SlideShare a Scribd company logo

IT Policy Template

Download as DOC, PDF
Peter Henley
Peter Henley

Combined

Technology
1 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership II. Definitions III. Privacy IV. General Use V. Personal Use VI. Passwords VII. Internet Access VIII. Remote Access IX. Data X. Physical Security XI. Unauthorized Copying of Copyrighted Software ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 1 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership All corporate data as defined in section II of this policy is owned by ZYZ Corp II. Definitions • Corporate data includes files (paper and electronic), email messages, voice messages and faxes. • Personal Data – Files that an employee would expect to take with them should they leave the firm. • Confidential Information includes but is not limited to: Tax returns whether draft, final or any other version Tax planning documents Financial statements Various schedules including but not limited to amortization, fixed assets, leases and other debt schedules List of IT Approved Mobile Devices: • iPhone, Android, Windows Phone • iPad • iPod Touch • Kindle Fire • Windows Surface • Other tablets III. Privacy 1. Employees have no right to privacy of any material created, received, or sent via email, fax, use of the Internet, or by any other computer or mobile device use. 2. ZYZ Corp reserves the right to monitor, log, and review, all email, Internet access and other computer and mobile device use. 3. Please be aware that deleting a file or email message will most likely not destroy it completely. 4. ZYZ Corp has the ability, and reserves the right to access all computers and email accounts without regard for any passwords. IV. General Use • Computer, Internet and email use is subject to all other ZYZ Corp policies, including but not limited to those concerning harassment. • The display or transmission of sexually explicit images, and cartoons is not allowed. Other such misuse includes, but is not limited to, ethnic slurs, racial comments, off-color jokes, or anything that may be construed as harassment or showing disrespect for others. Employees are expressly forbidden to access Internet sites where potentially offensive material is located. Downloading or viewing pornography or other questionable material is not allowed and may be subject to review and subsequent disciplinary action. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 2 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES V. Personal Use 1. Email, Internet access, and computers should be used primarily for business purposes. 2. Employees are permitted to use computers, non-corporate email accounts and the Internet for personal use, provided such use is limited in quantity, and is done on the employee’s personal time. 3. Personal use of the Internet while connected to client networks is expressly prohibited. 4. Personal use of computers is subject to the following: a) Employees’ email accounts, Internet access, and computer use may be monitored and reported on by the company. b) Employees should not view or distribute any obscene, disparaging, derogatory or other type of material that violates ZYZ Corp professional ethical standards. Everything should be “G” rated. c) Employees should not use their company email address or computer to subscribe to any email distribution lists for non-business purposes. d) Streaming or downloading music or movies is prohibited. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 3 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES VI. Passwords • Passwords must never be written down. • Passwords should never be typed into a public, friend’s or relatives’ computer or mobile device. • Mobile Device access (screen lock) passcode must be maintained at all times on tablets and smart phones. Password Sharing • Passwords must never be revealed to anyone for any reason other than ZYZ Corp IT support staff. To do so exposes the authorized user to responsibility for actions (such as deleting files) that the other party takes with the disclosed password. • All passwords must be immediately changed if they are suspected of being disclosed to anyone other than the authorized user. VII. Internet Access 1. Access to sites deemed inappropriate by management is strictly prohibited. These sites include, but are not limited to sites in the following categories: a.Obscene or offensive b. Illegal c.Gaming d. Streaming audio and video including radio stations 2. Employees are permitted to use the Internet for personal use provided such use is limited in quantity, and is done on the employee’s personal time. 3. Game playing, streaming audio and video, and audio and video downloading are strictly prohibited at all times. • Audio and video use for business purposes is permissible only in ZYZ Corp’s office. • ZYZ Corp issued Mobile Hotspots are never to be used for audio or video streaming or downloading. 