To avoid all the me-too's, I'll just post ours here. This is our "Portable Computing and Data Storage Device Policy". IANAL and I didn't write this, but here it is:
Sparling may provide a portable computing device (e.g. a laptop computer, smartphone, or personal digital assistant) and/or mass data storage devices (e.g. USB thumb drives, Smart Digital cards, CD/DVDs, external hard drives) to staff members whose regular duties include use of such devices. In some cases, a portable computing device and portable data storage device may be the same device. Sparling may also permit staff members to access its network using a portable computing device to perform their job duties. Personal Use of Company-Issued Portable Computing and Data Storage Devices Sparling's portable computing and data storage devices and the networks they access are intended for business use. Staff members may use such computing devices for occasional personal purposes, but any use must be on personal time. Personal use of portable computing and data storage devices must not interfere in any way with job duties or performance. Use of Portable Computing and Data Storage Devices Is Not Private Sparling has the ability to access and review all information stored on its portable computing and data storage devices and network. The Company reserves the right to perform such an inspection at any time. Staff members should not expect that any files, records, or other data stored on the Company's equipment and network are private, even with privacy protections in place (e.g. using a password or designating it as "personal"). Content Rules for Portable Computing and Data Storage Devices All of Sparling's policies and rules of conduct apply to staff member use of Company-issued portable computing and data storage devices. All communications (e.g. email, instant messaging, and Internet access) on Company-issued portable computing devices are subject to the Company's policies on appropriate use. This means, for example, that staff members may not send or store harassing messages, access pornographic or gambling websites, or violate any of the Company's other rules on appropriate communications content. Security of Portable Computing and Data Storage Devices Although portable computing equipment and convenient portable data storage devices can greatly improve the Company's communications and efficiency, they can also pose a risk to the security of the Company's proprietary information. If these devices are lost, stolen, or hacked into, an outsider could have access to Company data or the Company's network. To prevent theft and loss of data, staff members who receive Company-issued portable computing equipment and data storage devices must follow these guidelines: * Staff members should not download confidential Company information to a portable computing or data storage device unless it is absolutely necessary. If confidential Company information is stored on a portable computing or data storage device, it must be encrypted using Company-approved encryption software and it must be securely deleted as soon as that information is no longer needed. * Staff members should log off or sign off before leaving a portable computing device unattended. Likewise, portable computing devices must also require a password or PIN to use the device at power-on or boot-up. * If Company-issued portable computing devices are equipped with antivirus software, automatic updates to this software may not be blocked. * Staff members may not download, install, or use any software programs on a Company-issued portable computing device unless that program has been approved and installed by the IT department. * The same anti-virus and malware precautions are required for portable computing device as are required for Company computers. Email or IM attachments from unknown senders should not be opened. Internet files may not be opened, read, or downloaded without first allowing for a virus scan. * Staff members are responsible for the security of portable computing and data storage devices issued to them. These devices should be kept in one's possession whenever possible. If a portable computing or data storage device must be left unattended, it should be stored out of sight in a secure location, such as in a hotel safe or in a locked filing cabinet at home. Portable computing or data storage devices should not be left unattended in vehicles. * Staff members must immediately notify their manager and the Company's IT department if their portable computing or data storage device is lost or stolen so the Company may attempt to remotely delete or secure all data stored on the device. Don't Use Personal Portable Computing or Data Storage Devices for Work Storing Company information on a personal portable computing or data storage device, or using such a device to access or attach to the Company's network creates unacceptable security risks. Therefore, staff members are prohibited from using their own portable computing and data storage devices for business purposes, or from storing Company information on a personal computing or data storage device. The Director of IT may grant an exception to this policy in some limited circumstances and for some remote work situations. This policy does not apply to accessing Company email via the Web. No Portable Computing Device Use While Driving Staff members are prohibited from using any portable computing device for work-related matters while driving. Sparling is concerned for staff member safety and for the safety of other drivers and pedestrians, and texting, checking electronic messages, going online, or otherwise using a portable computing device while driving can lead to accidents. Urgent messages should be attended to only after exiting the road and parking in a safe location. Overtime and Portable Computing Devices The Company's overtime rules apply to any type of work done after hours, including using a Company-issued portable computing device (e.g. laptop, PDA, or smartphone) for work. All overtime work for non-exempt staff members, including work done on a personal computing device, must be pre-authorized by one's manager. ...Tim From: James Rankin [mailto:[email protected]] Sent: Friday, February 26, 2010 12:56 AM To: NT System Admin Issues Subject: Policy for external devices I don't suppose anyone has a policy for the connection and usage of external peripherals (cameras, mobile phones, USB keys, etc.) that they might care to share with me offlist? I have been tasked to produce one for my workplace and wouldn't mind reviewing the structure of an existing one to give myself a few pointers.... TIA, JRR -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
