Internet (and E-Mail) Usage Policy

Section 1

INTRODUCTION

This Policy Statement introduces the Internet services available within the Company, presents procedures for obtaining access, and establishes a plan for Internet support throughout the Company.

The Company now maintains a Web site at [address of Web site].

The Internet services are tools that can enhance employee productivity by providing rapid access to information that would normally be difficult to obtain. Productive activities available on the Internet may include:

1. Participation in electronic news groups and discussion groups. For example, "mis.legal.computing" is a bulletin board for users to post universally accessible messages (and to read and reply to those from others) for discussion of legal automation topics.

2. Serving as panelists for online seminars.

3. Sending periodic e-mail alerts to customers, suppliers, contractors, etc.

4. Maintaining a Web site for monthly newsletters, communication updates, question-and-answer forums, Company personnel profiles, links to customer Web pages, etc.

5. Publishing articles, updates, advisories, etc. online.

6. Holding private seminars for customers, suppliers, contractors, etc.

7. Gathering information and tracking recent development in our business or industry, or information provided by competitors, etc. Learning how to use indexing tools is key to your ability to navigate through masses of information available through the Internet. And, be careful not to believe everything you find on the Internet--anyone can publish information on the Internet, and much of what is found is misleading or incorrect!

[Note: Access to the Internet in all instances will require approval of local management and the Information Services (IS) division of the Company. Access to or use of any Internet service is granted only to Company users who have obtained advance authorization from [name of manager]. An access control list will be maintained to record the user IDs (addresses) for all authorized Web users. Each Internet service is separately controlled, so only those services needed by each user will be authorized.]

Section 2

DESCRIPTION OF THE INTERNET

The Internet is an information resource that connects thousands of separately owned computer networks worldwide. This "network of networks," sometimes referred as the Information Superhighway, comprises the largest network in the world, with more than 60,000 networks, 6.5 million Internet host computers, and an estimated 50 million users worldwide sharing information.

The Internet includes commercial subscription-based networks such as CompuServe, America Online, and Prodigy; government-operated networks such as NSFnet; networks developed by businesses engaged in research and development activities; and smaller independent alternative networks. The Internet is not owned or controlled by any person or group.

The Internet was created several decades ago when the Department of Defense (specifically, the Advanced Research Projects Agency, or ARPA) approved funding for the ARPAnet project. The original purpose of the Internet was to create an information network of educational and governmental institutions that would permit information retrieval even in the event that a direct link was severed, as in a war. Over time, new technologies replaced the Internet for defense-related communication, but its value as a global communications medium expanded into the commercial arena.

Today, a vast number of businesses inside and outside the US use the Internet as a tool for research and/or communication with suppliers, customers, investors, etc.

Section 3

INTERNET SERVICES

The Internet is available via standardized services and protocols. These services and protocols are common across many hardware/software platforms and permit diverse systems to share information around the world.

Some of the Internet services currently available include:

1. World-Wide-Web ("WWW" or the "Web"). The most popular and fastest growing area of the Internet is the Web. The Web allows users to navigate through a collection of information servers by using a communication protocol known as the HyperText Transfer Protocol (HTTP). Information on the Web is accessed through an easy-to-use point-and-click interface called a Web browser.

The Web makes available such diverse information as company profiles, stock data, exchange rates, weather forecasts, product details, travel planning, product support information, patents and trademarks, Library of Congress holdings, and many other forms of information. Whereas other Internet formats (such as FTP and TELNET, as discussed below) permit the user to see only text, the Web gives users access to information in a variety of multimedia formats--that is, information containing a combination of text, hypertext (i.e., highlighted text that provides links to other Web documents), sound files, color graphics, and video images. The user may also download data files from the Web using the File Transfer Protocol, or FTP as described below.

After a user connects to an Internet gateway via the Web, the user may enter an Internet address into the user's Web browser. The Web browser then calls for information from the server at that Internet address. When the server responds, the browser receives the HTTP encoded information and creates a screen image for the user. Using hypertext markup language (html), creators of Web documents--called pages or home pages(1)--can easily link items on their pages to any other document on the Web. Such a link would allow browsers on the Company's page move easily to other resources by clicking on a word, phrase, or button.

Every home page on the Web has a unique address known as a Universal Resource Locator (URL). The Company has created a home page on the Web to offer information regarding the products and services the Company offers. The syntax for a Web address is as follows:

http://www.organizationname.com/filename.html

In the foregoing address, "http://" is the signal to your browser that you will be looking at a Web document, "www.organizationname.com" is the address of the computer on which the Web page is located, and "filename.html" is the name of the file you want to see. For example, "http://www.yahoo.com/" is the Yahoo-Internet index. Yahoo is probably the best known and most complete index to the World Wide Web.

2. Internet E-Mail. This service permits transmission of e-mail between the Company and other companies with Internet e-mail access, as well as among most of the Internet's 50 million users. Internet e-mail also allows users to send documents and data files as attachments to other Internet users.

