SlideShare a Scribd company logo
ZYZ CORP
INFORMATION SYSTEMS POLICIES
I. Information Ownership
II. Definitions
III. Privacy
IV. General Use
V. Personal Use
VI. Passwords
VII. Internet Access
VIII. Remote Access
IX. Data
X. Physical Security
XI. Unauthorized Copying of Copyrighted Software
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 1 of 7
ZYZ CORP
INFORMATION SYSTEMS POLICIES
I. Information Ownership
All corporate data as defined in section II of this policy is owned by ZYZ Corp
II. Definitions
• Corporate data includes files (paper and electronic), email messages, voice messages and faxes.
• Personal Data – Files that an employee would expect to take with them should they leave the firm.
• Confidential Information includes but is not limited to:
Tax returns whether draft, final or any other version
Tax planning documents
Financial statements
Various schedules including but not limited to amortization, fixed assets, leases and other debt
schedules
List of IT Approved Mobile Devices:
• iPhone, Android, Windows Phone
• iPad
• iPod Touch
• Kindle Fire
• Windows Surface
• Other tablets
III. Privacy
1. Employees have no right to privacy of any material created, received, or sent via email, fax, use of the
Internet, or by any other computer or mobile device use.
2. ZYZ Corp reserves the right to monitor, log, and review, all email, Internet access and other computer
and mobile device use.
3. Please be aware that deleting a file or email message will most likely not destroy it completely.
4. ZYZ Corp has the ability, and reserves the right to access all computers and email accounts without
regard for any passwords.
IV. General Use
• Computer, Internet and email use is subject to all other ZYZ Corp policies, including but not limited to
those concerning harassment.
• The display or transmission of sexually explicit images, and cartoons is not allowed. Other such misuse
includes, but is not limited to, ethnic slurs, racial comments, off-color jokes, or anything that may be
construed as harassment or showing disrespect for others. Employees are expressly forbidden to
access Internet sites where potentially offensive material is located. Downloading or viewing
pornography or other questionable material is not allowed and may be subject to review and
subsequent disciplinary action.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 2 of 7
ZYZ CORP
INFORMATION SYSTEMS POLICIES
V. Personal Use
1. Email, Internet access, and computers should be used primarily for business purposes.
2. Employees are permitted to use computers, non-corporate email accounts and the Internet for
personal use, provided such use is limited in quantity, and is done on the employee’s personal time.
3. Personal use of the Internet while connected to client networks is expressly prohibited.
4. Personal use of computers is subject to the following:
a) Employees’ email accounts, Internet access, and computer use may be monitored and reported
on by the company.
b) Employees should not view or distribute any obscene, disparaging, derogatory or other type of
material that violates ZYZ Corp professional ethical standards. Everything should be “G” rated.
c) Employees should not use their company email address or computer to subscribe to any email
distribution lists for non-business purposes.
d) Streaming or downloading music or movies is prohibited.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 3 of 7
ZYZ CORP
INFORMATION SYSTEMS POLICIES
VI. Passwords
• Passwords must never be written down.
• Passwords should never be typed into a public, friend’s or relatives’ computer or mobile device.
• Mobile Device access (screen lock) passcode must be maintained at all times on tablets and smart
phones.
Password Sharing
• Passwords must never be revealed to anyone for any reason other than ZYZ Corp IT support staff.
To do so exposes the authorized user to responsibility for actions (such as deleting files) that the
other party takes with the disclosed password.
• All passwords must be immediately changed if they are suspected of being disclosed to anyone
other than the authorized user.
VII. Internet Access
1. Access to sites deemed inappropriate by management is strictly prohibited. These sites include, but
are not limited to sites in the following categories:
a.Obscene or offensive
b. Illegal
c.Gaming
d. Streaming audio and video including radio stations
2. Employees are permitted to use the Internet for personal use provided such use is limited in quantity,
and is done on the employee’s personal time.
3. Game playing, streaming audio and video, and audio and video downloading are strictly prohibited at
all times.
• Audio and video use for business purposes is permissible only in ZYZ Corp’s office.
• ZYZ Corp issued Mobile Hotspots are never to be used for audio or video streaming or
downloading.
4. Staff members are expected to limit their use of the Internet to access information which is acceptable
in the workplace. This policy applies at any hour of the day, whether there are others in the building or
not. Employees should remember that our systems maintain records of Internet traffic – sites that
