Uploaded byssuser06c4a6
85 views

IT Network Security Policy

This document outlines an IT network security policy for a trust. It defines controls to help ensure confidentiality, integrity and availability of information on the network. It covers: responsibilities of information security managers to protect the network; annual risk assessments of the network; physical security measures for network equipment; access controls for trust staff, third parties, and wireless access; software installation restrictions; data backup and restoration procedures; and an acceptable use policy for removable media.

Embed presentation

Download to read offline
IT NETWORK SECURITY POLICY Executive Summary This policy defines the controls applied to the Trust’s IT network to help ensure the confidentiality, integrity and availability of information which flows over it, to ensure compliance with the Data Protection Act and the Information Governance Toolkit.
Definitions computer network – refers to physical (i.e. pc plugged into wall port) and wireless (wifi) networks, and all supporting infrastructure. Purpose The purpose of this Policy is to set out the process to be used to enable staff to use the network in a responsible and appropriate way, including: Understanding their responsibilities when accessing the network Understanding the possible implications and risk/possible damage to the organization's reputation of using the network inappropriately.
Scope This policy applies to all Networks used for:  The storage, sharing and transmission of official and non- official data and images  Printing or scanning non-official or official data or images  The provision of Internet systems for receiving, sending and storing non- official or official data or images  Ensure the protection of the network from unauthorised access, and protect information from unauthorised disclosure and accidental modification.  Ensure the accuracy and completeness of the organisation's IT assets
Information Security Manager Responsibility Information security managers are responsible for protecting their organization’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals. Risk Assessment The Information Security Manager, working in conjunction with the Network Manager, will be responsible for risk assessing, and reporting upon, the Trust’s network. Risk assessments will be conducted on the network annually, the scope of the risk assessment will change depending on which area of the network requires assessing.
Physical and Environmental Security  Network computer equipment will be housed in a controlled and secure environment. Critical or sensitive Network equipment will be housed in an environment that is monitored for temperature, humidity and power supply quality.  All public network facing firewalls will be accredited to Common Criteria EAL4 / Protection Profile compliant as a minimum.  All unused network ports will be unpatched to minimise the likelihood of unauthorized equipment being connected to the network.  Areas which are controlled with secure key-code locks will be periodically changed, following a compromise of code or when a member of staff leaves.  Critical or sensitive Network equipment will be protected from power supply failures.
 Critical or sensitive Network equipment will be protected by intruder alarms and/or CCTV and fire suppression systems.  Smoking, eating and drinking is forbidden in areas housing critical or sensitive Network equipment.  All visitors to secure Network areas must be authorised by a senior member of the IT department.  All visitors to secure Network areas must be made aware of Network security requirements.  All visitors to secure Network areas must be logged in and out. The log will contain name, organization, purpose of visit, date, and time in and out.  The Information Security Manager will ensure that all relevant staff are made aware of procedures for visitors and that visitors are escorted, when necessary.  The Information Security Manager / Network manager will receive, and action, Cyber Security ‘CareCERT’ recommendations where applicable
ACCESS TO SECURE NETWORK AREAS – TRUST STAFF The trust will ensure that Access to secure network areas is restricted to staff who require access to the area. Accesses to secure areas are regularly reviewed and ensure that the list is accurate and up to date.
