A template for a Corporate Information System Strategy
- The following document outlines guidelines for use of the computing systems and facilities located at or operated by [Company Name].
- Use of the computer facilities includes the use of data and/or programs stored on [Company Name] computing
- systems, data and/or programs stored on magnetic tape, floppy disk, CD-ROM, or any storage media that is owned and maintained by [Company Name].
- The purpose of these guidelines is to ensure that all [Company Name] users (business users, support personnel, technical users, and management) use the [Company Name] computing facilities in an effective, efficient, ethical and lawful manner.
- [Company Name] accounts are to be used only fro the purpose for which they are authorised and are not to be used for non-[Company Name] related activities.
- Users are responsible for protecting any information used and/or stored on and/or in their [Company Name] accounts. Consult the [Company Name] User Guide for guidelines on protecting your account and information using the standard system protection mechanisms.
- Users are requested to report any weakness in [Company Name] computer security, any incidents of possible misuse, or any violation of this agreement to the proper authorities by contracting [Company Name] User Services or by sending electronic mail message to [firstname.lastname@example.org].
- Users shall not attempt to access any data, projects and/or programs contained on [Company Name] systems for which they do not have authorisation or explicit consent of the owner or the data, projects and/or program.
- Users shall not divulge dialup modem phone numbers to anyone.
- Users shall not share their [Company Name] account(s) with anyone. This includes sharing the password to the account or any other means of sharing.
- Users shall not make unauthorised copies of copyrighted software, except as permitted by law or by the owner of the copyright.
- Users shall not make copies of system configuration files for their own, unauthorised personal use or to provide to other people and/or users for unauthorised uses.
- Users shall not purposely engage in activities with the intent to:
Electronic communication facilities (such as e-mail or Newsgroups) are for authorised [Company Name] use only. Fraudulent, harassing or obscene messages and/or material shall not be sent from, to or stored on [Company Name] systems.
Users shall not download, install or run security programs or utilities that could potentially reveal weaknesses in the security of a system. For example, [Company Name] users shall not run password cracking, key logging, or any other potentially malicious programs on [Company Name] computing systems.
Any non-compliance with these requirements will constitute a security violation and will be reported to the management of the [Company Name] user and will result in short-term or permanent loss of access to [Company Name] computing systems. Serious violations may result in civil or criminal prosecution.
- Harass other users
- Degrade the performance of systems
- Deprive an authorised [Company Name] user access to a [Company Name] resource
- Obtain extra resources beyond those allocated
- Circumvent [Company Name] computer security measures or gain access to a [Company Name] system for which proper authorisation has not been given
I have read and understand the [Company Name] security policy and agree to abide by it.