4. Staff members are expected to limit their use of the Internet to access information which is acceptable in the workplace. This policy applies at any hour of the day, whether there are others in the building or not. Employees should remember that our systems maintain records of Internet traffic – sites that have been accessed, who accessed them, and the time of day. Staff may access the Internet for personal use during non–working hours; however staff should use their best professional judgment in determining if such use is wise while guests or visitors are in the office. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 4 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES VIII. Remote Access General ZYZ Corp (the Firm) encourages all employees to take advantage of our remote computing capabilities. The ability to connect to the Firm’s resources from any location (client’s office, employee’s home, or while traveling) provides an added dimension to client service as well as an employee benefit. The system will handle access to e-mail and instant messaging services, tax return preparation, audit workpaper preparation, client and administrative documents, time and billing, and the Firm’s Intranet. Employees must exercise care in order to insure the security of data, and comply with all software licensing agreements. Specific Policies 1. Employees should not allow anyone else to access Firm resources. 2. Employees should never access Firm resources from any computer or mobile device not owned by the employee or the firm. 3. Special care should be exercised when an employee owned computer or mobile device s shared in a family or social setting. 4. A current copy of Anti-Virus software must be installed and active on any employee owned computer which is used for remote access. 5. ZYZ Corp-issued Mobile Hotspot devices are never to be used for streaming audio or video, or large downloads. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 5 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES IX. Data Social Security Numbers Client social security numbers may not be stored on: ZYZ Corp’s email system Desktop computer C drives USB Drives Client social security numbers may only be stored on: The SharePoint system ShareFile PFx Engagement GoSystem RS Corporate Data • Corporate data may never reside on non-corporate computers or drives except for IT Department approved, employee owned mobile devices. • Corporate data stored on USB drives must be encrypted. Personal Data • Personal data may reside only on corporate computers’ C drives. • Personal data may never reside on the ZYZ Corp network or email system. Email • Confidential attachments must be sent in Adobe Acrobat format using the “Password to Open” feature and the standard ZYZ Corp password convention: o The client’s entire social security or EIN with no hyphens, typed TWICE. o The password can then be described in the body of the email message. • Confidential documents and spreadsheets that need to be transmitted in native format (Microsoft Word and Excel) must be placed on the client’s portal. If no portal exists, the IT department will create one or use the secure temporary portal which is in place for just such a purpose. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 6 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES X. Physical Security • Computer and peripheral equipment other than laptops, projectors and authorized accessories may not be removed from the ZYZ Corp offices. • When driving with laptops and accessories, they must be kept in the trunk of the car at all times. If the car has no trunk, care must be taken to keep them out of sight. Arriving at a destination, removing the laptop from the interior, and putting it in the trunk is unacceptable. Laptops should be placed in the trunk before traveling. • Laptops should never be left in cars overnight. • When traveling, laptops should never be left unattended, except in a locked hotel room. • If a laptop is lost, misplaced or stolen, the ZYZ Corp IT department should be notified immediately. • No one other than a ZYZ Corp employee is permitted to operate a company computer except with permission of the ZYZ Corp IT department. • If an employee owned mobile device with corporate email is lost, the ZYZ Corp IT department must be notified immediately. XI. Unauthorized Copying of Copyrighted Software • The firm’s IT Department must approve all applications before such applications are installed. • ZYZ Corp does not tolerate the unauthorized copying of licensed computer software. ZYZ Corp shall adhere to its contractual responsibilities and shall comply with all copyright laws, and expects all employees of ZYZ Corp to do the same. Employees of ZYZ Corp who violate this policy may be subject to discipline according to standard ZYZ Corp procedures. An individual engaged in the unauthorized copying or use of software may also face civil suit, criminal charges, and/or penalties and fines. Subject to the facts and circumstances of each case, such individuals shall be solely responsible for their defense and any resulting liability. I have read the content of all of the above policies on pages 1-7. I understand the policies and agree to comply. ____________________________ ____________________________ __________ Name Signature Date ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 7 of 7