Logical Access to Network – All Staff  All access to the network must be via a secure log-on procedure, designed to minimize the opportunity for unauthorized access.  Ensure a formal registration and de-registration procedure to access the network, with line manager authorization.  User access rights (as configured in Active Directory) will be removed or reviewed when a user leaves the organization or changes job upon notification from the HR department.
 Security privileges must be granted to those that require the access. This access is limited to trust Staff whose role requires them to have System Administrative access.  All users must have an individual user identification (username) and password.  Users are responsible for ensuring that their username and password is kept safe.  Generic/shared user identification and password will only be granted with a justifiable business requirement and must be only used for the purpose they have been created for. Approval can be sought from the IAO, Deputy Director of IM&T, or the Information Security Manager.  All users must conform to the Acceptable Use Policy.
Third Party Access To The Network THIRD PARTY ACCESS TO THE NETWORK WILL BASED ON A FORMAL CONTRACT THAT SATISFIES ALL NECESSARY, AND INFORMATION GOVERNANCE TOOLKIT SECURITY CONDITIONS ALL THIRD PARTY ACCESSES TO THE NETWORK WILL MANAGED AND LOGGED ON THE TRUST’S SERVICE DESK SYSTEM. Connections to External Networks All connections to external networks and systems conform to the wide Network Security policy, Code of Connection and supporting guidance
ACCESS VIA VPN (VIRTUAL PRIVATE NETWORK THE VPN TOKEN WILL ONLY BE ISSUED AFTER THE COMPLETION OF THE USER ACCEPTANCE FORM. COMPLETED FORMS ARE HELD BY THE IT DEPARTMENT. ACCESS WILL ONLY BE PROVIDED TO TRUST MANAGED DEVICES. ALL USERS MUST CONFORM TO THE ACCEPTABLE USE POLICY (AS IF CONNECTED TO THE LOCAL NETWORK APPROVED EMPLOYEES AND AUTHORIZED THIRD PARTIES (CUSTOMERS, VENDORS, ETC.) MAY UTILIZE THE BENEFITS OF VPNS, WHICH ARE A "USER MANAGED" SERVICE. THIS MEANS THAT THE USER IS RESPONSIBLE FOR SELECTING AN INTERNET SERVICE PROVIDER (ISP), COORDINATING INSTALLATION, INSTALLING ANY REQUIRED SOFTWARE
WIRELESS NETWORK ACCESS Access to the network wirelessly will also be in accordance with the requirement of this policy. There will also be additional access controls via certificate and radius servers
SOFTWARE INSTALLATION POLICY Not allowed to install unauthorized computer programs and software, excepted licensed by IT team including files downloaded and accessed on the Internet, can easily and quickly introduce serious, fast-spreading security vulnerabilities. Unauthorized software programs,
Data Backup and Restoration  The Network Manager is responsible for ensuring that:  Backup copies of Network configuration data are taken regularly.  Documented procedures for the backup process and storage of backup tapes are produced and communicated to all relevant staff.  Backup tapes are stored securely and copies stored off-site.  There are documented procedures for the safe and secure disposal of IT equipment including backup media and these procedures are communicated to all relevant staff.  The disposal of backup media follows and complies with the trust policy for decommissioning and disposal of old equipment.
REMOVABLE MEDIA ACCEPTABLE USE POLICY company Policy to prohibit the use of all removable media devices unless a valid business case for its use is provided. Prohibited Removable Media Devices Removable media devices that are prohibited without a valid business case include, but are not restricted, to the following: DVD’s Bluetooth Device Media Card e.g. SD/XD External Hard Drives USB Memory Sticks (also known as pen drives or flash drives) Embedded Microchips (including Smart Cards and Mobile Phone Memory Cards) MP3 Players Digital Cameras Backup Tapes Dictation Devices Floppy Disk Infrared device Tape Drive Webcam
Email/Communication Policy A company's email policy is a document that is used to formally outline how employees can use the business’ chosen electronic communication medium. I have seen this policy cover email, blogs, social media and chat technologies. The primary goal of this policy is to provide guidelines to employees on what is considered the acceptable and unacceptable use of any corporate communication technology. An example of an email policy is available