have been accessed, who accessed them, and the time of day. Staff may access the Internet for
personal use during non–working hours; however staff should use their best professional judgment in
determining if such use is wise while guests or visitors are in the office.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 4 of 7
ZYZ CORP
INFORMATION SYSTEMS POLICIES
VIII. Remote Access
General
ZYZ Corp (the Firm) encourages all employees to take advantage of our remote computing capabilities.
The ability to connect to the Firm’s resources from any location (client’s office, employee’s home, or
while traveling) provides an added dimension to client service as well as an employee benefit. The
system will handle access to e-mail and instant messaging services, tax return preparation, audit
workpaper preparation, client and administrative documents, time and billing, and the Firm’s Intranet.
Employees must exercise care in order to insure the security of data, and comply with all software
licensing agreements.
Specific Policies
1. Employees should not allow anyone else to access Firm resources.
2. Employees should never access Firm resources from any computer or mobile device not owned by
the employee or the firm.
3. Special care should be exercised when an employee owned computer or mobile device s shared in
a family or social setting.
4. A current copy of Anti-Virus software must be installed and active on any employee owned
computer which is used for remote access.
5. ZYZ Corp-issued Mobile Hotspot devices are never to be used for streaming audio or video, or large
downloads.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 5 of 7
ZYZ CORP
INFORMATION SYSTEMS POLICIES
IX. Data
Social Security Numbers
Client social security numbers may not be stored on:
ZYZ Corp’s email system
Desktop computer C drives
USB Drives
Client social security numbers may only be stored on:
The SharePoint system
ShareFile
PFx Engagement
GoSystem RS
Corporate Data
• Corporate data may never reside on non-corporate computers or drives except for IT Department
approved, employee owned mobile devices.
• Corporate data stored on USB drives must be encrypted.
Personal Data
• Personal data may reside only on corporate computers’ C drives.
• Personal data may never reside on the ZYZ Corp network or email system.
Email
• Confidential attachments must be sent in Adobe Acrobat format using the “Password to Open” feature
and the standard ZYZ Corp password convention:
o The client’s entire social security or EIN with no hyphens, typed TWICE.
o The password can then be described in the body of the email message.
• Confidential documents and spreadsheets that need to be transmitted in native format (Microsoft
Word and Excel) must be placed on the client’s portal. If no portal exists, the IT department will create
one or use the secure temporary portal which is in place for just such a purpose.
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 6 of 7
ZYZ CORP
INFORMATION SYSTEMS POLICIES
X. Physical Security
• Computer and peripheral equipment other than laptops, projectors and authorized accessories may
not be removed from the ZYZ Corp offices.
• When driving with laptops and accessories, they must be kept in the trunk of the car at all times. If the
car has no trunk, care must be taken to keep them out of sight. Arriving at a destination, removing the
laptop from the interior, and putting it in the trunk is unacceptable. Laptops should be placed in the
trunk before traveling.
• Laptops should never be left in cars overnight.
• When traveling, laptops should never be left unattended, except in a locked hotel room.
• If a laptop is lost, misplaced or stolen, the ZYZ Corp IT department should be notified immediately.
• No one other than a ZYZ Corp employee is permitted to operate a company computer except with
permission of the ZYZ Corp IT department.
• If an employee owned mobile device with corporate email is lost, the ZYZ Corp IT department must be
notified immediately.
XI. Unauthorized Copying of Copyrighted Software
• The firm’s IT Department must approve all applications before such applications are installed.
• ZYZ Corp does not tolerate the unauthorized copying of licensed computer software. ZYZ Corp shall
adhere to its contractual responsibilities and shall comply with all copyright laws, and expects all
employees of ZYZ Corp to do the same. Employees of ZYZ Corp who violate this policy may be subject
to discipline according to standard ZYZ Corp procedures. An individual engaged in the unauthorized
copying or use of software may also face civil suit, criminal charges, and/or penalties and fines. Subject
to the facts and circumstances of each case, such individuals shall be solely responsible for their
defense and any resulting liability.
I have read the content of all of the above policies on pages 1-7.
I understand the policies and agree to comply.
____________________________ ____________________________ __________
Name Signature Date
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 7 of 7