Recommended

Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureThe Pathway Group
 
TA rules at a glance 23-07-2019
TA rules at a glance 23-07-2019TA rules at a glance 23-07-2019
TA rules at a glance 23-07-2019PushpRajPatel12
 
It policy (ver 1.0)
It policy (ver 1.0)It policy (ver 1.0)
It policy (ver 1.0)sentmery5
 
Ccs conduct rules.do and donot.vigilance aspect.bose
Ccs conduct rules.do and donot.vigilance aspect.boseCcs conduct rules.do and donot.vigilance aspect.bose
Ccs conduct rules.do and donot.vigilance aspect.boseShankar Bose Sbose1958
 
Leave rules
Leave rulesLeave rules
Leave rulesAdditional Finance Secretary, Government of the Punjab, Lahore, Pakistan
 
Staff rules and regulations
Staff rules and regulationsStaff rules and regulations
Staff rules and regulationsAnkit Sharma
 
Collection and recovery.sai.bose
Collection and recovery.sai.boseCollection and recovery.sai.bose
Collection and recovery.sai.boseShankar Bose Sbose1958
 

Recommended

Sample IT Policy
Sample IT PolicySample IT Policy
Sample IT PolicyClarknuber
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureThe Pathway Group
 
TA rules at a glance 23-07-2019
TA rules at a glance 23-07-2019TA rules at a glance 23-07-2019
TA rules at a glance 23-07-2019PushpRajPatel12
 
It policy (ver 1.0)
It policy (ver 1.0)It policy (ver 1.0)
It policy (ver 1.0)sentmery5
 
Ccs conduct rules.do and donot.vigilance aspect.bose
Ccs conduct rules.do and donot.vigilance aspect.boseCcs conduct rules.do and donot.vigilance aspect.bose
Ccs conduct rules.do and donot.vigilance aspect.boseShankar Bose Sbose1958
 
Leave rules
Leave rulesLeave rules
Leave rulesAdditional Finance Secretary, Government of the Punjab, Lahore, Pakistan
 
Staff rules and regulations
Staff rules and regulationsStaff rules and regulations
Staff rules and regulationsAnkit Sharma
 
Collection and recovery.sai.bose
Collection and recovery.sai.boseCollection and recovery.sai.bose
Collection and recovery.sai.boseShankar Bose Sbose1958
 
Cyber fraud
Cyber fraudCyber fraud
Cyber fraudNiti Dhruva
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidenceTalwant Singh
 
CCS-Joining-Time-Rules-1979-20210405120021.ppt
CCS-Joining-Time-Rules-1979-20210405120021.pptCCS-Joining-Time-Rules-1979-20210405120021.ppt
CCS-Joining-Time-Rules-1979-20210405120021.pptjiki8
 
Leave rules latest
Leave rules latestLeave rules latest
Leave rules latestMohandas Poonthiyil
 
The Occupational Safety, Health and Working Conditions Code, 2020 – Part II
The Occupational Safety, Health and Working Conditions Code, 2020 – Part IIThe Occupational Safety, Health and Working Conditions Code, 2020 – Part II
The Occupational Safety, Health and Working Conditions Code, 2020 – Part IIDVSResearchFoundatio
 
Ccs(leave rule)1972
Ccs(leave rule)1972Ccs(leave rule)1972
Ccs(leave rule)1972Shankar Bose Sbose1958
 
Cyber-Safety and Digital Citizenship
Cyber-Safety and Digital CitizenshipCyber-Safety and Digital Citizenship
Cyber-Safety and Digital CitizenshipPantegoChristian
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptDiya Mirza
 
Travelling allowance rules
Travelling allowance rulesTravelling allowance rules
Travelling allowance rulesMukut Deori
 
Ltc
LtcLtc
LtcJagadish Kumar Gupta
 
General Work Rules 5-30-09
General Work Rules 5-30-09General Work Rules 5-30-09
General Work Rules 5-30-09Jo Woolery
 
Office manual II
Office manual IIOffice manual II
Office manual IIPraveen Ranjan
 
What falls within the ambit of Royalty?
What falls within the ambit of Royalty?What falls within the ambit of Royalty?
What falls within the ambit of Royalty?DVSResearchFoundatio
 
Permanent negotiation machiney
Permanent negotiation machineyPermanent negotiation machiney
Permanent negotiation machineyMohandas Poonthiyil
 
CCS CONDUCT RULES
CCS CONDUCT RULESCCS CONDUCT RULES
CCS CONDUCT RULESAvinash Kumar Gupta
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYSahil Vashishtha
 
Police investigation
Police investigationPolice investigation
Police investigationKirti Shah
 
Cyber crime lecture one definition and nature
Cyber crime lecture one definition and natureCyber crime lecture one definition and nature
Cyber crime lecture one definition and natureDr. Arun Verma
 
Dar promotion
Dar promotionDar promotion
Dar promotionMohandas Poonthiyil
 
Final capital gain (3) di sh
Final capital gain (3) di shFinal capital gain (3) di sh
Final capital gain (3) di shwatsalaraj
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfVarinder K
 