More Related Content

PPT
Information security and other issues
byHaseeb Ahmed Awan
 
PPTX
INFORMATION SECURITY SYSTEM
byANAND MURALI
 
PPT
Chapter2 the need to security
byDhani Ahmad
 
PPTX
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
byBiswajit Bhattacharjee
 
PPT
Physical Security
byKriscila Yumul
 
PPT
Information Technology Security A Brief Overview 2001
byDonald E. Hester
 
PPTX
information security technology
bygarimasagar
 
DOCX
A network security policy group project unit 4 (1) july 2015
byJeffery Brown
 
Information security and other issues
byHaseeb Ahmed Awan
 
INFORMATION SECURITY SYSTEM
byANAND MURALI
 
Chapter2 the need to security
byDhani Ahmad
 
SECURITY & CONTROL OF INFORMATION SYSTEM (Management Information System)
byBiswajit Bhattacharjee
 
Physical Security
byKriscila Yumul
 
Information Technology Security A Brief Overview 2001
byDonald E. Hester
 
information security technology
bygarimasagar
 
A network security policy group project unit 4 (1) july 2015
byJeffery Brown
 

What's hot

PPTX
Secure physical infrastructure
byPallavi Agarwal
 
PDF
Mobile Device Policy Template
byDemand Metric
 
PPTX
Security and management
byArtiSolanki5
 
PPTX
information security (Audit mechanism, intrusion detection, password manageme...
byZara Nawaz
 
PPTX
Information Security : Is it an Art or a Science
byPankaj Rane
 
PPT
Basics of Information System Security
bychauhankapil
 
PPT
Information security management
byUMaine
 
PPTX
Introduction to information security
byjayashri kolekar
 
PPTX
Information security management best practice
byparves kamal
 
PDF
Information Security Management 101
byJerod Brennen
 
PPTX
security of information systems
by♥♛❁Sukla♥❀njoyng Breath♥
 
PPTX
Shivani shukla_B38_KnowledgeManagement
byshivanishuks
 
PPTX
Seurity policy
byHari Sarda
 
PPTX
5 Step Data Security Plan for Small Businesses
byWilkins Consulting, LLC
 
PPTX
Cyber Risks Implementation on an IP MPLS Network
byGabriel E Ozique
 
PPTX
Information security[277]
byTimothy Warren
 
PPT
Security Incidents
bybelsis
 
PPTX
Introduction to information security field
byAhmed Musaad
 
Secure physical infrastructure
byPallavi Agarwal
 
Mobile Device Policy Template
byDemand Metric
 
Security and management
byArtiSolanki5
 
information security (Audit mechanism, intrusion detection, password manageme...
byZara Nawaz
 
Information Security : Is it an Art or a Science
byPankaj Rane
 
Basics of Information System Security
bychauhankapil
 
Information security management
byUMaine
 
Introduction to information security
byjayashri kolekar
 
Information security management best practice
byparves kamal
 
Information Security Management 101
byJerod Brennen
 
security of information systems
by♥♛❁Sukla♥❀njoyng Breath♥
 
Shivani shukla_B38_KnowledgeManagement
byshivanishuks
 
Seurity policy
byHari Sarda
 
5 Step Data Security Plan for Small Businesses
byWilkins Consulting, LLC
 
Cyber Risks Implementation on an IP MPLS Network
byGabriel E Ozique
 
Information security[277]
byTimothy Warren
 
Security Incidents
bybelsis
 
Introduction to information security field
byAhmed Musaad
 

Similar to IT Network Security Policy

PPTX
Policy and procedure of hospitals
byMohammed Alabdali
 
DOCX
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
bytodd331
 
PPTX
ch09-update.pptxaaaaaaaaaaaaaaaaaaaaaaaa
bykajite8321
 
PPTX
Chapter 13
bybodo-con
 
PPTX
Chapter 9 PowerPoint health birds and dogs ventilation
bydanielsmithrrt
 
PPTX
IT Policy
bySensewareInfomedia
 
PPTX
Security Policy
byHuda Seyam
 
PPT
Network security, change control, outsourcing
byNicholas Davis
 
PPTX
Ch15 power point
bybodo-con
 
PPTX
Security Management | System Administration
byLisa Dowdell, MSISTM
 
PDF
Monotype IS Policy Supplement for Information Technology, DevOps, Production ...
bynopihab937
 
PDF
ISO / IEC 27001:2005 – An Intorduction
byn|u - The Open Security Community
 
DOCX
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
byLuis Antonio Bustillos López
 
PDF
Ch06 Policy
byphanleson
 
DOCX
Consensus Policy Resource CommunityRemote Access Polic
byAlleneMcclendon878
 
DOCX
Consensus policy resource community remote access polic
byARIV4
 
PPTX
Wireless Networking
byGulshanAra14
 
PPT
Network Security, Change Control, Outsourcing
byNicholas Davis
 
PDF
Free_business_IT_security_policy_template_v5.pdf
byklodianelezi1
 
PDF
Information Security
byDio Pratama
 
Policy and procedure of hospitals
byMohammed Alabdali
 
Sample Security PoliciesAcceptable_Encryption_Policy.docAccep.docx
bytodd331
 
ch09-update.pptxaaaaaaaaaaaaaaaaaaaaaaaa
bykajite8321
 
Chapter 13
bybodo-con
 
Chapter 9 PowerPoint health birds and dogs ventilation
bydanielsmithrrt
 
IT Policy
bySensewareInfomedia
 
Security Policy
byHuda Seyam
 
Network security, change control, outsourcing
byNicholas Davis
 
Ch15 power point
bybodo-con
 
Security Management | System Administration
byLisa Dowdell, MSISTM
 
Monotype IS Policy Supplement for Information Technology, DevOps, Production ...
bynopihab937
 
ISO / IEC 27001:2005 – An Intorduction
byn|u - The Open Security Community
 
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
byLuis Antonio Bustillos López
 
Ch06 Policy
byphanleson
 
Consensus Policy Resource CommunityRemote Access Polic
byAlleneMcclendon878
 
Consensus policy resource community remote access polic
byARIV4
 
Wireless Networking
byGulshanAra14
 
Network Security, Change Control, Outsourcing
byNicholas Davis
 
Free_business_IT_security_policy_template_v5.pdf
byklodianelezi1
 
Information Security
byDio Pratama
 

Recently uploaded

PDF
The voice of the rain poem class 11th.pdf
byReeta Baral
 
PDF
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
PPTX
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
PPTX
Nursing Unit Management, patient care unit, physical layout of nursing unit,t...
byyellow4878
 
PPTX
How to Track a Link Using Odoo 18 SMS Marketing
byCeline George
 
PDF
Risk management in Moroccan public hospitals_ a literature review
byMan_Ebook
 
PPTX
Details of Epithelial and Connective Tissue.pptx
byAshish Umale
 
PPTX
Overview of how to Create a Model in Odoo 18
byCeline George
 
PPTX
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 
PPTX
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
PDF
Biology Practical Class 12th 2025 PDF(2)-2-52.pdf
bySCPRPWomenCollegeChi
 
PDF
Most Imp Chapters & Weightage for Boards 2025.pdf
byTamannaSagar
 
PPTX
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
PDF
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
PPTX
Introduction-to-Anatomy-and-Physiology.pptx
byAshish Umale
 
PPTX
Steve Hale - Developing Elite Young Goalkeepers 2024.pptx
bypjmfd
 
PDF
Using Charts and Tables in Presenting Data
byThelma Villaflores
 
PDF
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
PPTX
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
PPTX
Partial Correlation - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂ r₁₂, r₁₃ and r₂₃
bySundar B N
 
The voice of the rain poem class 11th.pdf
byReeta Baral
 
The Tale of Melon City poem ppt by Sahasra
bybitrasahasra
 
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
Nursing Unit Management, patient care unit, physical layout of nursing unit,t...
byyellow4878
 
How to Track a Link Using Odoo 18 SMS Marketing
byCeline George
 
Risk management in Moroccan public hospitals_ a literature review
byMan_Ebook
 
Details of Epithelial and Connective Tissue.pptx
byAshish Umale
 
Overview of how to Create a Model in Odoo 18
byCeline George
 
META-ANALYSIS INTERPRETATION, PUBLICATION BIAS AND GRADE ASSESSMENT.pptx
bySystematic Reviews Network (SRN)
 
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
Biology Practical Class 12th 2025 PDF(2)-2-52.pdf
bySCPRPWomenCollegeChi
 
Most Imp Chapters & Weightage for Boards 2025.pdf
byTamannaSagar
 
PURPOSIVE SAMPLING IN EDUCATIONAL RESEARCH RACHITHRA RK.pptx
byssuser047b711
 
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
Introduction-to-Anatomy-and-Physiology.pptx
byAshish Umale
 
Steve Hale - Developing Elite Young Goalkeepers 2024.pptx
bypjmfd
 
Using Charts and Tables in Presenting Data
byThelma Villaflores
 
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
Partial Correlation - Values of r₁₂.₃, r₂₃.₁ & r₁₃.₂ r₁₂, r₁₃ and r₂₃
bySundar B N
 

IT Network Security Policy

  • 1.
    IT NETWORK SECURITYPOLICY Executive Summary This policy defines the controls applied to the Trust’s IT network to help ensure the confidentiality, integrity and availability of information which flows over it, to ensure compliance with the Data Protection Act and the Information Governance Toolkit.
  • 2.
    Definitions computer network –refers to physical (i.e. pc plugged into wall port) and wireless (wifi) networks, and all supporting infrastructure. Purpose The purpose of this Policy is to set out the process to be used to enable staff to use the network in a responsible and appropriate way, including: Understanding their responsibilities when accessing the network Understanding the possible implications and risk/possible damage to the organization's reputation of using the network inappropriately.
  • 3.
    Scope This policy appliesto all Networks used for:  The storage, sharing and transmission of official and non- official data and images  Printing or scanning non-official or official data or images  The provision of Internet systems for receiving, sending and storing non- official or official data or images  Ensure the protection of the network from unauthorised access, and protect information from unauthorised disclosure and accidental modification.  Ensure the accuracy and completeness of the organisation's IT assets
  • 4.
    Information Security ManagerResponsibility Information security managers are responsible for protecting their organization’s computers, networks and data against threats, such as security breaches, computer viruses or attacks by cyber-criminals. Risk Assessment The Information Security Manager, working in conjunction with the Network Manager, will be responsible for risk assessing, and reporting upon, the Trust’s network. Risk assessments will be conducted on the network annually, the scope of the risk assessment will change depending on which area of the network requires assessing.
  • 5.
    Physical and EnvironmentalSecurity  Network computer equipment will be housed in a controlled and secure environment. Critical or sensitive Network equipment will be housed in an environment that is monitored for temperature, humidity and power supply quality.  All public network facing firewalls will be accredited to Common Criteria EAL4 / Protection Profile compliant as a minimum.  All unused network ports will be unpatched to minimise the likelihood of unauthorized equipment being connected to the network.  Areas which are controlled with secure key-code locks will be periodically changed, following a compromise of code or when a member of staff leaves.  Critical or sensitive Network equipment will be protected from power supply failures.
  • 6.
     Critical orsensitive Network equipment will be protected by intruder alarms and/or CCTV and fire suppression systems.  Smoking, eating and drinking is forbidden in areas housing critical or sensitive Network equipment.  All visitors to secure Network areas must be authorised by a senior member of the IT department.  All visitors to secure Network areas must be made aware of Network security requirements.  All visitors to secure Network areas must be logged in and out. The log will contain name, organization, purpose of visit, date, and time in and out.  The Information Security Manager will ensure that all relevant staff are made aware of procedures for visitors and that visitors are escorted, when necessary.  The Information Security Manager / Network manager will receive, and action, Cyber Security ‘CareCERT’ recommendations where applicable
  • 7.
    ACCESS TO SECURENETWORK AREAS – TRUST STAFF The trust will ensure that Access to secure network areas is restricted to staff who require access to the area. Accesses to secure areas are regularly reviewed and ensure that the list is accurate and up to date.
  • 8.
    Logical Access toNetwork – All Staff  All access to the network must be via a secure log-on procedure, designed to minimize the opportunity for unauthorized access.  Ensure a formal registration and de-registration procedure to access the network, with line manager authorization.  User access rights (as configured in Active Directory) will be removed or reviewed when a user leaves the organization or changes job upon notification from the HR department.
  • 9.
     Security privilegesmust be granted to those that require the access. This access is limited to trust Staff whose role requires them to have System Administrative access.  All users must have an individual user identification (username) and password.  Users are responsible for ensuring that their username and password is kept safe.  Generic/shared user identification and password will only be granted with a justifiable business requirement and must be only used for the purpose they have been created for. Approval can be sought from the IAO, Deputy Director of IM&T, or the Information Security Manager.  All users must conform to the Acceptable Use Policy.
  • 10.
    Third Party AccessTo The Network THIRD PARTY ACCESS TO THE NETWORK WILL BASED ON A FORMAL CONTRACT THAT SATISFIES ALL NECESSARY, AND INFORMATION GOVERNANCE TOOLKIT SECURITY CONDITIONS ALL THIRD PARTY ACCESSES TO THE NETWORK WILL MANAGED AND LOGGED ON THE TRUST’S SERVICE DESK SYSTEM. Connections to External Networks All connections to external networks and systems conform to the wide Network Security policy, Code of Connection and supporting guidance
  • 11.
    ACCESS VIA VPN(VIRTUAL PRIVATE NETWORK THE VPN TOKEN WILL ONLY BE ISSUED AFTER THE COMPLETION OF THE USER ACCEPTANCE FORM. COMPLETED FORMS ARE HELD BY THE IT DEPARTMENT. ACCESS WILL ONLY BE PROVIDED TO TRUST MANAGED DEVICES. ALL USERS MUST CONFORM TO THE ACCEPTABLE USE POLICY (AS IF CONNECTED TO THE LOCAL NETWORK APPROVED EMPLOYEES AND AUTHORIZED THIRD PARTIES (CUSTOMERS, VENDORS, ETC.) MAY UTILIZE THE BENEFITS OF VPNS, WHICH ARE A "USER MANAGED" SERVICE. THIS MEANS THAT THE USER IS RESPONSIBLE FOR SELECTING AN INTERNET SERVICE PROVIDER (ISP), COORDINATING INSTALLATION, INSTALLING ANY REQUIRED SOFTWARE
  • 12.
    WIRELESS NETWORK ACCESS Accessto the network wirelessly will also be in accordance with the requirement of this policy. There will also be additional access controls via certificate and radius servers
  • 13.
    SOFTWARE INSTALLATION POLICY Notallowed to install unauthorized computer programs and software, excepted licensed by IT team including files downloaded and accessed on the Internet, can easily and quickly introduce serious, fast-spreading security vulnerabilities. Unauthorized software programs,
  • 14.
    Data Backup andRestoration  The Network Manager is responsible for ensuring that:  Backup copies of Network configuration data are taken regularly.  Documented procedures for the backup process and storage of backup tapes are produced and communicated to all relevant staff.  Backup tapes are stored securely and copies stored off-site.  There are documented procedures for the safe and secure disposal of IT equipment including backup media and these procedures are communicated to all relevant staff.  The disposal of backup media follows and complies with the trust policy for decommissioning and disposal of old equipment.
  • 15.
    REMOVABLE MEDIA ACCEPTABLEUSE POLICY company Policy to prohibit the use of all removable media devices unless a valid business case for its use is provided. Prohibited Removable Media Devices Removable media devices that are prohibited without a valid business case include, but are not restricted, to the following: DVD’s Bluetooth Device Media Card e.g. SD/XD External Hard Drives USB Memory Sticks (also known as pen drives or flash drives) Embedded Microchips (including Smart Cards and Mobile Phone Memory Cards) MP3 Players Digital Cameras Backup Tapes Dictation Devices Floppy Disk Infrared device Tape Drive Webcam
  • 17.
    Email/Communication Policy A company'semail policy is a document that is used to formally outline how employees can use the business’ chosen electronic communication medium. I have seen this policy cover email, blogs, social media and chat technologies. The primary goal of this policy is to provide guidelines to employees on what is considered the acceptable and unacceptable use of any corporate communication technology. An example of an email policy is available