More Related Content

What's hot

UbiAttendance-Attendance Management Software
UbiAttendance-Attendance Management SoftwareUbiAttendance-Attendance Management Software
UbiAttendance-Attendance Management Software
UbiTech Solutions Pvt. Ltd.
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
Fairfax County
 
H -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroringH -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroring
GAURAV. H .TANDON
 
Building Trust in the Digital Age
Building Trust in the Digital AgeBuilding Trust in the Digital Age
Building Trust in the Digital Age
Marian Merritt
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
Yasir Nafees
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness TrainingRandy Bowman
 
General Work Rules 5-30-09
General Work Rules 5-30-09General Work Rules 5-30-09
General Work Rules 5-30-09Jo Woolery
 
7. physical sec
7. physical sec7. physical sec
7. physical sec7wounders
 
POSH Act 2013 Awareness And Training Module
POSH Act 2013 Awareness And Training ModulePOSH Act 2013 Awareness And Training Module
POSH Act 2013 Awareness And Training Module
studyneur
 
HARDENING OF WINDOWS 10 OS.pptx
HARDENING OF WINDOWS 10 OS.pptxHARDENING OF WINDOWS 10 OS.pptx
HARDENING OF WINDOWS 10 OS.pptx
ssuser80ad2d
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and Procedure
The Pathway Group
 
OSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security PresentationOSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security Presentation
Dr. Lydia Kostopoulos
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System Administration
Lisa Dowdell, MSISTM
 
POSH PPT - D1.pptx
POSH PPT - D1.pptxPOSH PPT - D1.pptx
POSH PPT - D1.pptx
RAINAT1
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
Identacor
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
ANAND MURALI
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 

What's hot (20)

UbiAttendance-Attendance Management Software
UbiAttendance-Attendance Management SoftwareUbiAttendance-Attendance Management Software
UbiAttendance-Attendance Management Software
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
 
H -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroringH -Tech frauds of identity theft, Identity cloning and address mirroring
H -Tech frauds of identity theft, Identity cloning and address mirroring
 
Security Awareness Training by Fortinet
Security Awareness Training by FortinetSecurity Awareness Training by Fortinet
Security Awareness Training by Fortinet
 
Building Trust in the Digital Age
Building Trust in the Digital AgeBuilding Trust in the Digital Age
Building Trust in the Digital Age
 
Information Security Awareness for everyone
Information Security Awareness for everyoneInformation Security Awareness for everyone
Information Security Awareness for everyone
 
Information Security Awareness Training
Information Security Awareness TrainingInformation Security Awareness Training
Information Security Awareness Training
 
General Work Rules 5-30-09
General Work Rules 5-30-09General Work Rules 5-30-09
General Work Rules 5-30-09
 
7. physical sec
7. physical sec7. physical sec
7. physical sec
 
POSH Act 2013 Awareness And Training Module
POSH Act 2013 Awareness And Training ModulePOSH Act 2013 Awareness And Training Module
POSH Act 2013 Awareness And Training Module
 
HARDENING OF WINDOWS 10 OS.pptx
HARDENING OF WINDOWS 10 OS.pptxHARDENING OF WINDOWS 10 OS.pptx
HARDENING OF WINDOWS 10 OS.pptx
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and Procedure
 
OSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security PresentationOSAC: Personal Digital Security Presentation
OSAC: Personal Digital Security Presentation
 
Security Management | System Administration
Security Management | System AdministrationSecurity Management | System Administration
Security Management | System Administration
 
POSH PPT - D1.pptx
POSH PPT - D1.pptxPOSH PPT - D1.pptx
POSH PPT - D1.pptx
 
Identity and Access Management (IAM)
Identity and Access Management (IAM)Identity and Access Management (IAM)
Identity and Access Management (IAM)
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
INFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEMINFORMATION SECURITY SYSTEM
INFORMATION SECURITY SYSTEM
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 

Similar to IT Policy Template

An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
Sina Manavi
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
Varinder K
 
ISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGTISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGT
cheyennedaisy
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
SonakshiMundra
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
Demand Metric
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
k33a
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyKunal Sharma
 
Data security
Data securityData security
Data security
ZachAttack9
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Business Days
 
IT Policy
IT Policy IT Policy
IT Policy
Julian Hutabarat
 
Byod security
Byod security Byod security
Byod security
Denise Bailey
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
Fernando Palma
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
Pace IT at Edmonds Community College
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
Rocket Matter, LLC
 
Hem infotech company profile
Hem infotech  company profileHem infotech  company profile
Hem infotech company profile
Hem Infotech
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
Net at Work
 
Mobile technology andy brady - chicago tour
Mobile technology   andy brady - chicago tour Mobile technology   andy brady - chicago tour
Mobile technology andy brady - chicago tour
Ramon Ray
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
mydrynan
 

Similar to IT Policy Template (20)

An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
 
ISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGTISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGT
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security Policy
 
Data security
Data securityData security
Data security
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
 
IT Policy
IT Policy IT Policy
IT Policy
 
Byod security
Byod security Byod security
Byod security
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
 
Hem infotech company profile
Hem infotech  company profileHem infotech  company profile
Hem infotech company profile
 
BYOD
BYODBYOD
BYOD
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
Mobile technology andy brady - chicago tour
Mobile technology   andy brady - chicago tour Mobile technology   andy brady - chicago tour
Mobile technology andy brady - chicago tour
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
 
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
 

More from Peter Henley

Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
Peter Henley
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
Peter Henley
 
Advice to graduates
Advice to graduatesAdvice to graduates
Advice to graduatesPeter Henley
 
Cyber security
Cyber securityCyber security
Cyber security
Peter Henley
 
Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIO
Peter Henley
 
eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879Peter Henley
 
Cloud Plan 2014
Cloud Plan 2014Cloud Plan 2014
Cloud Plan 2014
Peter Henley
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
Peter Henley
 
Cloud Computing Discussion Points
Cloud Computing Discussion PointsCloud Computing Discussion Points
Cloud Computing Discussion PointsPeter Henley
 
Cloud Computing Classifications
Cloud Computing ClassificationsCloud Computing Classifications
Cloud Computing Classifications
Peter Henley
 
Cloud slides
Cloud slidesCloud slides
Cloud slides
Peter Henley
 
Paperless Best Practices 2014
Paperless Best Practices 2014Paperless Best Practices 2014
Paperless Best Practices 2014Peter Henley
 
CPA Firm CIO Job Description
CPA Firm CIO Job DescriptionCPA Firm CIO Job Description
CPA Firm CIO Job DescriptionPeter Henley
 
2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA
Peter Henley
 
Clark Nuber IT Policy
Clark Nuber IT PolicyClark Nuber IT Policy
Clark Nuber IT PolicyPeter Henley
 
Technology Profile of a Company
Technology Profile of a CompanyTechnology Profile of a Company
Technology Profile of a CompanyPeter Henley
 
Killer Interview Questions
Killer Interview QuestionsKiller Interview Questions
Killer Interview QuestionsPeter Henley
 
CIO skills evaluation
CIO skills evaluationCIO skills evaluation
CIO skills evaluationPeter Henley
 
Business continuity
Business continuityBusiness continuity
Business continuityPeter Henley
 

More from Peter Henley (20)

Cyber Security - ASGFOA
Cyber Security - ASGFOACyber Security - ASGFOA
Cyber Security - ASGFOA
 
Experion Data Breach Response Excerpts
Experion Data Breach Response ExcerptsExperion Data Breach Response Excerpts
Experion Data Breach Response Excerpts
 
Advice to graduates
Advice to graduatesAdvice to graduates
Advice to graduates
 
Cyber security
Cyber securityCyber security
Cyber security
 
Strategic role of the CIO
Strategic role of the CIOStrategic role of the CIO
Strategic role of the CIO
 
eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879eSign 2014 With IRS form 8879
eSign 2014 With IRS form 8879
 
Cloud Plan 2014
Cloud Plan 2014Cloud Plan 2014
Cloud Plan 2014
 
Digital Signatures
Digital SignaturesDigital Signatures
Digital Signatures
 
Cloud Computing Discussion Points
Cloud Computing Discussion PointsCloud Computing Discussion Points
Cloud Computing Discussion Points
 
Cloud Computing Classifications
Cloud Computing ClassificationsCloud Computing Classifications
Cloud Computing Classifications
 
Cloud slides
Cloud slidesCloud slides
Cloud slides
 
Paperless Best Practices 2014
Paperless Best Practices 2014Paperless Best Practices 2014
Paperless Best Practices 2014
 
CPA Firm CIO Job Description
CPA Firm CIO Job DescriptionCPA Firm CIO Job Description
CPA Firm CIO Job Description
 
2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA2001 Terrorist Attacks On USA
2001 Terrorist Attacks On USA
 
Clark Nuber IT Policy
Clark Nuber IT PolicyClark Nuber IT Policy
Clark Nuber IT Policy
 
