IT Employment

General discussion


Email Usage Policy

By GSG ·
I am a member of a HIPAA security team, and one of our tasks is to review and revise our Email and Internet usage policy. Our goals are:

1) Restrict Email and Internet usage
2) Not restrict it so much so that we can only use it for business. We don't want to be the email police, or by policy have to terminate someone because their Grandma sent them an email.

In summary, we want a policy that restricts usage, while still giving our employees a little leeway to visit sites like TechRepublic, CNN, MSNBC, etc...

Does anyone out there have some suggestions or policies?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

There's a couple of good references I use

by mlayton In reply to Email Usage Policy

..especially when total restriction is not the goal. Try "Information Security Policies Made Easy" by Wood - the one I have is pretty old, so you may want an updated one. Also, I have used Jenkins "Information Systems Policies and Procedures Manual", which is much more in-depth and restrictive, and while mine is a few years old again, I would be surprised if it hadn't been revised to accommodate HIPAA requirements. Also the SANS site might have some samples worth reviewing. And as always, make sure HR and legal review prior to implementation!

Related Discussions

Related Forums