Users of the Company's normal e-mail system can reach the Internet via a gateway, though we are investigating relocating this functionality to the firewall as well. Users of the Company's normal e-mail system can also reach mail users of online services such as America Online, Compuserve, and Prodigy via the Internet.

The syntax for an Internet e-mail address is as follows:

janesmith@abc.com

or

username@organizationname.suffix

In general, the prefix (i.e., the part before the "@") indicates who you are; the suffix (i.e., the part after "organizationname.") indicates where you are. The suffix will differ based on your organization and location. The most common suffixes are "com" (commercial organizations), "edu" (educational institutions), "gov" (government agencies), org (nonprofit organizations and associations), "mil" (military), and "net" (network services). The part of the address after the "@" (i.e., the organization name) is called the domain name. Many companies have registered(2) domain names that are distinctive for their organization--for example, "ibm.com."

3. File Transfer Protocol ("FTP"). The FTP permits transfer of files to and from remote systems on the Internet. One common use of FTP is for transferring software (particularly new releases and patches) from vendors providing Internet FTP servers.

A client FTP program is required in order to use this service. Most TCP/IP packages include an FTP program. In most cases, when you use FTP you will actually be logging onto the remote computer as an "anonymous" user.

As with any transfer of files to a client PC, be it via a network or modem or diskettes, the user must be alert to the possibility of software viruses.(3) Proper virus scanning is the responsibility of the FTP user and his or her immediate management. Today, most FTP files are also available through the Web.

4. Telnet. The Telnet allows users to log in to remote systems on the Internet. An Internet user thus can connect to another Internet computer site and use the programs, browse databases, read files, or retrieve documents installed on that computer as if the user were at that site. Typical use would be to access the holdings of an academic or government library by logging into a system made available for public access. A client Telnet program is required to use this service. Most TCP/IP packages include a Telnet program.

5. Network News. Network News provides a bulletin board system-type facility that permits users to read and post messages to discussion groups called newsgroups. These messages are distributed throughout the Internet using the Network News Transport Protocol (NNTP). There are a multitude of external newsgroups available on the Internet and these range between very specific business- and computer-related topics, to topics of personal interest such as sports, hobbies, and personal finance. A client program known as a News Reader is required for News access.

Section 4

SECURITY ON THE INTERNET

1. Internal Firewall. The Company has established a physical connection to the Internet via a gateway located in [facility location], which has the purpose of preventing outside access to Company software, databases, documents, and files. This gateway, known as a "firewall" in information systems terminology, controls and monitors all traffic between the Company's network (LAN or WAN) and the Internet.

The firewall is designed to permit Internet access by authorized Company users, while preventing access by the outside Internet community to Company resources. The firewall thus excludes all incoming Internet connections, other than transmittal of e-mail and news articles. Users of the Internet are not allowed to log into or access files on internal Company systems.

The firewall is designed to provide automatic notification of unwanted access attempts. The firewall also performs daily checks to determine whether configuration information has been modified. Security audits are scheduled to be performed periodically by the IS (Information Systems) group and/or external consultants.

All Company Internet activity must be conducted through the firewall in [facility location]. No other gateways are permitted.

2. External Security. Company personnel using the Internet should act on the assumption that all e-mail, documents, and other files that are transmitted via the Internet are capable of being intercepted by third parties.

The Company has in place programs [e.g., a program such as "Pretty Good Privacy"] that encrypt (scramble) transmitted information so that it ordinarily is decrypted (unscrambled) and read only by the intended recipient. Encryption (scrambling) provides security at least comparable to the protection offered by the U.S. mail or public telephone systems. Nonetheless, as with U.S. mail delivery and public telephone lines, means exist for encrypted (scrambled) transmissions to be intercepted and decrypted (unscrambled) by unauthorized persons.

Consequently, it is the Company's policy that especially sensitive or proprietary information should not be communicated via the Internet, even with encryption. General business information of a nonpublic nature may be sent and received subject to the use of encryption. Only the most ordinary information of a public nature should be sent or received without encryption safeguards.

Section 5

SUPPORT STRATEGY

Internet Coordinators will be designated by IS at each site requiring Internet access. The Internet Coordinators will be responsible for training and support at their assigned sites. IS will provide second-level support to the Internet Coordinators.

The responsibilities of the Internet Coordinators will include the following:

1. User Support. Frontline contact and troubleshooting, including software installation and configuration, application support and user assistance.

2. Point of Contact for IS. The Coordinator should act as the single contact between local users and the IS Department. Corporate IS does not have sufficient resources to support end users and, if IS is contacted, will refer end users to their local Internet Coordinators.

3. Service Request Authorization. Internet Coordinators will coordinate with local management and IS to establish procedures for granting authorization for Internet access.

4. Policy Enforcement. Enforcement of Internet usage polices and procedures will be the joint responsibility of the Internet Coordinators and other designated management.

