In the business world, communication is key and they way you communicate can make or break the image of the company. Never the less it is also important to make these communication channels to be secure so that no harm will be done to tarnish the companies good name.
In this blog post I have provided you a sample on how to write an Email policy relating to an Issue Specific Information Security policy for a company. The reason why i have selected email is that currently email is one of the main communication channels that is chosen by companies to communicate official matters.
In this blog post I have provided you a sample on how to write an Email policy relating to an Issue Specific Information Security policy for a company. The reason why i have selected email is that currently email is one of the main communication channels that is chosen by companies to communicate official matters.
Email Policy for ABC Company
Disclaimer:
This policy is created .for
the ABC company and can be used by any person that uses the email service
provided by the ABC company. No prior notice is required for the use of the
policy. Suggestions are welcome to improve the policy and can be submitted to
the Information security department for any ideas.
1. Overview
The main purpose of this policy is to create an acceptable use of the ABC Companies email service and its other relating services. This policy will be maintained by the Information security department and will be revised every year. This policy will be made available to everyone and will be displayed as the first page once login to the emails. Any exceptions required will require prior approval by the stated parties in the policy.
The main purpose of this policy is to create an acceptable use of the ABC Companies email service and its other relating services. This policy will be maintained by the Information security department and will be revised every year. This policy will be made available to everyone and will be displayed as the first page once login to the emails. Any exceptions required will require prior approval by the stated parties in the policy.
2. Purpose of the policy
Make sure
that the ABC companies email system is used in a proper manner as well as to make
the users aware of the ABC companies unaccepted and accepted usage rules of the
email system. The minimized outlines of usage of electronic mail communication
within the network of ABC company.
3. Scope of the policy
The policy
applies to ABC companies all members who are granted permission of the email service.
This includes all the emails send with the use of the ABC companies email address.
The policy applies to purpose of receiving and sending email via the ABC
company service including network, hardware and software provided by the ABC
company.
3.1 Users are as follows.
- Management
- Employees
- Stakeholders
4. Policy
4.1. Content of the email
- The tone of the emails sent should be polite and professional. No usage of offensive material will be tolerated.
- Usage of formal style for the format of the document should be referred.
- Links to unauthorized materials should not be communicated via email.
- Attachments of documents should be done with the approval of the manager as they might contain sensitive data.
- Email signature should be attached to every email sent via the company email address.
- The content of the emails of the ABC company should be secured as per the standards of the data protection.
4.2. Permitted Use
- ABC company email system should only be used for business purposes only.
- No personal usage of the system will be entertained.
- All received emails should be checked for viruses.
- Opening of attachments or links in the emails should be done in a secured environment and only after a virus scan.
- No attachments should be saved in employee’s computers, if required should be approved by the respective mangers.
- Usage of mobile devices to send emails using the company email services is only authorized to the higher management (Management staff above level 3 of the employee hierarchy)
4.3. Sending emails
- ABC employees should use passwords as recommended by the company and they should be changed after 30 days.
- No emails should be synchronized to be auto forwarding.
- Emails sent and received will be monitored without any prior notice to the employees.
- Emails containing confidential data should be encrypted prior to sending.
4.4. Receiving of emails
- All emails categorized as secret or above should be responded within 2 hours.
- All emails received should be subjected to a virus scan prior to opening.
5. Policy Compliance
5.1. Monitoring and measurement
The
information security team will be looking in to verifying the compliance of
this policy. This checks will be performed without prior notice. This checks
will be done via internal and external audits, time to time walk through, and
with the usage of business tools provided to them. After every inspection a feedback
will be provided and actions will be taken accordingly.
5.2. Exceptions in the policy
Any exceptions required should be
approved by the higher management and the Information security team prior to
exercising.
5.3. Act of non-compliance of policy
Any employee monitored of not
complying to the policy will be subjected to disciplinary hearing and will be
terminated by the ABC Company.
6. Implementation
6.1. Expert and legal advice should be taken when considering data protection and privacy.
6.2. The policy will be made available to everyone.
6.3. The policy will be displayed as the first page once a user logs in to the email service of the ABC company and will require to sign and acknowledge of the policy.
6.4. All employees should be trained and educated on the policy.
6.5. Policy will be revised every year by the Information Security team.
7. Standards relating to the policy
7.1. Data protection standard.
8. Revision History
Date revised
|
Responsible offices
|
Approved by
|
Approved Date
|
Summary of change done
|
05/07/2017
|
K.M.Been
|
U.I.Sorr
|
30/07/2017
|
Updated virus check
|
No comments:
Post a Comment