Organizational Policy to address an IT-related ethical issue that you wrote about in your matrix for the B1 assignment (Individual)
Write an organizational policy to address the IT-related ethical workforce privacy issue that you described in Matrix B1, where you mapped key organizational issues and identified how these ethical issues were affected by laws, regulations, and policies. Please incorporate the instructor’s feedback from the review and grade and then use the Matrix B1 you produced as a supporting document.
1.1 This policy establishes principles that govern the organization’s use of their Network and/or the Internet resources from any computing devices by all the organization’s personnel.
1.2 This policy also holds to any personal use of the organization’s electronic communication through the e-mail system.
1.3 This policy also explains what disciplinary actions the organization may institute to lawfully monitor the use of the organization’s network and computing devices and investigate suspected unlawful behavior.
1.4 Access to the organization’s Internet access is allowed for the organization’s employees business objectives or the advancement of their skills and knowledge. Limited personal and responsible use is however allowed.
1.5 The organization shall monitor all online employee behavior for the purposes specified in Section 2.
1.6 The monitoring of the online activities of employees yields information comprising of user passwords, web pages visited, sent and received emails and files transferred through the Internet.
1.7 By carrying out monitoring of employee online activities, the employees consent to the organization’s access and procedural processing of any personal information (Thomas, 1999).
This policy aims at defining standards for employee online behavioral monitoring that assist in the limiting of personal web use from any computing device in the organization’s network. The policy is designated to prevent the organization’s computing assets and internet access from being utilized in an unsafe and irresponsible manner and to guarantee the organization’s network confidentiality, integrity, and reliability (McIvor, 2000)..
This policy is applicable to all employees, contractors and users of the organization’s internet and computing devices meant for carrying out their functions. This policy applies to all communications between the internet and the organization’s network originating from any end user. This includes e-mails, file sharing, instant messaging, uploads and downloads, web browsing and other standard protocols. This policy excludes server to server communication like database interactions, SMTP traffic and automated data backups (McIvor, 2000)..
All employees are required to adhere to this policy. Employees are held personally responsible for damages incurred through any violations of this policy. This policy stipulated ways in which the organization legally monitors and reports employee online behaviors and investigates improper behavior and system breaches by all end users. All employees are required to understand, acknowledge and agree to observe the rules hereunder (Information Resources Management Association, 2013).
4.1 Online behavioral Monitoring
4.1.1 The organization actively monitors its employees online activities through their network in order to obtain information on the improper behavior from any computing device and analyze it for possible security breaches or violation of the Employee online behavioral monitoring policy and disregard of the acceptable use policies (Thomas, 1999). This is for the protection of the organization’s customer resources and business data within its network.
4.1.2 The information obtained from online monitoring identifies the individual user and shows all their web activities. Therefore employees should not assume privacy when using the organization’s network even when accessing for personal use.
4.1.3 In the event of the detection of inappropriate use by an end user, this information shall be conveyed to the organization’s management. The management may then constitute necessary investigations.
4.2 Access to online behavioral monitoring reports
The access to the general reports and data on the employees online behaviors shall be granted to authorized entities within the organization such as the incidence response team or the legal department for the purposes of responding to a violation incident. Online behavior reports containing particulars of users, sites visited or devices used shall be accessed only by specific personnel within the organization’s management upon written request from the Human Resources departmental head (Thomas, 1999).
4.3 Internet use filtering
The organization’s IT department shall not permit the access, transmission, printing or display of online sources and protocols that are classified as unfitting for the organization’s corporate objectives and perspectives through their network (Information Resources Management Association, 2013).
This includes raunchy language, pornography, uncongenial material discriminating against gender, race, sexual orientation, religion, political affiliations and disability. The IT department should also refuse access to information that can promote hatred, violence, offence or needless anxiety (McIvor, 2000).
The following protocols and categories of websites should be blocked:
- Adult/Sexually Explicit Material
- Advertisements & Pop-Ups
- Chat and Instant Messaging
- Illegal Drugs
- Intimate Apparel and Swimwear
- Peer to Peer File Sharing
- Personals and Dating
- Social Network Services
- SPAM, Phishing and Fraud
- Tasteless and Offensive Content
- Violence, Intolerance and Hate
- Web Based Email (Thomas, 1999).
4.4 Internet Use Filtering Rule Changes
The organization’s IT department reserves the right to sporadically review and modify the employee internet use rules and update the changes within the employee online behavioral monitoring policy.
The organization’s IT department together with their Internet Service Providers have a duty to ensure that any employee does not;
- i) Deliberately outmaneuver the online monitoring system by exploiting system vulnerabilities.
- ii) Deliberately introduce, execute and/or propagate any malicious computer code (malware) that could jeopardize the organization’s business or inhibit the performance of the their network.
iii) Transmit or expose any protected organization’s data or sensitive customer information to any third party without due authorization (McIvor, 2000)..
4.5 Internet Use Filtering Exceptions
Employees may request a blocked site that they view as mis-categorized to be unblocked. This should be done in writing and addressed to the IT department. The IT departmental head shall then review the request and authorize that the site to be unblocked if it is mis-categorized.
Employees may also request for authorization to temporarily access blocked websites if appropriate and necessary for any organizational tasks. This should be done in writing and addressed to the Human resources department. The HR head will then confirm the exception intentions and request the IT department in writing to allow it. The IT departmental head shall then authorize that the site to be unblocked for that reason only (Information Resources Management Association, 2013).
5 Policy Compliance
5.1 Compliance Measurement
The organization’s management with constitute a team that will be mandated to verify and oversee the compliance to this policy through several ways such as internal and external audits, policy stakeholders surveys and feedback, business tool reporting and sporadic checks.
The team should conduct annual reviews of the policy to check on its effectiveness and correct any deficiencies (Information Resources Management Association, 2013).
Any exception to the employee online behavioral monitoring policy must be approved by the oversight team in advance.
The organization’s employees should report any observed or likely violations of this policy to the policy oversight team.
Any employee found in violation of this policy shall be subjected to disciplinary action, up to and including termination of employment (Thomas, 1999).
6 Related Standards, Policies and Processes
Acceptable use policy
Information Resources Management Association. (2013). IT policy and ethics: Concepts, methodologies, tools, and applications. Hershey, Pa: IGI Global
Peters, Thomas A. (1999). Computerized Monitoring and Online Privacy. Jefferson, North Carolina: McFarland & Company
McIvor, S. (2002). E-mail and Internet Monitoring and the Workplace: Do Employees have a Right to Privacy? , Communications and the Law, 24(2), 69-84.