Section 6

REQUESTING INTERNET ACCESS

Listed below are the required steps for obtaining authorization for Internet access:

1. The user must complete minimum training requirements in accordance with IS guidelines.

2. The local Internet Coordinator must verify that the user's environment meets minimum hardware, software and network requirements.

3. Only those services that are needed should be requested.

4. The attached Internet Access Request ("IAR") form must be completed and submitted to [name of manager] in IS.

5. If the request is approved, the user's ID will be added to the Access Control Lists for the authorized services. The user will be notified if approval is granted.

Section 7

POLICIES REGARDING USE

The Internet facilities provided by the Company are considered Company property. Access to the Internet services imposes certain responsibilities and obligations. Access will be granted subject to required compliance with all Company policies and any applicable laws and regulations.

Acceptable use of the Internet must be ethical and honest--with due respect for intellectual property, system security, and personal privacy, and free of intimidation, harassment, or unwanted annoyance.

The following policies shall apply to all use of the Internet by the Company users through use of the Company facilities:

1. Access to the Internet through use of the Company facilities is provided for bona fide Company business purposes. While personal browsing of the Internet is not completely prohibited, such browsing should be confined to work breaks and other free time so as to avoid significant distraction or disruption of normal work activities. Personal use of e-mail should likewise be very limited. However, the Company provides no assurance of privacy with respect to any incidental personal use of the Internet, e-mail, telephone or datacomm lines, or any other facilities. In addition, use of Company facilities in furtherance of personal, political, or religious causes is not permitted.

2. Users must comply with all Company access procedures, including use of assigned user IDs and properly licensed software. User IDs may not be shared with other persons. Workers may not use e-mail assigned to other individuals to send or receive messages.

3. Any e-mail or other communications sent or received via the Internet must be appropriate for the workplace. Remember that e-mail is a relatively permanent form of communication. Do not transmit anything in an e-mail message that you would not be comfortable writing in a letter or memorandum. Deletion of an e-mail message does not eliminate backup copies of the message that are automatically stored electronically.

4. Software, databases, and similar "live" technology may not be sent or received via the Internet without (a) prior IS approval, (b) appropriate "virus" screening, (c) proof that the owner has authorized applicable copying, transmission, and use thereof, and (d) use of encryption and other security procedures as appropriate.

5. Employees are expected to act in a responsible and professional manner when they use the Internet, e-mail, and all other Company facilities. Actions that may cause interference with the Internet or disruption of work activities are prohibited.

6. Regardless of available encryption methods or other security, it should be assumed that the Internet is not adequately equipped to protect data that is considered highly sensitive, confidential, or personal. Dissemination of business or technical information of a sensitive, proprietary, or internal nature is not permitted without prior IS approval.

7. The Company reserves the right to access or monitor (with or without notice) any use of the Internet or other Company facilities, any transmission made via the Internet, e-mail, telephone, or datacomm facilities, or any electronically stored information. The reasons are in the Company's discretion, but may include retrieving business information, investigating or resolving network or communications problems, preventing system misuse, ensuring compliance with policies for use of third-party software, ensuring compliance with legal and regulatory requests, and enforcing Company policy.

8. Sexual, racial, or other offensive or unlawful remarks, jokes, or slurs and obscenities are prohibited.

9. Although it should go without saying, use of the Internet to view, access, upload, download, store, transmit, create, or otherwise manipulate pornographic or other sexually explicit materials is prohibited.

10. Use of the Internet is subject to all other Company policies.

Failure to adhere to the foregoing procedures may result in disciplinary action, including termination of employment.

INTERNET ACCESS REQUEST

User Information (all fields must be completed)

Employee Name: .................... Employee Number: .......

Job Title: ........................

Dept. Name: ....................... Office Location: .......

Tel. Number: ......................

By signing below, I acknowledge that I have read the Company Internet Policy and consent to and agree to comply with Section 7, Policies Regarding Use.

Signature: .......................... Date: ....... 19....

Mgm't Approval: ..................... Date: ....... 19....

IS Approval: ........................ Date: ....... 19....

Internet Services Requested

WWW (Access to the World-Wide-Web) [] yes [] no [] software

FTP (File transfers across the Internet) [] yes [] no [] software

Netscape-FTP (FTP using Netscape) [] yes [] no [] software

Telnet (Remote login across the Internet) [] yes [] no [] software

News-read (Internet News--Usenet) [] yes [] no [] software

News-post (Internet News--Usenet) [] yes [] no [] software

If FTP or Telnet access is requested, please provide reason: ............................................................

(1)A "home page" is technically only the gateway that serves as a main menu to documents or graphics that an organization maintains in a computer as a site on the Web. However, the term is often used as shorthand for all documents at the Web site.

(2)Registration of domain names is made by Network Solutions, Inc. (NSI), which is a company funded by the National Science Foundation that has served as Internet registrar since 1993. There are more than 110,000 domain names in the five top-level domains (.com, .edu, .net, .org, .gov).

(3)For example, it has been reported that a file called Good Times, when opened, releases a virus that deletes all information stored on a hard disk drive.