More Related Content

What's hot

CCS-Joining-Time-Rules-1979-20210405120021.ppt
CCS-Joining-Time-Rules-1979-20210405120021.pptCCS-Joining-Time-Rules-1979-20210405120021.ppt
CCS-Joining-Time-Rules-1979-20210405120021.pptjiki8
 
The Occupational Safety, Health and Working Conditions Code, 2020 – Part II
The Occupational Safety, Health and Working Conditions Code, 2020 – Part IIThe Occupational Safety, Health and Working Conditions Code, 2020 – Part II
The Occupational Safety, Health and Working Conditions Code, 2020 – Part IIDVSResearchFoundatio
 
Cyber-Safety and Digital Citizenship
Cyber-Safety and Digital CitizenshipCyber-Safety and Digital Citizenship
Cyber-Safety and Digital CitizenshipPantegoChristian
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptDiya Mirza
 
Travelling allowance rules
Travelling allowance rulesTravelling allowance rules
Travelling allowance rulesMukut Deori
 
General Work Rules 5-30-09
General Work Rules 5-30-09General Work Rules 5-30-09
General Work Rules 5-30-09Jo Woolery
 
What falls within the ambit of Royalty?
What falls within the ambit of Royalty?What falls within the ambit of Royalty?
What falls within the ambit of Royalty?DVSResearchFoundatio
 
Police investigation
Police investigationPolice investigation
Police investigationKirti Shah
 
Cyber crime lecture one definition and nature
Cyber crime lecture one definition and natureCyber crime lecture one definition and nature
Cyber crime lecture one definition and natureDr. Arun Verma
 
Final capital gain (3) di sh
Final capital gain (3) di shFinal capital gain (3) di sh
Final capital gain (3) di shwatsalaraj
 

What's hot (20)

Cyber fraud
Cyber fraudCyber fraud
Cyber fraud
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidence
 
CCS-Joining-Time-Rules-1979-20210405120021.ppt
CCS-Joining-Time-Rules-1979-20210405120021.pptCCS-Joining-Time-Rules-1979-20210405120021.ppt
CCS-Joining-Time-Rules-1979-20210405120021.ppt
 
Leave rules latest
Leave rules latestLeave rules latest
Leave rules latest
 
The Occupational Safety, Health and Working Conditions Code, 2020 – Part II
The Occupational Safety, Health and Working Conditions Code, 2020 – Part IIThe Occupational Safety, Health and Working Conditions Code, 2020 – Part II
The Occupational Safety, Health and Working Conditions Code, 2020 – Part II
 
Ccs(leave rule)1972
Ccs(leave rule)1972Ccs(leave rule)1972
Ccs(leave rule)1972
 
Cyber-Safety and Digital Citizenship
Cyber-Safety and Digital CitizenshipCyber-Safety and Digital Citizenship
Cyber-Safety and Digital Citizenship
 
Information technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatespptInformation technology-act 2000- an overview-sethassociatesppt
Information technology-act 2000- an overview-sethassociatesppt
 
Travelling allowance rules
Travelling allowance rulesTravelling allowance rules
Travelling allowance rules
 
Ltc
LtcLtc
Ltc
 
General Work Rules 5-30-09
General Work Rules 5-30-09General Work Rules 5-30-09
General Work Rules 5-30-09
 
Office manual II
Office manual IIOffice manual II
Office manual II
 
What falls within the ambit of Royalty?
What falls within the ambit of Royalty?What falls within the ambit of Royalty?
What falls within the ambit of Royalty?
 
