Information Technology Reference
In-Depth Information
n
n
n
n
n
n
n
n
n
n
Electronic portals (e.g., virtual private network [VPN] access)
Facsimile
Telephone
Cell phones
Voice mail
Laptops
Wireless networks
PDAs
Intellectual property
Customer information/data
he IA
2
Process evaluates existence and adequacy of appropriate use policies
(AUPs) from the perspective of the organization. Policy provisions should not only
include employees at work, but also partners, subcontractors, vendors, and even
customers using organizational information and information technology. The IA
2
Process determines what exists, defines what AUPs are necessary, defines the desired
details of AUPs, and provides a transition plan to generate or modify AUPs. The IA
architect derives AUP details from external compliance requirements, internal legal
requirements, operational requirements, and empirical history of the organization
(e.g., burned once on X, now X is included in policy).
8.6.1.5
Policy Details
Appropriate use of electronic media policies covers at least the following areas:
n
−
Duty not to waste electronic resources
Consumable resources (e.g., electricity, long-distance calls) and contend-
ing resources (e.g., bandwidth for critical applications versus streaming
audio of personal interest)
Prohibitions
Blocking of inappropriate content
Games and entertainment software
Illegal copying
Accessing the Internet and usage
Time restrictions, site restrictions, downloading legal and illegal files
Disclaimer of liability for use of the Internet
Employee violates corporate policy and the law at his or her own risk.
Monitoring of computer usage, including e-mail and Internet
Organization reserves the right to monitor, but not duty to monitor,
usage activity.
Reserving the right provides fair warning; excluding the duty provides for
not having to catch everyone (anti-discrimination claim/waiver).
n
−
−
−
n
−
n
−
n
−
−
