Purpose of an Internet usage policy is to define what is allowed or not when using network and establish Internet connections, so that company workers and collaborators can carry out their activities in an environment safe and quality.
When creating an Internet usage policy, we must consider its objective, which is to establish guidelines and rules to ensure security in all forms of usage, taking into account the company’s culture, while keeping the business strategy in mind, always considering the needs of stakeholders, and thus offering all customers a safe and quality service.
Previous definition of points to consider when making the policy, it should be noted that policy will impact the entire company, so it cannot be treated randomly and apply only to one area of company. The idea is to promote awareness throughout company structure and facilitate the correct development of work with all interested parties.
10 Tips for Creating an Internet Usage Policy:
1. The document with description of permitted and non-permitted uses must be available at all times to any interested party of company. It should be published on intranet or available in a shared folder in a readable and non-editable format.
2. It will be necessary to assign responsibility for document management to a person from company with sufficient knowledge to establish this policy. It will also be convenient for you to know security requirements of organization to validate that all established guidelines can be put into operation and adjust to existing operational network.
3. It is important to meet with the company’s department heads to reflect on the needs of each department and align the policy with all of them, thus allowing the adaptation of guidelines that allow a smooth and effective development of all the activities and services offered by the company.
4. Specify, based on the information classification predefined in your company, how email, printers, and photocopiers should be used, what is allowed to be sent/printed and/or copied, and under what security conditions it is necessary to do so, specifying what content cannot be processed through the Internet network. Take into account the possible vulnerabilities of your company’s network by investigating the different data and advice provided by the competent authorities, thus creating a policy that fits both the needs of the company and the latest updates and trends.
5.Considering possible vulnerabilities that your company’s network has by investigating different data and advice provided by competent authorities, thus making a policy that is tailored both to needs of the company and to the latest updates and trends.
6.In case of making changes in Internet use policy, it will always be necessary to evaluate impact that any change will have on the company and guaranteeing that all modifications made will come to the knowledge of all interested parties.
7. Make clear which will be measures to adopt in case of non-compliance or violation of any aspect indicated in the policy.
8. Try to protect all networks and Internet connections, both for internal and external devices, prohibiting access to those unauthorized websites, installing an antivirus on all devices in addition to one or more firewalls in the company’s network structure.
9.Inform users that company’s internal network can only be used for professional purposes, specifying which websites are allowed to access through the network.
10.Finally, formalize an Internet use policy signed and validated by the Directorate-General that ensures endorsement of established measures and interested parties understand the importance of it.
Following these points, you can establish a suitable Internet use policy for your organization, taking into account its needs and ensuring provision of a safe and quality service.
In our company GlobalSuite Solutions we have an expert team inthe implementation of Information SecurityManagement Systems,who can help you improve the security management in your company. The GlobalSuite® software,entirely developed by our team, allows us to maintain any management system by centralizing all regulatory requirements and managing it efficiently and with full traceability.
