Your work is vital. We are raising funds to support it.
Can anyone share their Internet Usage Policy with me? Specifically I want to see what other non-profits allow and disallow as far as Internet usage goes. Our CEO would like to allow access to everything and I don't think that's wise. I'd like to show him what others are doing in the commmunity. Thanks, Al
I don't have a policy on hand, but using something like open dns can really help block categories of bad sites you don't want used on, while on your network. IMO these would typically include proxy and anonymizing sites, file sharing, adult, hate, drug related, known malicious sites or those containing malware/adware or other viruses. My written policy would include these types of websites and I would use something to physically block them on a DNS and firewall level as well.
It's tough for me to appreciate any legitimate usage of these types of sites for most organizations. Some of them can result if legal repercussions or just embarrassment, if users are caught on them publicly. I'm not a huge fan of censoring and blocking in general, but I would just assume not have to worry about sites like these.
Also something to consider if bandwidth is a concern, file sharing or video related site can bring a network to a halt. Depending on what sort of computers, servers, and equipment you have connected to the network, this may or may not be a big concern.
"I'd like to show him what others are doing in the community"
Most nonprofits don't have an Internet Usage Policy. That said, some do exist - some having to do with how staff should and shouldn't use the Internet at work, some having to do with how staff should and shouldn't use social media to talk about work.
I typed these phrases into Google and got several examples of both (note you will have to look through the results to separate policies and employee handbooks out from privacy notices on web sites):
American Red Cross internet usage policy
BLM employee internet usage policy
Goodwill internet usage policy
volunteer internet usage policy
american red cross social media policy
-=-=-=-=-=- Jayne Cravens Author, The LAST Virtual Volunteering Guidebook
We try to be as open as possible but we block certain categories such as hacking and "adult" sites. Below is a section of our policy:
This policy is intended to make “OUR ORGANIZATION” Internet access a safe, secure, and productive business tool; achieving this goal requires a carefully managed mixture of technology, policy, and training. “OUR ORGANIZATION” intends to help create the widest access to Internet resources in the most efficient way possible, with minimal risk to core business systems and sensitive company data, maintaining security and system integrity by reducing risk of virus intrusion and loss of information to unauthorized sources, and to protect “OUR ORGANIZATION” from possible lawsuits arising from inappropriate usage of the Internet.
Additional components of Internet usage management are:
• Statement of Responsibility to include the safeguarding of information by using tools for monitoring, recording, and/or blocking Internet usage.
• Identify acceptable and unacceptable use of computers and the Internet in order to reduce business and legal risk associated with the misuse of resources; reduce this risk by training end-users in the proper use of, and access to, search engines, encryption tools and browsers.
• Explain physical security and computer viruses
• Develop and identify a clear and explicit Internet usage policy as outlined in this document.
“OUR ORGANIZATION” provides access to the vast information resources of the Internet to help the staff perform their tasks quickly and intelligently and to be well-informed business citizens. The facilities to provide that access represent a considerable commitment and cost to the company in resources of hardware, software, telecommunications, networking, storage, etc. This Internet usage policy is designed to help staff members understand management expectations for the use of resources in the particular conditions of the Internet, and to help employees use those resources wisely.
The Internet is replete with security risks, inappropriate material such as pornography, games and gambling. Unnecessary or unauthorized Internet usage causes network and server congestion. It slows other users, takes away from work time, consumes supplies, and ties up shared resources. Unlawful Internet usage may also garner negative publicity for the company and expose the firm to significant legal liabilities.
The chat rooms, news groups, and e-mail of the Internet give each individual Internet user an immense and unprecedented reach to propagate company messages and tell our business story. However, due to the power abuse potential “OUR ORGANIZATION” must ensure the clarity, consistency and integrity of the company's corporate image and posture. Any statement by an employee can be construed as “OUR ORGANIZATION” policy. Employees must forgo a measure of individual freedom in Internet usage, and must understand the necessity of decisions and limitations and disciplines.
While direct Internet access offers a number of potential benefits, it also opens the door to significant risks to data and systems if appropriate security disciplines are not adhered. The overriding principle is that security is to be everyone's first concern. An Internet user can be held accountable for any breaches of security or confidentiality.
Certain terms in this policy should be understood expansively to include related concepts.
The term ‘Employee’ includes:
• Permanent employees
• Temporary hires
• Contract personnel
• Bureau personnel
The term ‘Company’ includes:
• Our affiliates
The term ‘Document’ includes:
• Any kind of file that can be read on a computer screen as if it were a printed page
• HTML files read in an Internet browser
• Any file meant to be accessed by a word processing program or its viewer
• Files prepared for the Adobe Acrobat reader and other electronic publishing tools, etc.
The term “Graphics” includes:
• Images, etc.
All employees granted Internet access with company facilities must adhere to this policy, which is available on the “OUR ORGANIZATION”. Intranet or in the “OUR ORGANIZATION” Policy and Procedure Manual.
B. Internet Usage Management, Administration and Responsibilities
1. The Director of Information Technology (IT), and the Director of Network & Telecommunications Systems are responsible for the administration of this policy. The company has software and systems in place that have the ability to monitor, record and/or block any and all Internet usage. “OUR ORGANIZATION” employees will be informed that company security systems are capable of recording (for each and every user) each World Wide Web site visit, each chat room log-on, news group access or e-mail message, and each file transfer into and out of “OUR ORGANIZATION” internal networks; and that “OUR ORGANIZATION” reserves the right to monitor at any time. No employee should have any expectation of privacy as to his or her Internet usage. Managers will review Internet activity and analyze usage patterns, and may choose to publicize the data to assure that company Internet resources are devoted to maintaining the highest levels of “OUR ORGANIZATION” business productivity.
2. Computer systems are an integral part of “OUR ORGANIZATION” and all data residing on or within these computers and servers belongs to the Company as a resource. As property of the Company, “OUR ORGANIZATION” reserves the right to archive, monitor and inspect any and all files stored in all areas of the PC, servers and networks, to ensure policy compliance. It is the responsibility of our IT Management team, to follow such procedures in order to protect the Company. The following are the responsibility of each employee:
• Ensure that all communications are for professional reasons and they do not interfere with productivity while at work.
• Be responsible for the content of all test, audio, or images and Internet locations access or places you either download material or send material, over the system. All communication should have the employee’s name attached or included.
• Never transmit copyrighted materials without written permission to include sharing of software or computer products.
• Know and abide by all applicable “OUR ORGANIZATION” policies dealing with security and confidentiality of Company records.
• Never participate in message or chat boards not directly related to work at “OUR ORGANIZATION”.
• Be cognizant of the fact most e-mails can be intercepted or discoverable in a lawsuit and therefore, what is said in an e-mail is not private. Never say anything on an e-mail you would not say in a group.
C. Acceptable Use of the Internet
Acceptable use includes the employee’s use of the Internet, and Internet e-mail while representing the Company. Employees are responsible for ensuring that the Internet, and Internet e-mail are used in an effective, ethical and lawful manner. Examples of acceptable use are:
• Using Web browsers to obtain business information from other web sites.
• Accessing databases for information as needed to perform business operations.
• Using Internet and Internet E-mail for business related contacts and communications.
1. In the interest of a well-informed staff, use of news briefing services such as Pointcast are acceptable.
2. Employees with Internet access will not use “OUR ORGANIZATION” Internet facilities to download images or videos unless there is an explicit business-related use for such material.
3. Employees with Internet access will not upload any software licensed to “OUR ORGANIZATION” or data owned or licensed by “OUR ORGANIZATION” without explicit authorization from Technology Division (TD).
D. Unacceptable Use
Unacceptable use includes the display of any sexually explicit image or document on any company system. This is a direct violation of “OUR ORGANIZATION” policy concerning sexual harassment. In addition, sexually explicit material may not be archived, stored, distributed, edited, printed or recorded using “OUR ORGANIZATION” network or computing resources. Employees may not use the Internet for purposes that are illegal, unethical, harmful to the Company, or considered to be nonproductive. Examples of unacceptable use are:
• Sending or forwarding chain E-mail, i.e., messages containing instructions to forward the message to others.
• Broadcasting E-mail, i.e. sending the same message to more than 10 recipients or more than one distribution list which contain non-business contacts.
• Conducting personal business using Company resources.
• Sending, receiving, displaying, printing, or otherwise disseminating material that is fraudulent, harassing, embarrassing, sexually explicit, obscene, intimidating or defamatory.
• Violating any license governing the use of software.
1. Employees will not use the company's Internet facilities to deliberately propagate any virus, worm, Trojan horse, or trap-door program code. Employees will not use the company's Internet facilities knowingly to disable or overload any computer system or network, or to circumvent any system intended to protect the privacy or security of another user.
2. “OUR ORGANIZATION” Internet facilities and computing resources will not be used knowingly to violate the laws and regulations of the United States or any other nation, or the laws and regulations of any state, city, province or other local jurisdiction. Use of company resources for illegal activity is grounds for immediate dismissal, and “OUR ORGANIZATION” may cooperate with any legitimate law enforcement agency.
3. Use of company Internet access facilities to commit infractions such as misuse of company assets or resources, sexual harassment, unauthorized public speaking, and misappropriation or theft of intellectual property are also prohibited by general company policy.
4. Employees with Internet access may not use “OUR ORGANIZATION” Internet facilities to download entertainment software or games, or to play games against opponents over the Internet.
E. Physical Security
1. In order to facilitate physical security, it is the policy of “OUR ORGANIZATION” to protect computer hardware, software, data, and documentation from misuse, theft, unauthorized access and environmental hazards. The company utilizes independently supplied software and data to identify inappropriate or sexually explicit Internet sites. If an employee accidentally or inadvertently connects to a site with sexually explicit material, the employee must note the Internet address and disconnect immediately. The employee should then report the site address to IT Management. If this site is required to complete official company business and no other resource is available, a Service Director may request the URL for that site be accessed. The Director of Broadcasting may be informed of such requests.
2. Computer viruses are programs designed to make unauthorized changes or destroy the programs and data. In order to protect our programs, files and data we have established several restrictions for all downloaded material. Files downloaded via the Internet into the company network become the property of the company. Files or software will be used only in ways consistent with licenses or copyright agreements. Employees will not use company facilities knowingly to download or distribute pirated software or data.
3. All “OUR ORGANIZATION” employees using the Internet facilities of the company shall identify themselves honestly, accurately, and completely (including one's company affiliation and function where requested) when participating in chat rooms or news groups, or when setting up accounts on outside computer systems. Employees are reminded that chat rooms and news groups are public forums, and it is inappropriate to reveal confidential company information, customer data, trade secrets, and any other material covered by existing company policies and procedures. Employees releasing protected information via a news group or chat—whether or not the release is inadvertent—will be subject to all penalties under existing data security policies and procedures.
4. Only specified “OUR ORGANIZATION” employees or officials who are duly authorized to speak to the media, to analysts, or at public gatherings on behalf of the company may speak or write, as a company spokesperson, to any news group or chat room. Other employees may participate in news groups or chats in the course of business when relevant to their duties, but they do so as “individuals” speaking only for themselves. Where an individual participant is identified as an employee or agent of “OUR ORGANIZATION”, the employee will refrain from any unauthorized political advocacy and will refrain from the unauthorized endorsement or appearance of endorsement by “OUR ORGANIZATION” of any commercial product or service.
5. The company retains copyright agreements/licenses for any material posted to any forum, news group, chat room or World Wide Web page by any employee in the course of his or her duties.
6. Employees with Internet access must consider the copyright, trademark, libel, slander and public speech control laws of all countries where “OUR ORGANIZATION” maintains a business presence to ensure Internet usage does not inadvertently violate laws that may be enforceable against “OUR ORGANIZATION”.
7. Only authorized TD technical staff may download software with direct business use; to include music audio files. Employees wishing to download Internet software for use or evaluation must request assistance from TD. The TD staff is responsible for evaluating software for viruses, and ensuring all software is properly licensed and registered.
F. Internet Technical Operating Procedures
1. User IDs and passwords maintain individual accountability for Internet resource usage. Any employee who obtains a password or ID for an Internet resource will keep all passwords and IDs confidential. “OUR ORGANIZATION” policy prohibits the sharing of user IDs or passwords obtained for access to Internet sites.
2. Employees will schedule communications-intensive operations such as large file transfers, video downloads, mass mailings and the like for off-peak times.
3. Video and audio streaming and downloading technologies represent significant data traffic, which causes local network congestion. Video and audio downloading will be avoided, but if deemed necessary by management, will only be scheduled for off-peak times.
Ron, that Internet Usage policy is fantastic! We just got a security audit that said we were lacking many policies. This is one that we lacked.
Gary Network/Systems Admin Berlin, NHHost Non-profit Tech Careers, Security ForumsCo-Host Networks, Hardware, & Telecommunications Forum
Here is our usage policy. Note we are in the middle of revising this to be more expansive but this should get your started.
Meals on Wheels of TexomaComputer and Internet Acceptable Use PolicyMOWOT (MOWOT) provides internet connectivity and, at most centers, computers for use in carrying out its business. All communication and information transmitted by, received from, or stored in these systems are the property of MOWOT and, as such, are intended to be used for job-related purposes only.This policy must be distributed to all employees and a signed copy of this policy must be placed in all employees’ personnel files. By signing this policy, you are indicating your familiarity with and thorough comprehension of all aspects of this policy.MonitoringIn most cases, MOWOT provides internet connectivity, personal computers, electronic mail accounts, software licenses, and other technology for your use on MOWOT business. MOWOT may access and disclose all data or messages stored on its systems or sent over its electronic mail system. MOWOT reserves the right to monitor communication and data at any time, with or without notice, to ensure that MOWOT property is being used only for business purposes. MOWOT also reserves the right to disclose the contents of messages for any purpose at its sole discretion. MOWOT, at its sole discretion, may choose to monitor and observe computer activity being performed on any MOWOT asset.RetrievalNotwithstanding the MOWOT's right to retrieve and read any e-mail messages, such messages should be treated as confidential by other employees and accessed only by the intended recipient. Employees are not authorized to retrieve or read any e-mail messages that are not sent to them and cannot use a password, access a file, or retrieve any stored information unless authorized to do so.PasswordsPasswords are assigned by the IT department and should not be given to other staff or persons outside the organization. MOWOT reserves the right to override any employee-selected passwords and/or codes which are placed on any MOWOT assets. Employees are required to provide the MOWOT with any such codes or passwords to facilitate access as needed. Periodically, staff may be required to change their passwords. Computers owned by MOWOT should not be accessible by nor made available to volunteer staff, as they contain information which relates to our clients’ privacy. In the case where an employee does provide another person access to their account, they will be responsible for the actions of the individual using their account. Passwords should not be stored in computer data files, on the network, or be displayed openly at any workstation.Rev. 3/1/17 46Message ContentElectronic messagingis provided as a convenience to both employees and MOWOT administration. Every manager is expected to check email throughout the day, and to respond to email with the same sense of urgency and timeliness as any other form of communication. The e-mail system is not to be used to solicit for commercial, religious or political causes, outside organizations or other non-job-related communications. The system is not to be used to create any offensive or disruptive messages. Among those which are considered offensive are any messages which contain sexual implications, racial slurs, gender-specific comments or any other comment that offensively addresses someone's age, sexual orientation, religious or political beliefs, national origin or disability. The organization’s overall employee manual or code of conduct shall be considered the prevailing authority in the event of possible misconduct.Employees should note that any data and information on the system will not be deemed personal or private. In addition, the e-mail system may not be used to send (upload) or receive (download) copyrighted materials, trade secrets, proprietary financial information, or similar materials without prior authorization.Legal ProceedingsInformation sent by employees via the electronic mail system may be used in legal proceedings. Electronic mail messages are considered written communications and are potentially the subject of subpoena in litigation. MOWOT can and will inspect the contents of electronic mail messages in the course of an investigation, will respond to the legal process and will fulfill any legal obligations to third parties.Physical SecurityAccess to computer rooms will be limited to staff who require access for the normal performance of their jobs. Computers with sensitive information installed on the local disk drive should be secured in a locked room or office during non-business hours. Equipment which is to be removed from MOWOT property must be approved in advance with the IT department and an inventory of this equipment maintained by IT. All equipment removal from the premises by an individual must be documented, including the makes, manufacturers and serial numbers on an IT supplied form, and a copy of this form shall be filed in the employee’s HR folder. If the employee leaves the organization, he or she must return the equipment to MOWOT prior to the last day of employment.Network SecurityIT will monitor network security on a regular basis. Adequate information concerning network traffic and activity will be logged to ensure that breaches in network security can be detected. IT will also implement and maintain procedures to provide adequate protection from intrusion into MOWOT's computer systems from external sources.Rev. 3/1/17 47Personal Computer SecurityOnly legally licensed software will be installed on MOWOT computers. Software cannot be copied or installed without the permission or involvement of the IT department. IT will configure all workstations with virus protection software, which should not be removed or disabled. Each employee is responsible for protecting their computer against virus attack by helping to ensure their virus protection is current and up-to-date. From time to time, any user of a computer will be presented with popup messages which prompt the user to update their antivirus software. Staff should allow the software to update itself, and any message relating to Norton Software should be answered in the affirmative, allowing the software to be updated periodically. As a general rule, staff should log out of the network and turn their computers off before leaving the office at night or over the weekend unless there is a reason not to do so. Staff should log off of the network when they will be away from their desk for an extended period.Backup ProceduresNetwork resources are backed up nightly, and tapes are rotated on a 5-day schedule and stored off-site. Data stored on the local PC drives is not routinely backed up, and as a result, important data and applications should not be stored on the C: drives of these machines. Corporate staff working on especially crucial information are encouraged to backup these projects to network drives, such as the X: or U: drivesAccess to MOWOT ComputersMOWOT will provide computer accounts to all MOWOT staff. External people who are determined to be strategically important to MOWOT, such as temporary staff, volunteers, or contractors, will also be provided accounts as appropriate, on a case-by-case basis. The employee managing the temporary or contract staff assumes responsibility for the identification of access requirements and use of the account. Accounts will be revoked on request of the user or manager or when the employee terminates employment at MOWOT.Internet UseThe Internet is to be used for business purposes only. Employees with Internet access are expressly prohibited from accessing, viewing, downloading, or printing pornographic or other sexually explicit materials. In addition, employees should be mindful that there is no assurance that e-mail texts and attachments sent within the MOWOT and on the Internet will not be seen, accessed or intercepted by unauthorized parties.Failure to comply with all components of the Computer and Technology Resource Usage Policy may result in disciplinary action up to and including termination of employment. If you do not understand any part of the policy, it is your responsibility to obtain clarification from your manager or the IT department.Rev. 3/1/17 48Software UsageEmployees are expected to use the standard software provided by IT, or identify applications they need in the course of their work. Staff members are not permitted to download applications, demos or upgrades without the involvement of IT. Employees will use Microsoft Outlook, provided by MOWOT, for official e-mail communications, and should not install their own e-mail systems. Additionally, use of instant messaging programs, such as ICQ, AOL Instant Messenger, Microsoft Messenger, Yahoo Messenger, etc., is prohibited unless otherwise approved by management or the IT department. Access to and use of social networking sites is prohibited, including Facebook, MySpace, Twitter, last.fm, Yelp, etc.Failure to comply with all components of the Computer and Technology Resource Usage Policy may result in disciplinary action up to and including termination of employment. Any employee who does not understand any part of the policy is responsible for obtaining clarification from his or her manager or the IT department.GamesPlaying games of any kind on MOWOT computers is strictly prohibited. This includes both online games, as well as games locally installed, such as Solitaire or Minesweeper.SEE PAGE 53 FOR ACKNOWLEDGMENT OF COMPUTER AND INTERNET POLICY.
Thanks for posting this - I see you're reviewing it to be more expansive. It seems pretty expansive now, how would you add to it?
Close this window