Permanent negotiation machiney
Permanent negotiation machineyPermanent negotiation machiney
Permanent negotiation machiney
 
CCS CONDUCT RULES
CCS CONDUCT RULESCCS CONDUCT RULES
CCS CONDUCT RULES
 
CYBER CRIME AND SECURITY
CYBER CRIME AND SECURITYCYBER CRIME AND SECURITY
CYBER CRIME AND SECURITY
 
Police investigation
Police investigationPolice investigation
Police investigation
 
Cyber crime lecture one definition and nature
Cyber crime lecture one definition and natureCyber crime lecture one definition and nature
Cyber crime lecture one definition and nature
 
Dar promotion
Dar promotionDar promotion
Dar promotion
 
Final capital gain (3) di sh
Final capital gain (3) di shFinal capital gain (3) di sh
Final capital gain (3) di sh
 

Similar to IT Policy Template

An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecuritySina Manavi
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfVarinder K
 
ISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGTISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGTcheyennedaisy
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template Demand Metric
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)k33a
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyKunal Sharma
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Business Days
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYODFernando Palma
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)Pace IT at Edmonds Community College
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeRocket Matter, LLC
 
Hem infotech company profile
Hem infotech company profileHem infotech company profile
Hem infotech company profileHem Infotech
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeNet at Work
 
Mobile technology andy brady - chicago tour
Mobile technology andy brady - chicago tour Mobile technology andy brady - chicago tour
Mobile technology andy brady - chicago tour Ramon Ray
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 

Similar to IT Policy Template (20)

An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
 
ISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGTISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGT
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security Policy
 
Data security
Data securityData security
Data security
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
 
IT Policy
IT Policy IT Policy
IT Policy
 
Byod security
Byod security Byod security
Byod security
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
 
Hem infotech company profile
Hem infotech company profileHem infotech company profile
Hem infotech company profile
 
BYOD
BYODBYOD
BYOD
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
Mobile technology andy brady - chicago tour
Mobile technology andy brady - chicago tour Mobile technology andy brady - chicago tour
Mobile technology andy brady - chicago tour
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
 

More from Peter Henley

Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOAPeter Henley
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsPeter Henley
 
Advice to graduates
Advice to graduatesAdvice to graduates
Advice to graduatesPeter Henley
 
Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIOPeter Henley
 
eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879Peter Henley
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital SignaturesPeter Henley
 
Cloud Computing Discussion Points
Cloud Computing Discussion PointsCloud Computing Discussion Points
Cloud Computing Discussion PointsPeter Henley
 
Cloud Computing Classifications
Cloud Computing ClassificationsCloud Computing Classifications
Cloud Computing ClassificationsPeter Henley
 
Paperless Best Practices 2014
Paperless Best Practices 2014Paperless Best Practices 2014
Paperless Best Practices 2014Peter Henley
 
CPA Firm CIO Job Description
CPA Firm CIO Job DescriptionCPA Firm CIO Job Description
CPA Firm CIO Job DescriptionPeter Henley
 
2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USAPeter Henley
 
Clark Nuber IT Policy
Clark Nuber IT PolicyClark Nuber IT Policy
Clark Nuber IT PolicyPeter Henley
 
Technology Profile of a Company
Technology Profile of a CompanyTechnology Profile of a Company
Technology Profile of a CompanyPeter Henley
 
Killer Interview Questions
Killer Interview QuestionsKiller Interview Questions
Killer Interview QuestionsPeter Henley
 
CIO skills evaluation
CIO skills evaluationCIO skills evaluation
CIO skills evaluationPeter Henley
 
Business continuity
Business continuityBusiness continuity
Business continuityPeter Henley
 

More from Peter Henley (20)

Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
Advice to graduates
Advice to graduatesAdvice to graduates
Advice to graduates
 
Cyber security
Cyber securityCyber security
Cyber security
 
Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIO
 
eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879
 
Cloud Plan 2014
Cloud Plan 2014Cloud Plan 2014
Cloud Plan 2014
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Cloud Computing Discussion Points
Cloud Computing Discussion PointsCloud Computing Discussion Points
Cloud Computing Discussion Points
 
Cloud Computing Classifications
Cloud Computing ClassificationsCloud Computing Classifications
Cloud Computing Classifications
 
Cloud slides
Cloud slidesCloud slides
Cloud slides
 
Paperless Best Practices 2014
Paperless Best Practices 2014Paperless Best Practices 2014
Paperless Best Practices 2014
 
CPA Firm CIO Job Description
CPA Firm CIO Job DescriptionCPA Firm CIO Job Description
CPA Firm CIO Job Description
 
2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA
 
Clark Nuber IT Policy
Clark Nuber IT PolicyClark Nuber IT Policy
Clark Nuber IT Policy
 
Technology Profile of a Company
Technology Profile of a CompanyTechnology Profile of a Company
Technology Profile of a Company
 
