|
------- INDEX AND GLOSSARY. DO NOT CHANGE OR DELETE! ----------
Open IT Policy Index
-
Acceptable Use, Administrative or Special Access (Policy)
-
Acceptable Use, Email (Policy)
-
Acceptable Use, Internet (Policy)
-
Acceptable Use, Virtual Private Network (VPN) (Policy)
-
Access Controls, Account (Policy)
-
Account Management (Policy)
-
Change Management (Policy)
-
Computer Virus Prevention (Policy)
-
Contingency Planning (Policy)
-
Data Backup and Storage (Policy)
-
Data Marking, Handling, Processing, Storage, and Disposal (Policy)
-
Deferral of System Security Certification or Accreditation, Annual (Form)
-
General Information Security Management (Procedure)
-
Green Computing (Policy)
-
Incident Response (Policy)
-
Intrusion Detection (Policy)
-
Logging and Audit Trails (Policy)
-
Mobile Computing and Network Access (Policy)
-
Network Access (Policy)
-
Network Access Controls (Standard)
-
Network Configuration (Policy)
-
Network Data Privacy (Policy)
-
Password Management (Policy)
-
Personnel Security (Policy)
-
Physical Security (Policy)
-
Policy Application Checklist (Administrative Utility)
-
Secure Media and Data Handling (Procedure)
-
Secure Software Development Lifecycle (Standard)
-
Social Computing and Networking (Policy)
-
Software and Hardware Security Controls (Policy)
-
Spam and Unsolicited Commercial Email Prohibition (Policy)
-
System Security Certification/Accreditation, Annual (Form)
-
System Security Certification/Accreditation, Annual (Policy)
-
Telecommuting Agreement, Employee (Form)
-------------------------------------------------------------------------------------------------
Overview and Purpose
The practice of sending unsolicited, commercial mass e-mails represents a potential threat to organizational reputation and may be in violation of the CAN-
SPAM Act, which defines the quantity and characteristics of bulk commercial e-mails that may legally be sent under US law.
All communications with customers, prospects and other professionals reflect [variable: Covered Organization]. In light of increasing antipathy to unsolicited
email promotions of any kind, it is generally in the best interest of [variable: Covered Organization] to limit electronic mailings to legitimate communications with individuals have indicated a willingness to receive them.
This policy describes the permitted and prohibited uses of corporate
email systems for bulk emailing. It's purpose is to 1) protect organizational reputation, to 2) preserve the effectiveness of
email as a business communication medium, 3) prevent potential breach of the US CAN-
SPAM Act by [variable: Covered Organization] employees, and 4) to generally encourage adherence to e-mailing best practices.
Coverage
All individuals who use the [variable: Covered Organization] e-mail systems and addresses to send bulk e-mails to customers, prospects, or other types of recipients.
Definitions
Policy
-
All mass emails must be approved by a [variable: Organizational Role].
-
Individuals may send mass emails for the purpose of marketing or sales of [variable: Covered Organization] products, services, or programs ONLY to:
-
Recipients who specifically consented to receive [variable: Covered Organization] marketing or sales emails
-
Recipients who have not explicitly opted out of receiving marketing or sales [variable: Covered Organization] emails
-
Mass emails sent from [variable: Covered Organization] computers or
email addresses may not:
-
Contain false or misleading information in the subject line, headers, or
email body
-
In any way misrepresent or disguise the sender, point of origin, or transmission path
-
Individuals may not send any emails to addresses that have been illicitly harvested, mined, or skimmed from one or more third-party Web sites. Employees may not build e-mail addresses or lists by guessing or using software to generate character strings that are likely to be associated with live
email accounts.
Anti-
spam restrictions also apply to other forms of electronic messaging:
-
Individuals may not post promotions or advertisements for [variable: Covered Organization] products, services, or programs in newsgroups, message boards, chat rooms, or other online services in violation of the terms of participation of those online services.
-
Individuals may not post promotions or advertisements for [variable: Covered Organization] products, services, or programs in newsgroups, message boards, chat rooms, or other online services that do not explicitly permit advertisements.
-
Individuals may not use vendors, software, or service providers or to circumvent the intent of this policy.
Enforcement
Violation of this policy may result in disciplinary action which may include performance sanctions; termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to restriction or suspension of [variable: Covered Organization]
email privileges, as well as civil and criminal prosecution.
Supporting Documentation
This policy is supported by the following rules, standards, and procedures:
-
[variable: internal documents (with links, if available)]
-
[variable: external documents (with links, if available)]
References
US CAN-SPAM Act of 2003
Policy Models
|
Open IT Policy Project 
