everyone involved in using a workstation with Internet connectivity aware of the fact that every thing that they do is monitored and can be used against them if they do anything that could adversely affect the company in question.


Related Discussions

Related Forums