SlideShare a Scribd company logo

Sample IT Policy

Download as DOC, PDF
Clarknuber
Clarknuber

This document outlines ZYZ Corp's information systems policies, including: - Corporate data ownership and definitions of corporate, personal, and confidential data. - Privacy policies regarding monitoring employee computer and device use, and access to passwords. - General use policies prohibiting offensive content and personal streaming/downloading. - Limited personal use of systems if done on personal time. - Password security and remote access policies. - Data storage policies regarding social security numbers and corporate/personal data. - Physical security of devices and reporting lost/stolen equipment. - Prohibition of unauthorized software copying.

Technology
1 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership II. Definitions III. Privacy IV. General Use V. Personal Use VI. Passwords VII. Internet Access VIII. Remote Access IX. Data X. Physical Security XI. Unauthorized Copying of Copyrighted Software ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 1 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership All corporate data as defined in section II of this policy is owned by ZYZ Corp II. Definitions • Corporate data includes files (paper and electronic), email messages, voice messages and faxes. • Personal Data – Files that an employee would expect to take with them should they leave the firm. • Confidential Information includes but is not limited to: Tax returns whether draft, final or any other version Tax planning documents Financial statements Various schedules including but not limited to amortization, fixed assets, leases and other debt schedules List of IT Approved Mobile Devices: • iPhone, Android, Windows Phone • iPad • iPod Touch • Kindle Fire • Windows Surface • Other tablets III. Privacy 1. Employees have no right to privacy of any material created, received, or sent via email, fax, use of the Internet, or by any other computer or mobile device use. 2. ZYZ Corp reserves the right to monitor, log, and review, all email, Internet access and other computer and mobile device use. 3. Please be aware that deleting a file or email message will most likely not destroy it completely. 4. ZYZ Corp has the ability, and reserves the right to access all computers and email accounts without regard for any passwords. IV. General Use • Computer, Internet and email use is subject to all other ZYZ Corp policies, including but not limited to those concerning harassment. • The display or transmission of sexually explicit images, and cartoons is not allowed. Other such misuse includes, but is not limited to, ethnic slurs, racial comments, off-color jokes, or anything that may be construed as harassment or showing disrespect for others. Employees are expressly forbidden to access Internet sites where potentially offensive material is located. Downloading or viewing pornography or other questionable material is not allowed and may be subject to review and subsequent disciplinary action. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 2 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES V. Personal Use 1. Email, Internet access, and computers should be used primarily for business purposes. 2. Employees are permitted to use computers, non-corporate email accounts and the Internet for personal use, provided such use is limited in quantity, and is done on the employee’s personal time. 3. Personal use of the Internet while connected to client networks is expressly prohibited. 4. Personal use of computers is subject to the following: a) Employees’ email accounts, Internet access, and computer use may be monitored and reported on by the company. b) Employees should not view or distribute any obscene, disparaging, derogatory or other type of material that violates ZYZ Corp professional ethical standards. Everything should be “G” rated. c) Employees should not use their company email address or computer to subscribe to any email distribution lists for non-business purposes. d) Streaming or downloading music or movies is prohibited. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 3 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES VI. Passwords • Passwords must never be written down. • Passwords should never be typed into a public, friend’s or relatives’ computer or mobile device. • Mobile Device access (screen lock) passcode must be maintained at all times on tablets and smart phones. Password Sharing • Passwords must never be revealed to anyone for any reason other than ZYZ Corp IT support staff. To do so exposes the authorized user to responsibility for actions (such as deleting files) that the other party takes with the disclosed password. • All passwords must be immediately changed if they are suspected of being disclosed to anyone other than the authorized user. VII. Internet Access 1. Access to sites deemed inappropriate by management is strictly prohibited. These sites include, but are not limited to sites in the following categories: a.Obscene or offensive b. Illegal c.Gaming d. Streaming audio and video including radio stations 2. Employees are permitted to use the Internet for personal use provided such use is limited in quantity, and is done on the employee’s personal time. 3. Game playing, streaming audio and video, and audio and video downloading are strictly prohibited at all times. • Audio and video use for business purposes is permissible only in ZYZ Corp’s office. • ZYZ Corp issued Mobile Hotspots are never to be used for audio or video streaming or downloading. 