Sample IT Policy

ZYZ CORP
INFORMATION SYSTEMS POLICIES
I. Information Ownership
II. Definitions
III. Privacy
IV. General Use
V. Personal Use
VI. Passwords
VII. Internet Access
VIII. Remote Access
IX. Data
X. Physical Security
XI. Unauthorized Copying of Copyrighted Software
ZYZ Corp Information Systems Use Policy, Version 20XX-XX
Page 1 of 7

ZYZ CORP
I. Information Ownership
All corporate data as defined in section II of this policy is owned by ZYZ Corp
II. Definitions
• Corporate data includes files (paper and electronic), email messages, voice messages and faxes.
• Personal Data – Files that an employee would expect to take with them should they leave the firm.
• Confidential Information includes but is not limited to:
Tax returns whether draft, final or any other version
Tax planning documents
Financial statements
Various schedules including but not limited to amortization, fixed assets, leases and other debt
schedules
List of IT Approved Mobile Devices:
• iPhone, Android, Windows Phone
• iPad
• iPod Touch
• Kindle Fire
• Windows Surface
• Other tablets
III. Privacy
1. Employees have no right to privacy of any material created, received, or sent via email, fax, use of the
Internet, or by any other computer or mobile device use.
2. ZYZ Corp reserves the right to monitor, log, and review, all email, Internet access and other computer
and mobile device use.
3. Please be aware that deleting a file or email message will most likely not destroy it completely.
4. ZYZ Corp has the ability, and reserves the right to access all computers and email accounts without
regard for any passwords.
IV. General Use
• Computer, Internet and email use is subject to all other ZYZ Corp policies, including but not limited to
those concerning harassment.
• The display or transmission of sexually explicit images, and cartoons is not allowed. Other such misuse
includes, but is not limited to, ethnic slurs, racial comments, off-color jokes, or anything that may be
construed as harassment or showing disrespect for others. Employees are expressly forbidden to
access Internet sites where potentially offensive material is located. Downloading or viewing
pornography or other questionable material is not allowed and may be subject to review and
subsequent disciplinary action.
Page 2 of 7

ZYZ CORP
V. Personal Use
1. Email, Internet access, and computers should be used primarily for business purposes.
2. Employees are permitted to use computers, non-corporate email accounts and the Internet for
personal use, provided such use is limited in quantity, and is done on the employee’s personal time.
3. Personal use of the Internet while connected to client networks is expressly prohibited.
4. Personal use of computers is subject to the following:
a) Employees’ email accounts, Internet access, and computer use may be monitored and reported
on by the company.
b) Employees should not view or distribute any obscene, disparaging, derogatory or other type of
material that violates ZYZ Corp professional ethical standards. Everything should be “G” rated.
c) Employees should not use their company email address or computer to subscribe to any email
distribution lists for non-business purposes.
d) Streaming or downloading music or movies is prohibited.
Page 3 of 7

ZYZ CORP
VI. Passwords
• Passwords must never be written down.
• Passwords should never be typed into a public, friend’s or relatives’ computer or mobile device.
• Mobile Device access (screen lock) passcode must be maintained at all times on tablets and smart
phones.
Password Sharing
• Passwords must never be revealed to anyone for any reason other than ZYZ Corp IT support staff.
To do so exposes the authorized user to responsibility for actions (such as deleting files) that the
other party takes with the disclosed password.
• All passwords must be immediately changed if they are suspected of being disclosed to anyone
other than the authorized user.
VII. Internet Access
1. Access to sites deemed inappropriate by management is strictly prohibited. These sites include, but
are not limited to sites in the following categories:
a.Obscene or offensive
b. Illegal
c.Gaming
d. Streaming audio and video including radio stations
2. Employees are permitted to use the Internet for personal use provided such use is limited in quantity,
and is done on the employee’s personal time.
3. Game playing, streaming audio and video, and audio and video downloading are strictly prohibited at
all times.
• Audio and video use for business purposes is permissible only in ZYZ Corp’s office.
• ZYZ Corp issued Mobile Hotspots are never to be used for audio or video streaming or
downloading.
4. Staff members are expected to limit their use of the Internet to access information which is acceptable
in the workplace. This policy applies at any hour of the day, whether there are others in the building or
not. Employees should remember that our systems maintain records of Internet traffic – sites that
have been accessed, who accessed them, and the time of day. Staff may access the Internet for
personal use during non–working hours; however staff should use their best professional judgment in
determining if such use is wise while guests or visitors are in the office.
Page 4 of 7

