Overview and Purpose

The Internet provides a source of information that can benefit every professional discipline represented in the [variable: Covered Organization].

This policy document delineates acceptable use of Internet capabilities by [variable: Covered Organization] employees, volunteers, and contractors by means of equipment, facilities, Internet addresses, or domain names owned, leased, or registered to [variable: Covered Organization].

Coverage

Anyone who uses [variable: Covered Organization] equipment and facilities, and performed using Internet Protocol addresses and domain names registered to [variable: Covered Organization]. This includes, but is not limited to:

• Full- and part-time employees
• Volunteers authorized to use [variable: Covered Organization] resources to access the Internet
• Departmental contractors authorized to use [variable: Covered Organization] equipment or facilities

All content that resides on or passes through [variable: Covered Organization] Information Resources, including computers, networks, and software, must conform to the [variable: Covered Organization] Acceptable Use, Internet Policy.

This policy applies to Internet access only. It does not cover the requirements, standards, and procedures for the development and implementation of [variable: Covered Organization] information sites on the Internet.

Definitions

General Terminology

• [No definitions defined for this policy]

Roles and Responsibilities

• Supervisors
  Supervisors of employees, volunteers, and contractors have the final authority in determining whether an employee requires Internet access to fulfill job requirements. Supervisors are responsible for:
  • Acquiring Internet access for subordinate employees, as needed
  • Educating subordinate employees on restrictions against personal use of [variable: Covered Organization] networks, systems, and other electronic resources
  • Determination of appropriateness of subordinate employees' use of the Internet. This includes judgment of the acceptability of Internet sites visited and the determination of personal time versus official work hours.
• System Users
  Use of computer equipment and networks to fulfill job responsibilities always has priority over personal use of equipment and networks. In order to avoid capacity problems and to reduce the susceptibility of [variable: Covered Organization] information technology resources to computer viruses and other malware, all Internet users must:.
  • Follow all security policies and procedures covering use of Internet services
  • Refrain from any practice that might expose, compropmize, or otherwise jeopardize organizational networks, computer systems, data files, and other electronic resources
  • Understand legal requirements and limitations regarding access, protection, and use of data covered by the federal Privacy Act, copyright law, trademark law, and internal policy

Policy

Internet Access

If an employee's supervisor determines that Internet access is in the best interest of [variable: Covered Organization], the employee may, within the limits set forth below, use [variable: Covered Organization] networks and equipment to access the Internet. Employees who do not require access to the Internet as part of their official duties, may not access the Internet using [variable: Covered Organization] facilities under any circumstances.

Permitted Use

• Access to online job-related information, as needed, to meet the job requirements.
• Participation in news groups, chat sessions, email communications, and online discussion groups, provided those communications activities have direct relationship to the user's job responsibilities.
• Access to online content to develop or enhance job-related skills. It is expected that these skills will be used to improve the accomplishment of job-related work assignments.

Use of Internet and company networks for non-business purposes

[variable: Covered Organization] computer systems are for business use; however, when certain criteria are met, Departmental users may use Information Resources for personal activities. All personal Internet use through business Information Resources are subject to the following restrictions:

• They must not degrade or otherwise impede normal job performance
• They not incur direct costs to [variable: Covered Organization]
• Storage of personal files and documents on [variable: Covered Organization] Information Resources should not exceed [variable: Size quota]

Since employees that use [variable: Covered Organization] Information Resources may be perceived by others to represent [variable: Covered Organization], employees may not use the Internet for any purpose that could reflect negatively on [variable: Covered Organization] or its employees. Personal opinions expressed over the course of online communications activities should include a disclaimer stating that they do not reflect official positions of [variable: Covered Organization].

Employees may not initiate non-work-related Internet sessions using [variable: Covered Organization] information resources from remote locations. For example, employees shall not log into organizational resources from home or other remote locations to engage in non-job-related activities.

Personal use of [variable: Covered Organization] Information Resources to access the Internet is restricted to approved users; it does not extend to family members or other acquaintances.

Reasonable Security and Privacy Precautions

• All files downloaded from the Internet must be scanned for viruses using approved software and current virus detection software.
• Any corporate data posted on internal Web sites must not be available to access by a broader online audience than is appropriate for the materials themselves
• All sensitive business materials transmitted over external networks must be encrypted
• No files or documents may be sent or received that may cause legal liability for, or embarrassment to the company

Use of Internet Client and Browser Software

• All software used to access the Internet must be part of the [variable: covered Organization] standard software suite or approved by IT management.
• IT staff must update Internet clients and browsers as vendor-provided security patches are released.
• Internet clients and browsers must be configured to use the [variable: covered Organization] firewall http proxy.

Prohibited Use

Employees may not use [variable: Covered Organization] Information Resources, either during working hours or on personal time, to:

• Access, retrieve, or print text and graphics information that violate the Acceptable Use Policy
• Engage in unlawful activities or other activities that could in any way discredit [variable: Covered Organization]
• Engage in personal commercial activities, including offering services or merchandise for sale, non-business-related online purchasing, and personal commercial advertising. Where online commercial transactions are permitted as part of legitimate job functions, transactions are subject to [variable: Covered Organization] procurement rules.
• Engage in any activity that would compromise the security of [variable: Covered Organization] systems, resources, or networks
• Engage in any fundraising activity, endorse any product or services, participate in any lobbying activity, or engage in any active political activity
• Access or download video and voice from the Internet, except in the service an approved job function.
• Store personal files obtained via the Internet on [variable: Covered Organization] drives, servers, or other devices

Enforcement

All activity on [variable: Covered Organization] Information Resources is subject to monitoring by management, system and security personnel, legal personnel, and other authorized staff. Monitoring includes logging and review. Use of [variable: Covered Organization] systems constitutes consent to monitoring.

All files and documents—including personal files and documents—stored on or transmitted by company Information Resources are subject to managerial review and may be accessed in accordance with this policy.

Violation of this policy may result in disciplinary action, including termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [variable: covered Organization] Information Resources access privileges, civil, and criminal prosecution.

Supporting Documentation

This policy is supported by the following rules, standards, and procedures:

• [variable: internal documents (with links, if available)]
• [variable: external documents (with links, if available)]

Policy Support Contact

• [variable: title (not personal name) of role responsible for overseeing this procedure]
• [variable: Contact information of office responsible for overseeing this procedure]

Policy Publication Date

[variable: Policy publication date]

Revision(s)

• [variable: Policy revision date]

References

• Copyright Act of 1976
• Foreign Corrupt Practices Act of 1977
• Computer Fraud and Abuse Act of 1986
• Computer Security Act of 1987
• The Health Insurance Portability and Accountability Act of 1996 (HIPAA)

Policy Model(s)

• US Department of the Interior Internet Acceptable Use Policy
• US State of Texas Department of Information Resources