Internet Usage Policy

 

The Internet is a key research tool for many organizations. Likewise, e-mail is a convenient and usually inexpensive way for organizations to connect with clients, customers, and trading partners. However, it is easy for users to abuse both of these services.

When you suspect that a large amount of nonbusiness browsing and e-mail sending is occurring among your users, it is time to implement an Internet usage policy. Many organizations already follow an established policy. But for those organizations without one, it’s time to consider creating such a policy.

 

Most organizations already follow a policy.

Before you say that you already have a policy, consider what it covers. Is it a “one-liner” or a policy that comprises a short paragraph? Can a couple of sentences explain all the use scenarios your organization should regulate?

There are several reasons to curb Internet and e-mail use. Excessive online time can tie up resources. Accessing streaming media hogs bandwidth. Downloading MP3 and other large files steals server space.

Internet browsing also exposes an organization to viruses, especially when the company lacks an efficient firewall or uses software to isolate computer bugs.

In rare instances, an organization’s Internet and e-mail services can be used against you. Malicious users with network access can transmit sensitive corporate information without authorization.

Unchecked use also places a lag on productivity. It’s tempting for users to check e-mail through an Internet connection several times a day. It’s also tempting for users to shop online, check stocks, or browse entertainment sites while at work.

Often, a single notice about a user’s browsing habits will set the user back on a productivity track. One idea is to the list of users and the sites they visited and post it on a refrigerator in the employee kitchen each month. Usually, the embarrassment over seeing their name tied to how long they spent online and where they went is enough to stop excessive use.

Other times, instituting a written, formal policy is the better option.

Many organizations already handle excessive Internet and e-mail on a case-by-case basis, but with an established policy, you may be able to lower the amount of cases you have.

This document explains some of the necessary elements of an Internet usage policy and examples of short-and-sweet policies. It also includes two examples of use policies.

So you don’t want a policy?

Managers in organizations with loose policies use the one-liner method to outline what the organization expects from users. Here are three examples for actual policies:

“If you can’t display the information you are looking at on your cubicle wall for other employees to see, chances are you shouldn’t be looking at it at work.”

“Use of the Internet for personal use should be restricted to reasonable sites and materials such as news or information that might be considered reasonable if read as a text publication in an office environment.”

“Internet browsing and e-mail activity for personal use should be kept to a minimum and should not be conducted during the workday.”

These one-line policies may work in a small organization. Internet Usage policies for medium to large organizations, however, may need details.

Detailed policies generally include three elements: an introduction to explain the reason for the policy, permitted use, and prohibited use. It may also be appropriate to include a section for definitions of the terms used in a policy. Some examples of these include:

Internet: the network that includes, but is not limited to, the World Wide Web. The Internet is a vast network of other networks that enables point-to-point exchange of information.

Download: A way to copy software programs, documents, and other files.

Other key elements to consider including in a policy are:

·         An explanation to users that they have no expectation of privacy when using company property.

·         A clause that addresses sexually explicit and offensive material.

·         A method for handling policy offenders.

 

Policy examples

The following two policy examples go beyond the information included in a one-liner. These examples were compiled from actual use policies.

The first example is a moderate policy. It clearly explains what is expected of users but does not list each possible infraction. The second example is a stricter policy. In this example, you’ll find a bulleted list of prohibited use. Large organizations may benefit from this example.

The examples should be modified to fit your organization.

(moderate)

Acceptable use policy for [this organization]

 

Date issued: 01-01-2001
Revised: 01-01-2002
Authorized by:
Next scheduled review: 01-01-2003

Introduction

 

[This organization] provides its users with Internet access and electronic communications services as required for the performance and fulfillment of job responsibilities. These services are for the purpose of increasing productivity and not for nonbusiness activities.

Use policy

 

Occasional and reasonable personal use of [this organization’s] Internet and e-mail services is permitted, provided that this does not interfere with work performance. These services may be used outside of scheduled hours of work, provided that such use is consistent with professional conduct.

Users should have no expectation of privacy while using company-owned or company-leased equipment. Information passing through or stored on company equipment can and will be monitored.

Violations of Internet and e-mail use include, but are not limited to, accessing, downloading, uploading, saving, receiving, or sending material that includes sexually explicit content or other material using vulgar, sexist, racist, threatening, violent, or defamatory language. Users should not use [this organization’s] services to disclose corporate information without prior authorization. Gambling and illegal activities are not to be conducted on company resources.

Infringements of this policy will be investigated on a case-by-case basis.

 

Your signature indicates that you have read [this organization’s] Internet and e-mail use policy. Signing this document does not mean that you agree with each and every provision of the policy. However, it does mean that you will abide by the regulations set forth in the above policy.

 

Employee:                                                                                          Date:

 

 

(strict)

Acceptable use policy for [this organization]

 

Date issued: 01-01-2001
Revised: 01-01-2002
Authorized by:
Next scheduled review: 01-01-2003

Introduction

 

[This organization] provides its users with Internet access and electronic communications services as required for the performance and fulfillment of job responsibilities.

Users must understand that this access is for the purpose of increasing productivity and not for nonbusiness activities. Users must also understand that any connection to the Internet offers an opportunity for nonauthorized users to view or access corporate information. Therefore, it is important that all connections be secure, controlled, and monitored.

To this end, users in [this organization] should have no expectation of privacy while using company-owned or company-leased equipment. Information passing through or stored on company equipment can and will be monitored. Users should also understand that [this organization] maintains the right to monitor and review Internet use and e-mail communications sent or received by users as necessary.

 

Permitted use

 

The Internet connection and e-mail system of [this organization] is primarily for business use. Occasional and reasonable personal use is permitted, provided that this does not interfere with the performance of work duties and responsibilities.

Users may use [this organization’s] Internet services for personal improvement, outside of scheduled hours of work, provided that such use is consistent with professional conduct and is not for personal financial gain.

Users may send and receive e-mail attachments that do not exceed 2 MB in size, provided that all attachments are scanned before they are opened by [this organization’s] chosen antivirus software.

Users may send and receive short text messages with no enclosures for nonbusiness purposes. [This organization] requests that the personal e-mail not be read in the office and that any personal e-mail you receive be forwarded to a nonbusiness account to be viewed at your leisure.

Prohibited use

 

Users shall not use [this organization’s] Internet or e-mail services to view, download, save, receive, or send material related to or including:

·         Offensive content of any kind, including pornographic material.

·         Promoting discrimination on the basis of race, gender, national origin, age, marital status, sexual orientation, religion, or disability.

·         Threatening or violent behavior.

·         Illegal activities.

·         Commercial messages.

·         Messages of a religious, political, or racial nature.

·         Gambling.

·         Sports, entertainment, and job information and/or sites.

·         Personal financial gain.

·         Forwarding e-mail chain letters.

·         Spamming e-mail accounts from [this organization’s] e-mail services or company machines.

·         Material protected under copyright laws.

·         Sending business-sensitive information by e-mail or over the Internet.

·         Dispersing corporate data to [this organization’s] customers or clients without authorization.

·         Opening files received from the Internet without performing a virus scan.

·         Tampering with your company handle in order to misrepresent yourself and the company to others.

 

Responsibilities

 

[This organization’s] users are responsible for:

·         Honoring acceptable use policies of networks accessed through [this organization’s] Internet and e-mail services.

·         Abiding by existing federal, state, and local telecommunications and networking laws and regulations.

·         Following copyright laws regarding protected commercial software or intellectual property.

·         Minimizing unnecessary network traffic that may interfere with the ability of others to make effective use of [this organization’s] network resources.

·         Not overloading networks with excessive data or wasting [this organization’s] other technical resources.

 

Violations

 

Violations will be reviewed on a case-by-case basis. If it is determined that a user has violated one or more of the above use regulations, that user will receive a reprimand from his or her supervisor and his or her future use will be closely monitored. If a gross violation has occurred, management will take immediate action. Such action may result in losing Internet and/or e-mail privileges, severe reprimand, or termination of employment at [this organization].

 

 

Your signature indicates that you have read [this organization’s] Internet and e-mail use policy. Your signature does not mean that you agree with each and every provision of the policy. However, it does indicate that you will abide by the regulations set forth in the above policy.

 

Employee:                                                                                          Date: