General discussion

Locked

Creating a Acceptable Use Policy

By NetGeek84 ·
Hi,
I am currently working for a company as Systems Administrator Assistant. We have created this really nice Acceptable Use Policy that we want to get out and have everyone sign and have on record. Our overall manager that this Acceptable Use Policy is not important enough to go to our lawyer to read it over. Is there anyway to convince him otherwise.

Thanks

This conversation is currently closed to new comments.

52 total posts (Page 1 of 6)   01 | 02 | 03 | 04 | 05   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Quantify

by j.lupo In reply to Creating a Acceptable Use ...

Well, I am no expert in this area, but the one thing I have learned is to quantify why it should be done. Show how it will benefit the organization. That is the most likely way to convince your manager.

As I see it, intangible benefits do not easily translate to the bottom line. However, when making policy or changes you have to show how the bottom line is influenced (+/-). It is not easy, but necessary.

I am sure there are others that can provide examples. Since I don't know what your "Acceptable Use Policy" covers it is hard to come up with an example for you. In my case, I had to quantify why a certain internal coding standard should be changed and the cost of the change both with and without it to the exsting applications. The long term cost was worth the change, but the short term costs were not as far as management was concerned. The issue is still being debated, but is going to be implemented "soon". Good luck.

Collapse -

More info

by NetGeek84 In reply to Quantify

Thanks for your post that definatly will help. To elaberate a little more on the AUP it basically just gives employees the do's don'ts and repercussions for general computer use.
I will try to get a proposal together about how this can effect the bottomr line.
Another item I was thinking about was how critical is it for a lawyer to look over this policy. I mean the equipment is ours and employees are on company time so should anything we say (within reason of course) regaurding our equipment pretty much go. I believe it is a good idea but I have no clue about the law in this sort of scenario.

Thanks for your help
Mike

Collapse -

Legal issues

by j.lupo In reply to More info

Well you answered your own question to a degree. If you don't know the law that is why you want a legal opinion. In today's society people are sue happy. You need to make sure that whatever policy you put in place is worded correctly so people can't take it wrong and sue or file a greivence.

This may be another reason management is concerned about putting a policy in place. They may have been "burned" before.

You know, you might want to ask people in the company about ideas for the policy. Getting other people involved in its creation could create some buy-in from those that have to follow the policy. Which makes me think management doesn't want to follow it either and is resisting for that reason. Just a thought.

Good Luck.

Collapse -

Acceptable?

by bjorgensen In reply to Legal issues

It seems that the key word is "Acceptable". Acceptable to who - obviously the owners and the management. We began with a very simple policy: "Acceptable use is that which directly maintains and furthers the mission and goals of the corporation". As time has gone on, we have added the specific "Thou Shalt Nots" but only after submitting them to the employees. The "Thou Shalt Not" list serves as orientation describing specific wxamples that we consider to be inappropriate. We refuse to have the network jocks become policemen and have found that this simple statement makes things obvious to anyone. We only have to ask (in writing) a violator to write a brief memo describing how their misuse furthers our mission and goals.

Come on folks, there are certain responsibilities that go with a job - any job. If you want to cofify everything, go to work for the IRS.

Collapse -

Just computers?

by NI70 In reply to More info

Why not telephones, fax machines, and copiers too? These are company assests as well and sometimes can be abused like computers. Does your policy mention the Internet? Since you are talking about corporate computers have you thought about creating a logon warning banner? Create a Group Policy for your logon banner or a registry hack.

Here's the reg hack I've used. This will work with Windows 2000 Professional & XP.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"LegalNoticeCaption"=" !!!WARNING!!! !!!Warning!!! !!!WARNING!!!"
"LegalNoticeText"="This is a Company X computer system, which may be accessed and used only for
official Company X business by authorized personnel. Unauthorized access or use of this computer system may subject violators to criminal, civil, and or administrative action under 18 United States Code 1030 et al. Use of this system constitutes consent to monitoring, retrieval, and disclosure by authorized personnel. USERS HAVE NO REASONABLE EXPECTATION OF PRIVACY IN THE USE OF THIS SYSTEM."

"Welcome"=":WARNING! Company X System!"
cut n paste the above into a text file and then save as a dot reg file - .reg.

Also send this link to your manager http://www.usdoj.gov/criminal/cybercrime/cclaws.html this may change his/her mind about having a lawyer review your AUP.

Collapse -

Why are we doing this?

by OregonNative In reply to More info

Sounds to me like we are working on an AUP with no clue as to why!!!

I don't have much time or interest for those individuals who think they own the network and want to control it. IT is a service organization and is only successful to the degree that we facilitate the business of business.

If the AUP is being written to prohibit people from taking their laptops into the shower or pouring coffee into their keyboards, no attorneys are needed. These rules are about the logistics of keeping the company in a state of operational readiness. That is clearly part of our mission.

On the other hand, if those do's and dont's are intended to reduce the risk of exposure from people using their computers inappropriately (e.g. porn, instant messaging) or illegally (pirated software), then those are LEGAL ISSUES. IT managers tent to think they know it all (I'm one of them, I KNOW!!!), but they are not as well trained as the lawyers in regards to the law.

Collapse -

bottom line

by avid In reply to More info

if you log trouble calls and hours spent on each call, resolution and cause, etc. simply show it to your boss and relate it to downtime and man hours spent.

Collapse -

Review policy with attorney

by Info-Safety, LLC In reply to Creating a Acceptable Use ...

If your policy states that improper usage of company computer and information resources can result in any sort of punishment, of course you need to have an attorney to review it. Certainly you want a policy that is both fair, enforceable, and legally sound. It will cost your employer far less in attorney fees now to have the policy reviewed than it will to defend itself against law suits, if the policy is not legally sound.

Good luck.

Craig Herberg

Collapse -

It is a legal document - isn't it?

by traceyt509 In reply to Review policy with attorn ...

As I understand it, the AUP is effectively a legal document as it lays down policies and procedures that must be followed by an employee and includes punishments for breakingthem. If it isn't reviewed by a lawyer then it could contain 'get out' clauses or worse still, be totally worthless in a court of law. In addition, how do you propose to get an employee to sign it unless you legally make it part of a contract of employment which, in itself, must be a legal document?

Collapse -

Worse yet

by Info-Safety, LLC In reply to It is a legal document - ...

If it is used to arbitrarily violate employees' rights, it could be an illegal document. That is probably not anyone's intent, but it exemplifies why this needs to be reviewed and blessed.

Back to Security Forum
52 total posts (Page 1 of 6)   01 | 02 | 03 | 04 | 05   Next

Related Discussions

Related Forums