AUP for Corporate Internet Systems
The purpose of this page is to provide an example of an acceptable use policy for a typical corporation. It presents ideas which may or may not be applicable to a particular corporation. The policy does not address every imaginable concern or contingency that a corporation may want to address in such a policy. The policy attempts to address the primary issues that a corporation may face when considering the development of a presence on the World Wide Web and/or other Internet related systems for either internal or external use.

Internet-related systems: The company maintains Internet related systems for the use of employees and for the benefit of the company and its customers. Three interrelated systems are presently in use: (1) Intra-net web system (available only to company employees), (2) Internet World Wide Web system (includes public access to our web site from outside the company and company employee access to the World Wide Web from company computers), and (3) Electronic Mail.

Purpose and use of systems: The purpose of the company Internet-related systems is to facilitate the exchange of information within the company and with customers and prospective customers. Employees have access to these systems consistent with the requirements of their jobs, are expected to develop the necessary skills to use the systems at whatever level of proficiency is appropriate to their job, and are encouraged to use the systems. Those employees who do not have personal computers assigned to them have access to terminals at designated common areas and in break rooms. Different access levels are designated for various job functions and user-ids and passwords are issued to enable each employee to log onto the system and use appropriate functions.

1. Intranet: Employees have access to company information via the Intranet web system (such as job postings; company policies; marketing information; manufacturing, marketing, and sales campaigns; and internal news and bulletins). Use of this system enhances employee knowledge of the company’s goals, vision, and performance and reduces the over-reliance on traditional inter-office mail and waste of natural resources.
2. 
   Internet and World Wide Web: Employees have access to the Internet and the web as a means of obtaining information that will assist them in the performance of their jobs. The public has access to the company web site, which enables the company to project its image, develop business, and improve its community profile.
   
3. Electronic mail (e-mail): The company maintains an e-mail system, which is fully integrated with both the Intranet and the Internet systems. The system enables employees to communicate efficiently among themselves and with customers and prospects. Use of this system improves the speed with which information can be disseminated and enables the company to be responsive to customer and employee needs.

The Policy

1. Ownership of Internet-Related systems: Internet-related systems (including but not limited to: computer equipment; software and operating systems; network accounts providing electronic mail, World Wide Web browsing, File Transfer Protocol, etc.; networking and intra-net systems and software) are the property of the corporation. They are to be used for business purposes in serving the interests of the company and of our clients and in the course of normal operations.
   
2. Privacy of communications: Employee communications on these systems are not private. While the network administration desires to provide a reasonable level of privacy, users should be aware that the data they create on the corporate system remains the property of the corporation, and can be recovered even though deleted by the user. Information that must remain confidential should therefore not be stored on the network.
   
3. Monitoring: The company reserves the right to monitor all employee usage to ensure proper working order, appropriate use by employees, the security of company data, and to retrieve the contents of any employee communication in these systems. Management may access user files, including archived material of present and former employees without the user's consent for any purpose related to maintaining the integrity of the network, or the rights of the corporation or other users or for any other reasonable purpose. All external correspondence must contain a notification that incoming and outgoing correspondence may be monitored for quality assurance and security purposes.
   
4. Personal use: Personal use of the systems is authorized within reasonable limits as long as it does not interfere with or conflict with business use. Employees are responsible for exercising good judgment regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal use of Internet systems; however, in the absence of such policies, employees should be guided by departmental policies on personal telephone use and, in case of doubt, should consult their supervisor or manager.

System integrity and copyright

All users should be aware that any information, software, or graphics on the Internet may be protected by federal copyright laws, regardless of whether a copyright notice appears on the work. Licensing agreements may control redistribution of information from the company's Internet-related systems or from the Internet. Duplication or transmission of such material or downloading shareware may not be undertaken without express authorization from Network Administration. Employees are required to scan freeware, shareware or any downloaded application for viruses using authorized procedures and software. Employees must never open, execute, or run unsolicited binary code e-mail attachments.

Restrictions and Prohibitions on Use and Access

Communications and Internet access should be conducted in a responsible and professional manner reflecting the corporation's commitment to honest, ethical and non-discriminatory business practice. In furtherance of these goals the following restrictions and prohibitions apply:

Data security

1. Personnel must safeguard their logon ID and password from disclosure to any person except the staff of Network Administration. Users may not access a computer account that belongs to another employee or department (except for an authorized member of the Computer Resources Department). Personnel must use their own logon ID and password only, are responsible for all activity on their logon ID, and must report any known or suspected compromise of their ID to Network Administration.
   
2. Unauthorized attempts to circumvent data security schemes; identify or exploit security vulnerabilities; or decrypt secure data are prohibited.
   
3. Attempting to monitor, read, copy, change, delete or tamper with another employee's electronic communications, files or software without the express authorization of the user (except for authorized Network Administration personnel) is prohibited.
   
4. Knowingly or recklessly running or installing (or causing another to run or install) a program (such as a "worm" or "virus") intended to damage or place an excessive load on a computer system or network is prohibited.
   
5. Forging the source of electronic communications, altering system data used to identify the source of messages or otherwise obscuring the origination of communications is prohibited.

Use of equipment

1. Any use that violates federal, state, or local law or regulation is expressly prohibited.
   
2. Knowing or reckless interfering with the normal operation of computers, peripherals, or networks is prohibited.
   
3. Connecting unauthorized equipment to the network for any purpose inconsistent with the business purpose of the company is prohibited.
   
4. Deliberately wasting computer resources, including bandwidth, disk space, and printer paper or running or installing games or other unauthorized software on company computers is prohibited.
   
5. Using the company network to gain unauthorized access to any computer system is prohibited.

Netiquette and protocols

1. The use of corporate Internet-related systems to access, transmit, store, display, or request obscene, pornographic, erotic, profane, racist, sexist or other offensive material (including messages, images, video, or sound) that violates the company's harassment policy or creates an intimidating or hostile work environment is prohibited.
   
2. Any use that is deemed to adversely affect the corporation is prohibited.
   
3. Any on-line statements about the corporation, its position on any issue or about any competitor are strictly prohibited except those authorized by senior management and/or the legal department.
   
4. Any personal, non-approved communications on corporation systems must contain the following disclaimer: "The information contained herein does not express the opinion or position of the corporation and cannot be attributed to or made binding upon the corporation."
   
5. Users of Internet -related systems are further advised to consider that while they use corporate systems they represent the corporation just as they would at a corporate function or in a company vehicle. Visits to web sites and other Internet use may reflect upon the corporation and should be undertaken in a serious, businesslike manner.
   
6. Web pages and links made available to the public must be approved by and developed in cooperation with Network Administration prior to activation.

Education and Enforcement

To promote the efficient use and to avoid misuse of Internet-related systems, a copy of this policy statement will be distributed to and must be signed by all employees. Employees are required to familiarize them selves with the contents of this statement. Additionally each department conducts training sessions in conjunction with Network Administration. Supplemental training will be offered as technological and/or policy changes allow.

Network Administration is responsible for protecting users and the system from abuses of this policy. Pursuant to this duty, the system administrator(s) may take any of the following actions reasonably appropriate to the nature of the offense:

1. Reprimand of the offending party or parties.
   
2. Temporary reduction or suspension of computer system privileges.
   
3. Referral to the offending user's supervisor.
   
4. Permanent access revocation.
   
5. Termination of employment.
   
6. For misuse amounting to criminal behavior, referral to appropriate law enforcement agencies.

Sanctions may be reviewed by the Network Administration as necessary. Alleged violations will be reviewed on a case by case basis.