EMAIL USE PROCEDURES

Document Sample
EMAIL USE PROCEDURES Powered By Docstoc
					             INFORMATION SECURITY MANAGEMENT


             Use of E-mail
These policies and procedures strengthen the Corporate codes of practice for email and internet ,
which you should familiarise yourself with, and must be adhered to at all times.

INTRODUCTION
E-mail and the Internet are now accepted as essential business tools for communication and
information exchange. It is necessary to create policies and procedures that set out standards which
users are required to observe, in order to protect themselves and the organisation from damage such
as legal liabilities, viruses and breach of confidentiality.

All information, except that already in the public domain, gained by SCC employees in the course of
their work should only be used for legitimate work purposes. It is a disciplinary offence to use,
distribute, or attempt to access any information subject to the Data Protection Act, or deemed
confidential, without a legitimate work reason.

All emails composed, sent or received using SCC facilities, including your SCC mailbox, are the
property and ultimate responsibility of SCC. Individuals cannot expect any e-mail to be for private
viewing only. All e-mails and activities on IT systems are subject to scrutiny by Somerset County
Council. You are accountable for ensuring the appropriateness of all emails you send or solicit using
these facilities. All staff are responsible for setting their „out of office assistant‟ when absent for any
length of time. In cases of absence due to periods of leave, sickness or sudden departures, your mail
box will be opened by a nominated user, with authorisation from a Senior Manager, to set a rule that
will send an out of office reply to every email. The nominated user will also scan any email received
since the absence to ensure continuity of business is upheld.

All email is stored and the Council may inspect email (including personal email) at any time without
notice (subject to the Monitoring Code, to be found at Data Protection.gov.uk (Codes of Practice and
other papers, Employment Part 3. 3.2 General approach to monitoring). In an employee‟s absence, it
may be necessary to check mailboxes to ensure Somerset County Council responds properly to
clients and other contacts. Monitoring will also be undertaken if a specific criminal activity or abuse or
misuse of IT systems is suspected or identified. In such instances investigating officers will need to
obtain authorisation from the Personnel Group, in line with the Surveillance and Monitoring Policy
(found on the intranet).

The handling of Confidential Data via email, causes more Information Security Risks, and must be
dealt with differently. Whilst email within the County Council is secure, any mail leaving the County
Council cannot be acknowledged to be so. A project is being set up to look into the use of encrypted
e-mails with other bodies. Staff who will be required to use this method of email will be fully trained to
do so. This procedure covers general use only.

GENERAL USE

       The Council‟s email and Internet systems are primarily for SCC business use. Occasional and
        reasonable personal use is permitted, provided that this does not interfere with the
        performance of your duties. Personal use should not breach workplace policies or codes of
        conduct and, wherever possible, such use should be restricted to times when you are not
        officially working.
       Use for non-SCC businesses, including that of non-profit organisations, is prohibited.
       Sending e-mail via insecure public lines (e.g. the Internet) can compromise the Confidentiality
        and Integrity of the information being transmitted. In Social Services this means you cannot
        send confidential information (including personal data) to anyone outside Somerset County
        Council or Somerset Partnership.


06/03/2010    IF PRINTED THIS DOCUMENT WILL BE CONSIDERED AN UNCONTROLLED           Ver.1
              COPY. CHECK THE PROCEDURE MANUAL FOR CURRENT VALIDITY
       Always check the content of e-mails for confidential information before forwarding them to
        others and only forward relevant messages.
       Obtain confirmation from the recipient for all important emails sent. An automatic „read‟
        receipt does not guarantee that the recipient has read it.
       If you work at a small establishment or at home using a dial-up connection, any use of email
        or The Internet costs the Department money.
       Wherever possible use an expiry date on emails to avoid users receiving information about
        events that have passed.
       The email system should not be used for long-term storage of information especially when the
        information is confidential. Any potentially confidential information should be attached to the
        email rather than embedded into the body of the email, to make it easier to save it separately.
        Any information concerning service users received by email should be saved into the
        appropriate secure area of the network and the original email deleted.
       Beware of sending or forwarding copies of files to colleagues on your internal network, as this
        could create unnecessary duplicates and also compromises the integrity of the original
        document/file.
       Be aware of opening attachments received via external/unknown sources. All email sent to
        County Hall is scanned only for known viruses and malicious code.

DO NOT

       Send confidential information via an external link (such as Internet) either in the email or
        attached to it. For guidance on transferring confidential data contact your ICT support team.
       Set your mailbox to automatically forward mail to a home mail account. This will transfer mail
        via the Internet, which is not secure. You do not know what confidential mail you may receive
        and people emailing you will assume it is secure. Also by setting mail to automatically forward
        back to your place of work, a loop is created which can slow down or bring to a halt the e-mail
        service for everyone.
       Use your home email account for SCC business at any time. If you need to email from home
        on a regular basis please contact your IT representative for assistance.
       Send or forward jokes on internal mail. Others may not share your views. Some material may
        offend, by being liable to be perceived as sexist or racist or contravene the law. Sending
        pornographic, sexist or racist material is a disciplinary offence. The forwarding of non-
        business email to friends and colleagues increases the throughput of traffic on the network,
        and can have a detrimental effect on network performance.
       Use email for broadcasting information to large audiences, i.e. outside local offices. Make
        sure you identify a specific target audience who will benefit from receiving the information. If a
        global broadcast to all departmental staff can be justified, Social Services Staff should contact
        the SS Global Emails mailbox and a member of the ICT Team will distribute it once it has
        been approved. Education Staff should make the information available on SIX and a link sent
        via e-mail.
       Do not use for Advertising.
       Put into email, anything that you could not justify to a wider audience. Only send to those who
        will benefit or be interested in receiving the information. Remember that, although email tends
        to be very relaxed and informal, messages sent in this way constitute exactly the same form of
        official business communications as a letter, memo or fax, and like them becomes evidential
        fact and may be disclosed in litigation, or any Subject Request under the Data Protection Act.
       Send or forward “spam” or chain letters.
       Impersonate any other person when using e-mail, for instance by using their unlocked
        machine.
       Give other people your password to allow access to your inbox, if you need to allow other
        people to have access, please speak to your ICT representative for instructions on how to
        achieve this.

If you send a personal email, sign it off with the following statement.
“This e-mail is personal. It is not authorised or sent on behalf of Somerset County Council. This e-
mail is the personal responsibility of the sender”.



06/03/2010   IF PRINTED THIS DOCUMENT WILL BE CONSIDERED AN UNCONTROLLED           Ver.1
             COPY. CHECK THE PROCEDURE MANUAL FOR CURRENT VALIDITY

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:39
posted:3/6/2010
language:English
pages:2
Description: EMAIL USE PROCEDURES