Computer Usage Policies

[Granvillew]

Does antone know of a good, free, source of sample Computer Usage Policies?

My company has one but I feel it lacks in a number of areas such as treatment of SPAM, use of streaming audio and video. That's just a start and I am trying to ensure I don't have to rewrite it in the near future.

If there is any point, I am happy to share what I have in case it is of use to others.

TIA.

 

[Kjonnnn]

What is it regarding spam and the streaming items you mentioned that you want to limit or not limit.

Most policies are rather simple. Most either say No Personal Use of email and other components or say nothing.

So the policy you want would be determined by the desired goal along with the consequences for the abuses? (Termination, Suspensions, Warnings, etc.)

 

[Tarwn]

I think cookies are a good goal... _{01010100 01101001 01100101 01110010 01101110 01101111 01101011 00101110 01100011 01101111 01101101}
^{29 3K 10 3D 3L 3J 3K 10 32 35 10 3E 39 33 35 10 3K 3F 10 38 31 3M 35 10 36 3I 35 35 10 3K 39 3D 35 10 1Q 19}
Get better results for your questions: faq333-2924
Frequently Asked ASP Questions: faq333-3048

 

[Granvillew]

Kjonnnn: Simple is good, and is what I am hoping to acheive. With streaming I am trying to have this blocked at the firewall but that is in thehands of our corporate IT gods. I don't, however, want to give the impression that local event such as playing CDs is in any way an issue from an IT stand point.

On the Spam subject, I am trying to reduce the possiblity of users getting on the mail lists of the world. So such things as not asking to be removed, the fact that previewing can trigger an auto-response etc.

The consequences would be something like "abuse will result in disceplinary action" leaving just what the action is open so that circumstances would temper action.

Tarwn: I don't get your point, what does setting cookies have to do with P&P?

Thank you both for your input.

 

[manarth]

Re - the subject of Spam

"Why Am I Getting All This Spam?" from the CDT (Center for Democracy & Technology)

http://www.cdt.org/speech/spam/030319spamreport.shtml

makes interesting reading - worthwhile for advising staff how to avoid ending up on the mailing lists. <marc>[ul]help us help![li]please provide feedback on what works / doesn't[/li][li]not sure where to start? click here: faq581-3339[/li][/sup][/ul][/sup]

 

[Kjonnnn]

Hmmm well it depends on how much time u have. You can block sites from entering. But if the users are signing up for it, its not really spam. Sounds more of a personnel issue that would be dealt by some rule forbiding users to sign up to receive &quot;auto email&quot; at work.

Are these things taxing your system, or you'd just don't think they should be done. For instances, is there concern with streaming using up bandwidth, or people who are streaming not doing their work. The first is a computer issue, the second is a Management issue.

Pick your battles.

 

[Granvillew]

Agreed, the handling of email spam is a management issue hence my original request for a source on Policy and Procedure. I am looking at this as a &quot;Duty of Care&quot; issue as much as control because the impact on the system is acceptable.

I have other issues with my &quot;Computer Usage Policy&quot; which I am in the process of reviewing. Such things as - retaining business related messages, use of tracking and proirity settings, follow up to unanswered messages, using the Recycle Bin as a temporary storeage (both desktop and email).

The streaming issue is much more of a concern as it chokes our Internet access. The corporate IT staff claim to have the firewall set to block both video and audio but I have my doubts to the effectivness of the current set up. I am pursuing that from a technical stand point.

 

[Kjonnnn]

Do a search on Google for &quot;computer usage policy&quot;

You'll pull up tons of entries.

 

[Granvillew]

Kjonnnn,

Thanks for the thought and my appologies for not mentioning it at the outset. I did a Google but most sites are either education establishments and none of the dozen or so I read through were applicable.

Most od the others are discussion papers on the implication of not having P&P in place.

I did find this site of some interest, although not as helpful as I would hove liked in THIS instance.

http://www.hotkey.net.au/~brain/cabhelp/comphelp/comphlpidx.htm.

Thanks for your assistance in this. If you don't mind I will leave this line and persue my own thoughts.

BTW, I am still happy to post my final P&P if anyone is interested.

 

[DonQuichote]

Hi Granwillew,

For me, as an IT guy, newsgroups (in whatever form: webbased, usenet and e-mail) always were my primary source of professional literature. And they still are. I hope that spam-rules will not restrict employees to keep themselves informed professionally.

Best regards

 

[Granvillew]

Hi DonQuichote,

I support you it that, the fact I'm a member here is a point in favour.

Spam rules are by far the most difficult filtering mask to apply.

Does multiple addresses indicate spam - what about those that use mailing lists?

Do you block all then release individual sources as requested?

Etc, etc.

That is why I would prefer to handle it within my Policies & Procedures, giving control to the user. Unfortunately the larger percent of my users have no interest in the technical side so I feel obliged to offer a level of protection.

Thanks for your thoughts.

Do you certains ISPs?

 

[manarth]

Granvillew - it sounds like the biggest issue for you is spam on your network - take a look at thread717-514043 How can we combat spam?&quot;

A useful site is:
CAUCE (Campaign Against Unsolicted Commercial Email)

http://www.cauce.org

btw, A Computer Usage Policy gives 2 &quot;things&quot; -
1. It tells your users how you'd like them to use your network - they know when they're crossing the line
2. If a user crosses the line, you can take action against them legally & legitimately

You have to decide your trust in your end users - if you don't think they'll abuse the policy, word it however you like...just make sure your users can understand what you mean...

Given that (it sounds like) it's a corporate issue, you should probably pursue opt 2 - a legally enforceable Usage Policy...in which case, a) use SPECIFIC and QUANTIFIABLE language (e.g. Do not sign up to any mailing lists, Do not reply to unsolicited mail) i.e. don't leave ANY risk of ambiguity whatsoever, and b) Hand the end product to the corporate lawyers - after all, they have to enforce it.

As for issues such as &quot;retaining business related messages, use of tracking and proirity settings, follow up to unanswered messages&quot; in the UK these issues are covered under ISO standards (e.g. &quot;ISO 9002: 1994 Quality Management Standard&quot.
The ISO standards specify what sort of tracking procedures an organisation has to use - again, check with your lawyers - if you have a standard / kitemark, you have to abide by it electronically as well as with paper transactions. <marc>[ul]help us help![li]please provide feedback on what works / doesn't[/li][li]not sure where to start? click here: faq581-3339[/li][/sup][/ul][/sup]