Technology Profile of a Company
Technology Profile of a CompanyTechnology Profile of a Company
Technology Profile of a Company
 
Killer Interview Questions
Killer Interview QuestionsKiller Interview Questions
Killer Interview Questions
 
CIO Role
CIO RoleCIO Role
CIO Role
 
CIO skills evaluation
CIO skills evaluationCIO skills evaluation
CIO skills evaluation
 
Business continuity
Business continuityBusiness continuity
Business continuity
 

Recently uploaded

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Product School
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
Elena Simperl
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
RTTS
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
Paul Groth
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 

Recently uploaded (20)

Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMsTo Graph or Not to Graph Knowledge Graph Architectures and LLMs
To Graph or Not to Graph Knowledge Graph Architectures and LLMs
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 

IT Policy Template

  • 1. ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership II. Definitions III. Privacy IV. General Use V. Personal Use VI. Passwords VII. Internet Access VIII. Remote Access IX. Data X. Physical Security XI. Unauthorized Copying of Copyrighted Software ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 1 of 7
  • 2. ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership All corporate data as defined in section II of this policy is owned by ZYZ Corp II. Definitions • Corporate data includes files (paper and electronic), email messages, voice messages and faxes. • Personal Data – Files that an employee would expect to take with them should they leave the firm. • Confidential Information includes but is not limited to: Tax returns whether draft, final or any other version Tax planning documents Financial statements Various schedules including but not limited to amortization, fixed assets, leases and other debt schedules List of IT Approved Mobile Devices: • iPhone, Android, Windows Phone • iPad • iPod Touch • Kindle Fire • Windows Surface • Other tablets III. Privacy 1. Employees have no right to privacy of any material created, received, or sent via email, fax, use of the Internet, or by any other computer or mobile device use. 2. ZYZ Corp reserves the right to monitor, log, and review, all email, Internet access and other computer and mobile device use. 3. Please be aware that deleting a file or email message will most likely not destroy it completely. 4. ZYZ Corp has the ability, and reserves the right to access all computers and email accounts without regard for any passwords. IV. General Use • Computer, Internet and email use is subject to all other ZYZ Corp policies, including but not limited to those concerning harassment. • The display or transmission of sexually explicit images, and cartoons is not allowed. Other such misuse includes, but is not limited to, ethnic slurs, racial comments, off-color jokes, or anything that may be construed as harassment or showing disrespect for others. Employees are expressly forbidden to access Internet sites where potentially offensive material is located. Downloading or viewing pornography or other questionable material is not allowed and may be subject to review and subsequent disciplinary action. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 2 of 7
  • 3. ZYZ CORP INFORMATION SYSTEMS POLICIES V. Personal Use 1. Email, Internet access, and computers should be used primarily for business purposes. 2. Employees are permitted to use computers, non-corporate email accounts and the Internet for personal use, provided such use is limited in quantity, and is done on the employee’s personal time. 3. Personal use of the Internet while connected to client networks is expressly prohibited. 4. Personal use of computers is subject to the following: a) Employees’ email accounts, Internet access, and computer use may be monitored and reported on by the company. b) Employees should not view or distribute any obscene, disparaging, derogatory or other type of material that violates ZYZ Corp professional ethical standards. Everything should be “G” rated. c) Employees should not use their company email address or computer to subscribe to any email distribution lists for non-business purposes. d) Streaming or downloading music or movies is prohibited. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 3 of 7
  • 4. ZYZ CORP INFORMATION SYSTEMS POLICIES VI. Passwords • Passwords must never be written down. • Passwords should never be typed into a public, friend’s or relatives’ computer or mobile device. • Mobile Device access (screen lock) passcode must be maintained at all times on tablets and smart phones. Password Sharing • Passwords must never be revealed to anyone for any reason other than ZYZ Corp IT support staff. To do so exposes the authorized user to responsibility for actions (such as deleting files) that the other party takes with the disclosed password. • All passwords must be immediately changed if they are suspected of being disclosed to anyone other than the authorized user. VII. Internet Access 1. Access to sites deemed inappropriate by management is strictly prohibited. These sites include, but are not limited to sites in the following categories: a.Obscene or offensive b. Illegal c.Gaming d. Streaming audio and video including radio stations 2. Employees are permitted to use the Internet for personal use provided such use is limited in quantity, and is done on the employee’s personal time. 3. Game playing, streaming audio and video, and audio and video downloading are strictly prohibited at all times. • Audio and video use for business purposes is permissible only in ZYZ Corp’s office. • ZYZ Corp issued Mobile Hotspots are never to be used for audio or video streaming or downloading. 