4. Staff members are expected to limit their use of the Internet to access information which is acceptable in the workplace. This policy applies at any hour of the day, whether there are others in the building or not. Employees should remember that our systems maintain records of Internet traffic – sites that have been accessed, who accessed them, and the time of day. Staff may access the Internet for personal use during non–working hours; however staff should use their best professional judgment in determining if such use is wise while guests or visitors are in the office. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 4 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES VIII. Remote Access General ZYZ Corp (the Firm) encourages all employees to take advantage of our remote computing capabilities. The ability to connect to the Firm’s resources from any location (client’s office, employee’s home, or while traveling) provides an added dimension to client service as well as an employee benefit. The system will handle access to e-mail and instant messaging services, tax return preparation, audit workpaper preparation, client and administrative documents, time and billing, and the Firm’s Intranet. Employees must exercise care in order to insure the security of data, and comply with all software licensing agreements. Specific Policies 1. Employees should not allow anyone else to access Firm resources. 2. Employees should never access Firm resources from any computer or mobile device not owned by the employee or the firm. 3. Special care should be exercised when an employee owned computer or mobile device s shared in a family or social setting. 4. A current copy of Anti-Virus software must be installed and active on any employee owned computer which is used for remote access. 5. ZYZ Corp-issued Mobile Hotspot devices are never to be used for streaming audio or video, or large downloads. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 5 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES IX. Data Social Security Numbers Client social security numbers may not be stored on: ZYZ Corp’s email system Desktop computer C drives USB Drives Client social security numbers may only be stored on: The SharePoint system ShareFile PFx Engagement GoSystem RS Corporate Data • Corporate data may never reside on non-corporate computers or drives except for IT Department approved, employee owned mobile devices. • Corporate data stored on USB drives must be encrypted. Personal Data • Personal data may reside only on corporate computers’ C drives. • Personal data may never reside on the ZYZ Corp network or email system. Email • Confidential attachments must be sent in Adobe Acrobat format using the “Password to Open” feature and the standard ZYZ Corp password convention: o The client’s entire social security or EIN with no hyphens, typed TWICE. o The password can then be described in the body of the email message. • Confidential documents and spreadsheets that need to be transmitted in native format (Microsoft Word and Excel) must be placed on the client’s portal. If no portal exists, the IT department will create one or use the secure temporary portal which is in place for just such a purpose. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 6 of 7
ZYZ CORP INFORMATION SYSTEMS POLICIES X. Physical Security • Computer and peripheral equipment other than laptops, projectors and authorized accessories may not be removed from the ZYZ Corp offices. • When driving with laptops and accessories, they must be kept in the trunk of the car at all times. If the car has no trunk, care must be taken to keep them out of sight. Arriving at a destination, removing the laptop from the interior, and putting it in the trunk is unacceptable. Laptops should be placed in the trunk before traveling. • Laptops should never be left in cars overnight. • When traveling, laptops should never be left unattended, except in a locked hotel room. • If a laptop is lost, misplaced or stolen, the ZYZ Corp IT department should be notified immediately. • No one other than a ZYZ Corp employee is permitted to operate a company computer except with permission of the ZYZ Corp IT department. • If an employee owned mobile device with corporate email is lost, the ZYZ Corp IT department must be notified immediately. XI. Unauthorized Copying of Copyrighted Software • The firm’s IT Department must approve all applications before such applications are installed. • ZYZ Corp does not tolerate the unauthorized copying of licensed computer software. ZYZ Corp shall adhere to its contractual responsibilities and shall comply with all copyright laws, and expects all employees of ZYZ Corp to do the same. Employees of ZYZ Corp who violate this policy may be subject to discipline according to standard ZYZ Corp procedures. An individual engaged in the unauthorized copying or use of software may also face civil suit, criminal charges, and/or penalties and fines. Subject to the facts and circumstances of each case, such individuals shall be solely responsible for their defense and any resulting liability. I have read the content of all of the above policies on pages 1-7. I understand the policies and agree to comply. ____________________________ ____________________________ __________ Name Signature Date ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 7 of 7

Recommended

It policy (ver 1.0)
It policy (ver 1.0)It policy (ver 1.0)
It policy (ver 1.0)
sentmery5
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and Procedure
The Pathway Group
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
Perry Slack
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
imehreenx
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
Vijay Dalmia
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
Denis kisina
 
Internet Acceptable Use Policy
Internet Acceptable Use PolicyInternet Acceptable Use Policy
Internet Acceptable Use PolicyJennifer Whitt
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 

Recommended

It policy (ver 1.0)
It policy (ver 1.0)It policy (ver 1.0)
It policy (ver 1.0)
sentmery5
 
Computer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and ProcedureComputer, E-mail and Internet Usage Policy and Procedure
Computer, E-mail and Internet Usage Policy and Procedure
The Pathway Group
 
Presentation on Information Privacy
Presentation on Information PrivacyPresentation on Information Privacy
Presentation on Information Privacy
Perry Slack
 
Information Privacy
Information PrivacyInformation Privacy
Information Privacy
imehreenx
 
Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour Information Technology Policy for Corporates - Need of the Hour
Information Technology Policy for Corporates - Need of the Hour
Vijay Dalmia
 
Employee Security Awareness Training
Employee Security Awareness TrainingEmployee Security Awareness Training
Employee Security Awareness Training
Denis kisina
 
Internet Acceptable Use Policy
Internet Acceptable Use PolicyInternet Acceptable Use Policy
Internet Acceptable Use PolicyJennifer Whitt
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
it act
it actit act
it actdevendraameta123
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Security tools
Security toolsSecurity tools
Security tools
arfan shahzad
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Parsons Behle & Latimer
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
IT Policy
IT Policy IT Policy
IT Policy
Julian Hutabarat
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
Ahmed Musaad
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
JayfErika
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentation
A.S. Sabuj
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!
Asma Hossain
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
Sina Manavi
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
Varinder K
 

More Related Content

What's hot

Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training OpenFred Beck MBA, CPA
 
Security tools
Security toolsSecurity tools
Security tools
arfan shahzad
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Parsons Behle & Latimer
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@R_Yanus
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
Animesh Roy
 
IT Policy
IT Policy IT Policy
IT Policy
Julian Hutabarat
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalAtlantic Training, LLC.
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
Ken Holmes
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
Ahmed Musaad
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
JayfErika
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
Dr. Ahmed Al Zaidy
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentation
A.S. Sabuj
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
zhihaochen
 
Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!
Asma Hossain
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
Krishna Srikanth Manda
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
hubbargf
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 

What's hot (20)

it act
it actit act
it act
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
 
Information Security Awareness Training Open
Information Security Awareness Training OpenInformation Security Awareness Training Open
Information Security Awareness Training Open
 
Security tools
Security toolsSecurity tools
Security tools
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
 
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data BreachesCyber Security Update: How to Train Your Employees to Prevent Data Breaches
Cyber Security Update: How to Train Your Employees to Prevent Data Breaches
 
Employee Security Training[1]@
Employee Security Training[1]@Employee Security Training[1]@
Employee Security Training[1]@
 
1. introduction to cyber security
1. introduction to cyber security1. introduction to cyber security
1. introduction to cyber security
 
IT Policy
IT Policy IT Policy
IT Policy
 
Information Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn HospitalInformation Security Awareness Training by Mount Auburn Hospital
Information Security Awareness Training by Mount Auburn Hospital
 
Awareness Training on Information Security
Awareness Training on Information SecurityAwareness Training on Information Security
Awareness Training on Information Security
 
Information Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing SudanInformation Security Awareness, Petronas Marketing Sudan
Information Security Awareness, Petronas Marketing Sudan
 
Securityawareness
SecurityawarenessSecurityawareness
Securityawareness
 
Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1Fundamentals of Information Systems Security Chapter 1
Fundamentals of Information Systems Security Chapter 1
 
Cyber security system presentation
Cyber security system presentationCyber security system presentation
Cyber security system presentation
 
The insider versus external threat
The insider versus external threatThe insider versus external threat
The insider versus external threat
 
Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!Cybercrime a growing threat of 21 st century !!!
Cybercrime a growing threat of 21 st century !!!
 
Cyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionalsCyber Security Awareness Session for Executives and Non-IT professionals
Cyber Security Awareness Session for Executives and Non-IT professionals
 
New Hire Information Security Awareness
New Hire Information Security AwarenessNew Hire Information Security Awareness
New Hire Information Security Awareness
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 

Similar to Sample IT Policy

An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
Sina Manavi
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
Varinder K
 
ISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGTISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGT
cheyennedaisy
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
SonakshiMundra
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
Demand Metric
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
k33a
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyKunal Sharma
 
Data security
Data securityData security
Data security
ZachAttack9
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Business Days
 
Byod security
Byod security Byod security
Byod security
Denise Bailey
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
Fernando Palma
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
Pace IT at Edmonds Community College
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
Rocket Matter, LLC
 
Hem infotech company profile
Hem infotech company profileHem infotech company profile
Hem infotech company profile
Hem Infotech
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
Net at Work
 
Mobile technology andy brady - chicago tour
Mobile technology andy brady - chicago tour Mobile technology andy brady - chicago tour
Mobile technology andy brady - chicago tour
Ramon Ray
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD Worldmkeane
 
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
mydrynan
 
Free_business_IT_security_policy_template_v5.pdf
Free_business_IT_security_policy_template_v5.pdfFree_business_IT_security_policy_template_v5.pdf
Free_business_IT_security_policy_template_v5.pdf
klodianelezi1
 

Similar to Sample IT Policy (20)

An Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile SecurityAn Introduction on Design and Implementation on BYOD and Mobile Security
An Introduction on Design and Implementation on BYOD and Mobile Security
 
CyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdfCyberSecurity Cyber24x7.pdf
CyberSecurity Cyber24x7.pdf
 
ISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGTISSP on Fair Use of Organizational Technology for CGT
ISSP on Fair Use of Organizational Technology for CGT
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Mobile Device Policy Template
Mobile Device Policy Template Mobile Device Policy Template
Mobile Device Policy Template
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
Cyber Defense Team's Security Policy
Cyber Defense Team's Security PolicyCyber Defense Team's Security Policy
Cyber Defense Team's Security Policy
 
Data security
Data securityData security
Data security
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
 
Byod security
Byod security Byod security
Byod security
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
 
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
PACE-IT, Security+ 4.2: Mobile Security Concepts and Technologies (part 2)
 
How to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data SafeHow to Secure Your iOs Device and Keep Client Data Safe
How to Secure Your iOs Device and Keep Client Data Safe
 
Hem infotech company profile
Hem infotech company profileHem infotech company profile
Hem infotech company profile
 
BYOD
BYODBYOD
BYOD
 
Meeting the Cybersecurity Challenge
Meeting the Cybersecurity ChallengeMeeting the Cybersecurity Challenge
Meeting the Cybersecurity Challenge
 
Mobile technology andy brady - chicago tour
Mobile technology andy brady - chicago tour Mobile technology andy brady - chicago tour
Mobile technology andy brady - chicago tour
 
The Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD WorldThe Accidental Cloud: Privacy and Security Issues in a BYOD World
The Accidental Cloud: Privacy and Security Issues in a BYOD World
 
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docxCSIA 413 Cybersecurity Policy, Plans, and Programs.docx
CSIA 413 Cybersecurity Policy, Plans, and Programs.docx
 
Free_business_IT_security_policy_template_v5.pdf
Free_business_IT_security_policy_template_v5.pdfFree_business_IT_security_policy_template_v5.pdf
Free_business_IT_security_policy_template_v5.pdf
 

Recently uploaded

20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
Alpen-Adria-Universität
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 

Recently uploaded (20)

20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Video Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the FutureVideo Streaming: Then, Now, and in the Future
Video Streaming: Then, Now, and in the Future
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 

Sample IT Policy

  • 1. ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership II. Definitions III. Privacy IV. General Use V. Personal Use VI. Passwords VII. Internet Access VIII. Remote Access IX. Data X. Physical Security XI. Unauthorized Copying of Copyrighted Software ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 1 of 7
  • 2. ZYZ CORP INFORMATION SYSTEMS POLICIES I. Information Ownership All corporate data as defined in section II of this policy is owned by ZYZ Corp II. Definitions • Corporate data includes files (paper and electronic), email messages, voice messages and faxes. • Personal Data – Files that an employee would expect to take with them should they leave the firm. • Confidential Information includes but is not limited to: Tax returns whether draft, final or any other version Tax planning documents Financial statements Various schedules including but not limited to amortization, fixed assets, leases and other debt schedules List of IT Approved Mobile Devices: • iPhone, Android, Windows Phone • iPad • iPod Touch • Kindle Fire • Windows Surface • Other tablets III. Privacy 1. Employees have no right to privacy of any material created, received, or sent via email, fax, use of the Internet, or by any other computer or mobile device use. 2. ZYZ Corp reserves the right to monitor, log, and review, all email, Internet access and other computer and mobile device use. 3. Please be aware that deleting a file or email message will most likely not destroy it completely. 4. ZYZ Corp has the ability, and reserves the right to access all computers and email accounts without regard for any passwords. IV. General Use • Computer, Internet and email use is subject to all other ZYZ Corp policies, including but not limited to those concerning harassment. • The display or transmission of sexually explicit images, and cartoons is not allowed. Other such misuse includes, but is not limited to, ethnic slurs, racial comments, off-color jokes, or anything that may be construed as harassment or showing disrespect for others. Employees are expressly forbidden to access Internet sites where potentially offensive material is located. Downloading or viewing pornography or other questionable material is not allowed and may be subject to review and subsequent disciplinary action. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 2 of 7
  • 3. ZYZ CORP INFORMATION SYSTEMS POLICIES V. Personal Use 1. Email, Internet access, and computers should be used primarily for business purposes. 2. Employees are permitted to use computers, non-corporate email accounts and the Internet for personal use, provided such use is limited in quantity, and is done on the employee’s personal time. 3. Personal use of the Internet while connected to client networks is expressly prohibited. 4. Personal use of computers is subject to the following: a) Employees’ email accounts, Internet access, and computer use may be monitored and reported on by the company. b) Employees should not view or distribute any obscene, disparaging, derogatory or other type of material that violates ZYZ Corp professional ethical standards. Everything should be “G” rated. c) Employees should not use their company email address or computer to subscribe to any email distribution lists for non-business purposes. d) Streaming or downloading music or movies is prohibited. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 3 of 7
  • 4. ZYZ CORP INFORMATION SYSTEMS POLICIES VI. Passwords • Passwords must never be written down. • Passwords should never be typed into a public, friend’s or relatives’ computer or mobile device. • Mobile Device access (screen lock) passcode must be maintained at all times on tablets and smart phones. Password Sharing • Passwords must never be revealed to anyone for any reason other than ZYZ Corp IT support staff. To do so exposes the authorized user to responsibility for actions (such as deleting files) that the other party takes with the disclosed password. • All passwords must be immediately changed if they are suspected of being disclosed to anyone other than the authorized user. VII. Internet Access 1. Access to sites deemed inappropriate by management is strictly prohibited. These sites include, but are not limited to sites in the following categories: a.Obscene or offensive b. Illegal c.Gaming d. Streaming audio and video including radio stations 2. Employees are permitted to use the Internet for personal use provided such use is limited in quantity, and is done on the employee’s personal time. 3. Game playing, streaming audio and video, and audio and video downloading are strictly prohibited at all times. • Audio and video use for business purposes is permissible only in ZYZ Corp’s office. • ZYZ Corp issued Mobile Hotspots are never to be used for audio or video streaming or downloading. 4. Staff members are expected to limit their use of the Internet to access information which is acceptable in the workplace. This policy applies at any hour of the day, whether there are others in the building or not. Employees should remember that our systems maintain records of Internet traffic – sites that have been accessed, who accessed them, and the time of day. Staff may access the Internet for personal use during non–working hours; however staff should use their best professional judgment in determining if such use is wise while guests or visitors are in the office. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 4 of 7
  • 5. ZYZ CORP INFORMATION SYSTEMS POLICIES VIII. Remote Access General ZYZ Corp (the Firm) encourages all employees to take advantage of our remote computing capabilities. The ability to connect to the Firm’s resources from any location (client’s office, employee’s home, or while traveling) provides an added dimension to client service as well as an employee benefit. The system will handle access to e-mail and instant messaging services, tax return preparation, audit workpaper preparation, client and administrative documents, time and billing, and the Firm’s Intranet. Employees must exercise care in order to insure the security of data, and comply with all software licensing agreements. Specific Policies 1. Employees should not allow anyone else to access Firm resources. 2. Employees should never access Firm resources from any computer or mobile device not owned by the employee or the firm. 3. Special care should be exercised when an employee owned computer or mobile device s shared in a family or social setting. 4. A current copy of Anti-Virus software must be installed and active on any employee owned computer which is used for remote access. 5. ZYZ Corp-issued Mobile Hotspot devices are never to be used for streaming audio or video, or large downloads. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 5 of 7
  • 6. ZYZ CORP INFORMATION SYSTEMS POLICIES IX. Data Social Security Numbers Client social security numbers may not be stored on: ZYZ Corp’s email system Desktop computer C drives USB Drives Client social security numbers may only be stored on: The SharePoint system ShareFile PFx Engagement GoSystem RS Corporate Data • Corporate data may never reside on non-corporate computers or drives except for IT Department approved, employee owned mobile devices. • Corporate data stored on USB drives must be encrypted. Personal Data • Personal data may reside only on corporate computers’ C drives. • Personal data may never reside on the ZYZ Corp network or email system. Email • Confidential attachments must be sent in Adobe Acrobat format using the “Password to Open” feature and the standard ZYZ Corp password convention: o The client’s entire social security or EIN with no hyphens, typed TWICE. o The password can then be described in the body of the email message. • Confidential documents and spreadsheets that need to be transmitted in native format (Microsoft Word and Excel) must be placed on the client’s portal. If no portal exists, the IT department will create one or use the secure temporary portal which is in place for just such a purpose. ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 6 of 7
  • 7. ZYZ CORP INFORMATION SYSTEMS POLICIES X. Physical Security • Computer and peripheral equipment other than laptops, projectors and authorized accessories may not be removed from the ZYZ Corp offices. • When driving with laptops and accessories, they must be kept in the trunk of the car at all times. If the car has no trunk, care must be taken to keep them out of sight. Arriving at a destination, removing the laptop from the interior, and putting it in the trunk is unacceptable. Laptops should be placed in the trunk before traveling. • Laptops should never be left in cars overnight. • When traveling, laptops should never be left unattended, except in a locked hotel room. • If a laptop is lost, misplaced or stolen, the ZYZ Corp IT department should be notified immediately. • No one other than a ZYZ Corp employee is permitted to operate a company computer except with permission of the ZYZ Corp IT department. • If an employee owned mobile device with corporate email is lost, the ZYZ Corp IT department must be notified immediately. XI. Unauthorized Copying of Copyrighted Software • The firm’s IT Department must approve all applications before such applications are installed. • ZYZ Corp does not tolerate the unauthorized copying of licensed computer software. ZYZ Corp shall adhere to its contractual responsibilities and shall comply with all copyright laws, and expects all employees of ZYZ Corp to do the same. Employees of ZYZ Corp who violate this policy may be subject to discipline according to standard ZYZ Corp procedures. An individual engaged in the unauthorized copying or use of software may also face civil suit, criminal charges, and/or penalties and fines. Subject to the facts and circumstances of each case, such individuals shall be solely responsible for their defense and any resulting liability. I have read the content of all of the above policies on pages 1-7. I understand the policies and agree to comply. ____________________________ ____________________________ __________ Name Signature Date ZYZ Corp Information Systems Use Policy, Version 20XX-XX Page 7 of 7