A template for a Corporate Information System Strategy

  1. The following document outlines guidelines for use of the computing systems and facilities located at or operated by [Company Name].
  2. Use of the computer facilities includes the use of data and/or programs stored on [Company Name] computing
  3. systems, data and/or programs stored on magnetic tape, floppy disk, CD-ROM, or any storage media that is owned and maintained by [Company Name].
  4. The purpose of these guidelines is to ensure that all [Company Name] users (business users, support personnel, technical users, and management) use the [Company Name] computing facilities in an effective, efficient, ethical and lawful manner.
  5. [Company Name] accounts are to be used only fro the purpose for which they are authorised and are not to be used for non-[Company Name] related activities.
  6. Users are responsible for protecting any information used and/or stored on and/or in their [Company Name] accounts. Consult the [Company Name] User Guide for guidelines on protecting your account and information using the standard system protection mechanisms.
  7. Users are requested to report any weakness in [Company Name] computer security, any incidents of possible misuse, or any violation of this agreement to the proper authorities by contracting [Company Name] User Services or by sending electronic mail message to [security@companyname.com].
  8. Users shall not attempt to access any data, projects and/or programs contained on [Company Name] systems for which they do not have authorisation or explicit consent of the owner or the data, projects and/or program.
  9. Users shall not divulge dialup modem phone numbers to anyone.
  10. Users shall not share their [Company Name] account(s) with anyone. This includes sharing the password to the account or any other means of sharing.
  11. Users shall not make unauthorised copies of copyrighted software, except as permitted by law or by the owner of the copyright.
  12. Users shall not make copies of system configuration files for their own, unauthorised personal use or to provide to other people and/or users for unauthorised uses.
  13. Users shall not purposely engage in activities with the intent to:
  14. Electronic communication facilities (such as e-mail or Newsgroups) are for authorised [Company Name] use only. Fraudulent, harassing or obscene messages and/or material shall not be sent from, to or stored on [Company Name] systems.
  15. Users shall not download, install or run security programs or utilities that could potentially reveal weaknesses in the security of a system. For example, [Company Name] users shall not run password cracking, key logging, or any other potentially malicious programs on [Company Name] computing systems.
  16. Any non-compliance with these requirements will constitute a security violation and will be reported to the management of the [Company Name] user and will result in short-term or permanent loss of access to [Company Name] computing systems. Serious violations may result in civil or criminal prosecution.

I have read and understand the [Company Name] security policy and agree to abide by it.

Signature: Date: