From: C y b e r T e c h @ L i s t s . E x M a c h i n a . n e t <http://www.cybercafe21.net> & <http://www.cybercafe21.tv>
Chapter 5. E-Mail Usage E-Mail Use by Company Employees |-------------------+------------------------------------------------| | General| The corporate E-Mail system is a resource that | | | belongs to Comapny, much like office space or | | | telephone systems. The E-mail system is to be | | | used in furtherance of Comapny's interests. | | | Data stored or transmitted by the E-Mail system| | | belong to Comapny. | | | | | | Use of E-Mail must be consistent with Comapny | | | policies, reflecting legal, ethical conduct | | | with no conflict of interest. Initiation or | | | intentional forwarding of harassing, libelous, | | | threatening, abusive, or obscene E-Mail is a | | | violation of this requirement and may be cause | | | for disciplinary action including dismissal. | | | Do not expect E-Mail messages to be private. | |-------------------+------------------------------------------------| | Access and| General E-Mail content is not monitored as a | | Disclosure| routine matter, but Comapny reserves the right | | | to access and disclose the contents of employee| | | E-Mail messages. | | | | | | Legitimate requests of law enforcement for | | | access to E-Mail content will be honored. | | | | | | Electronic "snooping" by any employee is a | | | violation of this requirement and may be cause | | | for disciplinary action including dismissal. | |-------------------+------------------------------------------------| | Personal Use|Incidental and occasional personal use of E-Mail| | |for training or in connection with an overall | | |business purpose is permitted, consistent with | | |the above directives, but such messages will be | | |treated no differently from other messages. | | |Privacy of E-Mail messages is not assured. | |-------------------+------------------------------------------------| | | | |-------------------+------------------------------------------------| E-Mail Use by Third Parties |-------------------+------------------------------------------------| | General|These requirements and guidelines are intended | | |to promote effective management of the growing | | |need for effective E-Mail connectivity between | | |Comapny staff and customers, suppliers, joint | | |ventures, and other companies with which Comapny| | |has business relationships. | | | | | |The preferred solution for exchanging E-Mail | | |with third parties is through the Exmail | | |gateway, however other alternatives may need to | | |be used in certain circumstances. | |-------------------+------------------------------------------------| | Exposures| Non-E-mail services are often integrated with | | |E-mail, so if a non-Comapny person uses Comapny | | |E-Mail, access may be implicitly granted to | | |calendar and other information, such as bulletin| | |boards, world-wide employee directories, etc. | | |This information is sensitive, even if not | | |classified, and is not generally intended for | | |access by non-Comapny personnel. | | | | | | Users of Comapny's E-mail systems have open | | |access to external Email through the EXMAIL | | |gateway. The ability for an outsider to use | | |Comapny services to communicate with other | | |outsiders is not appropriate for several | | |reasons. For example, Comapny could be sued for| | |the outsider's misbehavior while using the | | |Comapny service as such use would appear to | | |originate authentically from within Comapny.. | | |Also, Comapny does not want to appear to be | | |providing common carrier services. | | | | | | Comapny's E-mail service providers might incur| | |liabilities by unwittingly providing services to| | |outside companies, for example: the consequences| | |of failures in message service availability, | | |timely delivery, integrity, confidentiality. | |-------------------+------------------------------------------------| | Configuration| The preferred approach is through the | | Alternatives| EXMAIL Gateway: the outsiders are independent| | | from Comapny, the Gateway service providers' | | | risk assessment and controls analysis may | | | suffice, and no additional Comapny management| | | approval may be necessary. The EXMAIL Gateway| | | supports E-Mail to/from X.400 Value Added | | | Networks (VANs) and, through the VANs, to the| | | Internet. | | | | | | The next best approach is a separate | | | Comapny E-mail service, e.g., an OV/PROFS | | | image or LAN-based E-mail server, that | | | provides only E-Mail services, but does not | | | allow sharing of calendar and other related | | | information, and does not allow any access to| | | the Comapny network directly (CNMM issue). | | | There are a limited number of instances of | | | this approach in operation now. Careful | | | planning and coordination is required to | | | extend this type of service to other sites | | | or parties. The service provider must | | | consider potential liabilities. Appropriate | | | risk assessments/acceptances by sponsor and | | | service provider management are required. | | | | | | The least preferred approach is for the | | | Comapny business sponsor to request an ID for| | | the outside user on an otherwise internal | | | Comapny E-Mail service, limiting privileges | | | appropriately: | | | | | | - restrict non-Comapny users to only | | | authorized networked applications | | | (potential explicit CNMM addition) | | | - restrict access to E-Mail and | | | integrated facilities to only those | | | functions necessary to support required | | | communication with Comapny. | | | The service provider needs to consider | | | potential liabilities. Appropriate risk | | | assessments/acceptances by the sponsor and | | | service provider management are required. | |-------------------+------------------------------------------------| | Dealing with| JV companies are independent, outside | | joint-venture (JV)| companies | | companies| | | | If the JV is operated by Comapny | | | management, it can be treated as though it | | | were an Comapny company for the purposes of | | | E-Mail, BUT: | | | | | | a. Comapny employees on assignment can be| | | treated as Comapny E-Mail users subject to| | | network access controls specified by the | | | Corporate Network Management Manual (CNMM)| | | | | | b. JV employees can probably be treated as| | | Comapny E-Mail users if JV management is | | | Comapny and they or other sponsor | | | represents that Comapny expectations and | | | the System of Management Control govern | | | behavior | | | | | | c. Staff on assignment from JV partners | | | are outsiders (if there are many staff | | | from partners on the JV's site, its status| | | as an Comapny site should be questioned by| | | the Comapny JV management) | |-------------------+------------------------------------------------| | Required| Contractors and others who work in | | Practices| Comapny-supervised facilities and are | | | sponsored by Comapny management are | | | considered Comapny E-Mail users if they are | | | under non-disclosure agreements. This is and | | | has been a common situation. | | | | | | An Comapny business management sponsor | | | must take responsibility for the non-Comapny | | | staff who use Comapny E-mail: | | | | | | - service provider management does | | | not have the business responsibility to | | | effectively fill this role | | | | | | - this role is permanent for the | | | duration of the non-Comapny use of the | | | E-Mail system | | | | | | - the sponsor must periodically | | | review and re-authorize the users | | | | | | - the sponsor must communicate | | | expected/required behavior to non-Comapny | | | staff | | | | | | The Comapny E-mail service provider is | | | responsible to assess risk and implement | | | controls to limit the impact of non-Comapny | | | users. | |-------------------+------------------------------------------------| | Recommended| Shared E-mail service providers should | | Practices| inform user management (information owners) | | | that non-employee E-Mail users can routinely | | | view other related information, such as | | | directories, calendars, and bulletin boards, | | | so that the user management can decide if the| | | E-mail environment is appropriate for their | | | information. | |-------------------+------------------------------------------------| .. et si internet vous voyait ? Abonnez-vous en septembre a chello et recevez une webcam ! >>> En savoir plus ? http://www.chello.be - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - CCTK vous est offert par Emakina <http://www.emakina.com> Pour vous desabonner <mailto:[EMAIL PROTECTED]>
