Table of Contents

  1. Purpose and Applicability
  2. Definitions
  3. Policy
  4. Responsibilities
  5. References
  6. Attachments

 

1. Purpose and Applicability

This procedure delineates the proper use of company provided public Internet access via company computers which may or may not be attached to the Company Data Network. This procedure applies to all Division and Subsidiary companies.

2. Definitions

a. Internet

b. A public global network of networks connecting commercial, government, and educational organizations.

c. World Wide Web

d. A hypertext-based system for finding and accessing

3. Policy

It is the policy of the company that:

e. Company data network access to the Internet is provided for company business purposes only. Non-business or personal use of the Internet on company equipment is prohibited regardless of whether it occurs during working hours or not.

f. All Company data network access to the Internet must be through a connection approved by established company policies or procedures. See Attachment 1 - Internet Access Request Form.

g.Use of employee procured, provided and/or owned modems or Internet access software in conjunction with company computers is prohibited.

h. All Internet activity is subject to logging and monitoring as to provide a chronological history of events should a compromise occur and to maintain audit trails of usage.

i. Publicizing information over the Internet must be in accordance with ref. 5.1. Users expressing their opinion over the Internet should add the disclaimer “this is my personal opinion and not that of my employer”.

j. Company private, company most private and competition sensitive information, including technical or business proprietary data, may not be communicated via an Internet connection without additional security protection measures and the appropriate clearances/approvals of Legal and/or Contracts.

k. Transmission of government classified information via the Internet is strictly prohibited.

l. Executable files downloaded from the Internet must be scanned using a Company approved virus scanning program prior to executing on a company computer. It is recommended that source code be retrieved and reviewed as opposed to binary formats.

m. Attempts to gain unauthorized access to any computer or communications system on the Internet is prohibited.

n. Any suspected compromise of a Company computer or communications resource via an Internet connection shall be immediately reported to the Manager Information Systems.

o. All Internet activity on the Company Data Network is monitored, and employees found abusing this resource will be subject to discipline, including termination.

4. Responsibilities

p. Corporate Internet Services Committee (Company - Lexington)

  1. Monitor, log, and archive Internet Usage audit trails.

q. Division General Managers and Subsidiary Company Presidents

  1. Assure compliance with this procedure.

r. Manager of Information Systems

  1. Insures this procedure reflects current company policy for Internet access.
  2. Enforces this procedure.

s. Information Systems Department

  1. Installs and configures company approved Internet access hardware and software.
  2. Facilitates removal of non-company approved Internet capable hardware and software from company computers.

t. Personal Computer User

1. Adheres to policies defined in this procedure.

5. References

Document Number Title Level
CM-CS-732 Professional Papers - Review, Approval and Related Honoraria
2

6. Attachments

Internet Access Request Form (click for pdf)

Internet Access Request  
Employee Information Manager Information
Employee Name (print) Manager Name (print)
   
Staff Number Ext. Number Location Staff Number Ext. Number Location
           


Internet access is provided for business use to certain employees of Company.
Incoming and outgoing Internet communication sessions are logged and these logs monitored.

Communications via the Internet Gateway, (including World Wide Web (WWW), FTP, TELNET,
Internet Mail, and related services) should be considered generally insecure, and can be potentially
observed by a third party while connections and data transmissions are in progress. Consequently,
information of a personal nature, and sensitive/proprietary business information, should not be sent
via the Internet Gateway.

By applying for Internet connection, the employee and the employee’s manager acknowledge
the limitations stated above.


Signature and date

 

Signature and date

 

 

 

 

 

 

File server

 

 

 

 

 

 

 

 

User ID on file server