Killer Interview Questions
Killer Interview QuestionsKiller Interview Questions
Killer Interview Questions
 
CIO Role
CIO RoleCIO Role
CIO Role
 
CIO skills evaluation
CIO skills evaluationCIO skills evaluation
CIO skills evaluation
 
Business continuity
Business continuityBusiness continuity
Business continuity
 

Recently uploaded

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 

Recently uploaded (20)

How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 

IT Policy Template

  • 1. ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership II. Definitions III. Privacy IV. General Use V. Personal Use VI. Passwords VII. Internet Access VIII. Remote Access IX. Data X. Physical Security XI. Unauthorized Copying of Copyrighted Software ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 1 of 7
  • 2. ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership All corporate data as defined in section II of this policy is owned by ZYZ Corp II. Definitions • Corporate data includes files (paper and electronic), email messages, voice messages and faxes. • Personal Data – Files that an employee would expect to take with them should they leave the firm. • Confidential Information includes but is not limited to: Tax returns whether draft, final or any other version Tax planning documents Financial statements Various schedules including but not limited to amortization, fixed assets, leases and other debt schedules List of IT Approved Mobile Devices: • iPhone, Android, Windows Phone • iPad • iPod Touch • Kindle Fire • Windows Surface • Other tablets III. Privacy 1. Employees have no right to privacy of any material created, received, or sent via email, fax, use of the Internet, or by any other computer or mobile device use. 2. ZYZ Corp reserves the right to monitor, log, and review, all email, Internet access and other computer and mobile device use. 3. Please be aware that deleting a file or email message will most likely not destroy it completely. 4. ZYZ Corp has the ability, and reserves the right to access all computers and email accounts without regard for any passwords. IV. General Use • Computer, Internet and email use is subject to all other ZYZ Corp policies, including but not limited to those concerning harassment. • The display or transmission of sexually explicit images, and cartoons is not allowed. Other such misuse includes, but is not limited to, ethnic slurs, racial comments, off-color jokes, or anything that may be construed as harassment or showing disrespect for others. Employees are expressly forbidden to access Internet sites where potentially offensive material is located. Downloading or viewing pornography or other questionable material is not allowed and may be subject to review and subsequent disciplinary action. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 2 of 7
  • 3. ZYZ CORP INFORMATION SYSTEMS POLICIES V. Personal Use 1. Email, Internet access, and computers should be used primarily for business purposes. 2. Employees are permitted to use computers, non-corporate email accounts and the Internet for personal use, provided such use is limited in quantity, and is done on the employee’s personal time. 3. Personal use of the Internet while connected to client networks is expressly prohibited. 4. Personal use of computers is subject to the following: a) Employees’ email accounts, Internet access, and computer use may be monitored and reported on by the company. b) Employees should not view or distribute any obscene, disparaging, derogatory or other type of material that violates ZYZ Corp professional ethical standards. Everything should be “G” rated. c) Employees should not use their company email address or computer to subscribe to any email distribution lists for non-business purposes. d) Streaming or downloading music or movies is prohibited. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 3 of 7
  • 4. ZYZ CORP INFORMATION SYSTEMS POLICIES VI. Passwords • Passwords must never be written down. • Passwords should never be typed into a public, friend’s or relatives’ computer or mobile device. • Mobile Device access (screen lock) passcode must be maintained at all times on tablets and smart phones. Password Sharing • Passwords must never be revealed to anyone for any reason other than ZYZ Corp IT support staff. To do so exposes the authorized user to responsibility for actions (such as deleting files) that the other party takes with the disclosed password. • All passwords must be immediately changed if they are suspected of being disclosed to anyone other than the authorized user. VII. Internet Access 1. Access to sites deemed inappropriate by management is strictly prohibited. These sites include, but are not limited to sites in the following categories: a.Obscene or offensive b. Illegal c.Gaming d. Streaming audio and video including radio stations 2. Employees are permitted to use the Internet for personal use provided such use is limited in quantity, and is done on the employee’s personal time. 3. Game playing, streaming audio and video, and audio and video downloading are strictly prohibited at all times. • Audio and video use for business purposes is permissible only in ZYZ Corp’s office. • ZYZ Corp issued Mobile Hotspots are never to be used for audio or video streaming or downloading. 4. Staff members are expected to limit their use of the Internet to access information which is acceptable in the workplace. This policy applies at any hour of the day, whether there are others in the building or not. Employees should remember that our systems maintain records of Internet traffic – sites that have been accessed, who accessed them, and the time of day. Staff may access the Internet for personal use during non–working hours; however staff should use their best professional judgment in determining if such use is wise while guests or visitors are in the office. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 4 of 7