ZYZ CORP
VIII. Remote Access
General
ZYZ Corp (the Firm) encourages all employees to take advantage of our remote computing capabilities.
The ability to connect to the Firm’s resources from any location (client’s office, employee’s home, or
while traveling) provides an added dimension to client service as well as an employee benefit. The
system will handle access to e-mail and instant messaging services, tax return preparation, audit
workpaper preparation, client and administrative documents, time and billing, and the Firm’s Intranet.
Employees must exercise care in order to insure the security of data, and comply with all software
licensing agreements.
Specific Policies
1. Employees should not allow anyone else to access Firm resources.
2. Employees should never access Firm resources from any computer or mobile device not owned by
the employee or the firm.
3. Special care should be exercised when an employee owned computer or mobile device s shared in
a family or social setting.
4. A current copy of Anti-Virus software must be installed and active on any employee owned
computer which is used for remote access.
5. ZYZ Corp-issued Mobile Hotspot devices are never to be used for streaming audio or video, or large
downloads.
Page 5 of 7

ZYZ CORP
IX. Data
Social Security Numbers
Client social security numbers may not be stored on:
ZYZ Corp’s email system
Desktop computer C drives
USB Drives
Client social security numbers may only be stored on:
The SharePoint system
ShareFile
PFx Engagement
GoSystem RS
Corporate Data
• Corporate data may never reside on non-corporate computers or drives except for IT Department
approved, employee owned mobile devices.
• Corporate data stored on USB drives must be encrypted.
Personal Data
• Personal data may reside only on corporate computers’ C drives.
• Personal data may never reside on the ZYZ Corp network or email system.
Email
• Confidential attachments must be sent in Adobe Acrobat format using the “Password to Open” feature
and the standard ZYZ Corp password convention:
o The client’s entire social security or EIN with no hyphens, typed TWICE.
o The password can then be described in the body of the email message.
• Confidential documents and spreadsheets that need to be transmitted in native format (Microsoft
Word and Excel) must be placed on the client’s portal. If no portal exists, the IT department will create
one or use the secure temporary portal which is in place for just such a purpose.
Page 6 of 7

ZYZ CORP
X. Physical Security
• Computer and peripheral equipment other than laptops, projectors and authorized accessories may
not be removed from the ZYZ Corp offices.
• When driving with laptops and accessories, they must be kept in the trunk of the car at all times. If the
car has no trunk, care must be taken to keep them out of sight. Arriving at a destination, removing the
laptop from the interior, and putting it in the trunk is unacceptable. Laptops should be placed in the
trunk before traveling.
• Laptops should never be left in cars overnight.
• When traveling, laptops should never be left unattended, except in a locked hotel room.
• If a laptop is lost, misplaced or stolen, the ZYZ Corp IT department should be notified immediately.
• No one other than a ZYZ Corp employee is permitted to operate a company computer except with
permission of the ZYZ Corp IT department.
• If an employee owned mobile device with corporate email is lost, the ZYZ Corp IT department must be
notified immediately.
XI. Unauthorized Copying of Copyrighted Software
• The firm’s IT Department must approve all applications before such applications are installed.
• ZYZ Corp does not tolerate the unauthorized copying of licensed computer software. ZYZ Corp shall
adhere to its contractual responsibilities and shall comply with all copyright laws, and expects all
employees of ZYZ Corp to do the same. Employees of ZYZ Corp who violate this policy may be subject
to discipline according to standard ZYZ Corp procedures. An individual engaged in the unauthorized
copying or use of software may also face civil suit, criminal charges, and/or penalties and fines. Subject
to the facts and circumstances of each case, such individuals shall be solely responsible for their
defense and any resulting liability.
I have read the content of all of the above policies on pages 1-7.
I understand the policies and agree to comply.
____________________________ ____________________________ __________
Name Signature Date
Page 7 of 7

Sample IT Policy

More Related Content

What's hot

Similar to Sample IT Policy

Recently uploaded

Sample IT Policy