4. Staff members are expected to limit their use of the Internet to access information which is acceptable in the workplace. This policy applies at any hour of the day, whether there are others in the building or not. Employees should remember that our systems maintain records of Internet traffic – sites that have been accessed, who accessed them, and the time of day. Staff may access the Internet for personal use during non–working hours; however staff should use their best professional judgment in determining if such use is wise while guests or visitors are in the office. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 4 of 7
  • 5. ZYZ CORP INFORMATION SYSTEMS POLICIES VIII. Remote Access General ZYZ Corp (the Firm) encourages all employees to take advantage of our remote computing capabilities. The ability to connect to the Firm’s resources from any location (client’s office, employee’s home, or while traveling) provides an added dimension to client service as well as an employee benefit. The system will handle access to e-mail and instant messaging services, tax return preparation, audit workpaper preparation, client and administrative documents, time and billing, and the Firm’s Intranet. Employees must exercise care in order to insure the security of data, and comply with all software licensing agreements. Specific Policies 1. Employees should not allow anyone else to access Firm resources. 2. Employees should never access Firm resources from any computer or mobile device not owned by the employee or the firm. 3. Special care should be exercised when an employee owned computer or mobile device s shared in a family or social setting. 4. A current copy of Anti-Virus software must be installed and active on any employee owned computer which is used for remote access. 5. ZYZ Corp-issued Mobile Hotspot devices are never to be used for streaming audio or video, or large downloads. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 5 of 7
  • 6. ZYZ CORP INFORMATION SYSTEMS POLICIES IX. Data Social Security Numbers Client social security numbers may not be stored on: ZYZ Corp’s email system Desktop computer C drives USB Drives Client social security numbers may only be stored on: The SharePoint system ShareFile PFx Engagement GoSystem RS Corporate Data • Corporate data may never reside on non-corporate computers or drives except for IT Department approved, employee owned mobile devices. • Corporate data stored on USB drives must be encrypted. Personal Data • Personal data may reside only on corporate computers’ C drives. • Personal data may never reside on the ZYZ Corp network or email system. Email • Confidential attachments must be sent in Adobe Acrobat format using the “Password to Open” feature and the standard ZYZ Corp password convention: o The client’s entire social security or EIN with no hyphens, typed TWICE. o The password can then be described in the body of the email message. • Confidential documents and spreadsheets that need to be transmitted in native format (Microsoft Word and Excel) must be placed on the client’s portal. If no portal exists, the IT department will create one or use the secure temporary portal which is in place for just such a purpose. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 6 of 7
  • 7. ZYZ CORP INFORMATION SYSTEMS POLICIES X. Physical Security • Computer and peripheral equipment other than laptops, projectors and authorized accessories may not be removed from the ZYZ Corp offices. • When driving with laptops and accessories, they must be kept in the trunk of the car at all times. If the car has no trunk, care must be taken to keep them out of sight. Arriving at a destination, removing the laptop from the interior, and putting it in the trunk is unacceptable. Laptops should be placed in the trunk before traveling. • Laptops should never be left in cars overnight. • When traveling, laptops should never be left unattended, except in a locked hotel room. • If a laptop is lost, misplaced or stolen, the ZYZ Corp IT department should be notified immediately. • No one other than a ZYZ Corp employee is permitted to operate a company computer except with permission of the ZYZ Corp IT department. • If an employee owned mobile device with corporate email is lost, the ZYZ Corp IT department must be notified immediately. XI. Unauthorized Copying of Copyrighted Software • The firm’s IT Department must approve all applications before such applications are installed. • ZYZ Corp does not tolerate the unauthorized copying of licensed computer software. ZYZ Corp shall adhere to its contractual responsibilities and shall comply with all copyright laws, and expects all employees of ZYZ Corp to do the same. Employees of ZYZ Corp who violate this policy may be subject to discipline according to standard ZYZ Corp procedures. An individual engaged in the unauthorized copying or use of software may also face civil suit, criminal charges, and/or penalties and fines. Subject to the facts and circumstances of each case, such individuals shall be solely responsible for their defense and any resulting liability. I have read the content of all of the above policies on pages 1-7. I understand the policies and agree to comply. ____________________________ ____________________________ __________ Name Signature Date ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 7 of 7