  • 5. ZYZ CORP INFORMATION SYSTEMS POLICIES VIII. Remote Access General ZYZ Corp (the Firm) encourages all employees to take advantage of our remote computing capabilities. The ability to connect to the Firm’s resources from any location (client’s office, employee’s home, or while traveling) provides an added dimension to client service as well as an employee benefit. The system will handle access to e-mail and instant messaging services, tax return preparation, audit workpaper preparation, client and administrative documents, time and billing, and the Firm’s Intranet. Employees must exercise care in order to insure the security of data, and comply with all software licensing agreements. Specific Policies 1. Employees should not allow anyone else to access Firm resources. 2. Employees should never access Firm resources from any computer or mobile device not owned by the employee or the firm. 3. Special care should be exercised when an employee owned computer or mobile device s shared in a family or social setting. 4. A current copy of Anti-Virus software must be installed and active on any employee owned computer which is used for remote access. 5. ZYZ Corp-issued Mobile Hotspot devices are never to be used for streaming audio or video, or large downloads. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 5 of 7
  • 6. ZYZ CORP INFORMATION SYSTEMS POLICIES IX. Data Social Security Numbers Client social security numbers may not be stored on: ZYZ Corp’s email system Desktop computer C drives USB Drives Client social security numbers may only be stored on: The SharePoint system ShareFile PFx Engagement GoSystem RS Corporate Data • Corporate data may never reside on non-corporate computers or drives except for IT Department approved, employee owned mobile devices. • Corporate data stored on USB drives must be encrypted. Personal Data • Personal data may reside only on corporate computers’ C drives. • Personal data may never reside on the ZYZ Corp network or email system. Email • Confidential attachments must be sent in Adobe Acrobat format using the “Password to Open” feature and the standard ZYZ Corp password convention: o The client’s entire social security or EIN with no hyphens, typed TWICE. o The password can then be described in the body of the email message. • Confidential documents and spreadsheets that need to be transmitted in native format (Microsoft Word and Excel) must be placed on the client’s portal. If no portal exists, the IT department will create one or use the secure temporary portal which is in place for just such a purpose. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 6 of 7
  • 7. ZYZ CORP INFORMATION SYSTEMS POLICIES X. Physical Security • Computer and peripheral equipment other than laptops, projectors and authorized accessories may not be removed from the ZYZ Corp offices. • When driving with laptops and accessories, they must be kept in the trunk of the car at all times. If the car has no trunk, care must be taken to keep them out of sight. Arriving at a destination, removing the laptop from the interior, and putting it in the trunk is unacceptable. Laptops should be placed in the trunk before traveling. • Laptops should never be left in cars overnight. • When traveling, laptops should never be left unattended, except in a locked hotel room. • If a laptop is lost, misplaced or stolen, the ZYZ Corp IT department should be notified immediately. • No one other than a ZYZ Corp employee is permitted to operate a company computer except with permission of the ZYZ Corp IT department. • If an employee owned mobile device with corporate email is lost, the ZYZ Corp IT department must be notified immediately. XI. Unauthorized Copying of Copyrighted Software • The firm’s IT Department must approve all applications before such applications are installed. • ZYZ Corp does not tolerate the unauthorized copying of licensed computer software. ZYZ Corp shall adhere to its contractual responsibilities and shall comply with all copyright laws, and expects all employees of ZYZ Corp to do the same. Employees of ZYZ Corp who violate this policy may be subject to discipline according to standard ZYZ Corp procedures. An individual engaged in the unauthorized copying or use of software may also face civil suit, criminal charges, and/or penalties and fines. Subject to the facts and circumstances of each case, such individuals shall be solely responsible for their defense and any resulting liability. I have read the content of all of the above policies on pages 1-7. I understand the policies and agree to comply. ____________________________ ____________________________ __________ Name Signature Date ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 7 of 7