Home page logo

firewall-wizards logo Firewall Wizards mailing list archives

RE: OT - Acceptable Use Policy Legality
From: "Andy Wigglesworth" <jawiggy () rcn com>
Date: Fri, 17 Nov 2000 20:10:37 -0500

Yes...Policies need to be signed. You need it as proof that the employee
knows and understands the policy. Personally, I don't think that just having
them sign it is enough. More and more lately the courts are finding that way

I like to think of the process of policy development with 4 E's
Evaluate....the corporate culture
Establish.. the policies to match the culture
Educate... the end users in regards to the polices
Enforce... the polices with IT tools such as Firewalls, Anti-Virus,
Content Scanning, URL Filtering, etc....

Where most companies fail in policy development is with the 3rd E,
educating the end users in regards to the policies. Lets build a little
scenario for you. Joe in accounting has been going to web sites that the
company has
decided to be inappropriate for Joe to go to.  Joe has been warn ( talk
to) to stop yet he has not. Joe is fired. Joe turns around and sues the
company for wrongful termination. The reason, Joe says, is that he was
unaware of the company polices in regard to this. What the courts are
going to look for are the following:

Were there polices in place to begin with....Yes there was
Were there tools put in place to enforce the polices....Yes there was
Were there any form of education for the end users in regards to the
policies beside the company handbook that Joe was given when he was
hired..No, there wasn't

 Find some way to educate the end users.  Not just once, for that is not
enough in most courts, but on a scheduled time....maybe quarterly, in
regards to policy. I do know of a few programs that do just that if you
would like to know about them.

After all of this, the enforcement of the policies, from a corporate
standpoint, becomes allot easier. All that is left is for IT to pick the
best products to work with ( for they will have to manage these products
and enforce the polices on the back end ).

Andy Wigglesworth
~Policy First~

-----Original Message-----
From: firewall-wizards-admin () nfr com
[mailto:firewall-wizards-admin () nfr com]On Behalf Of Jeff Newton
Sent: Thursday, November 16, 2000 8:05 PM
To: firewall-wizards () nfr com
Subject: [fw-wiz] OT - Acceptable Use Policy Legality

I'm looking for information regarding the legality of an AUP.  Is it
absolutely necessary to have every employee sign it or is it
sufficient to indicate the AUP is a condition of employment?

Can anyone offer some insight on the topic?  Any lawyers in the crowd?


Jeff Newton

firewall-wizards mailing list
firewall-wizards () nfr com

firewall-wizards mailing list
firewall-wizards () nfr com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]