Email Policy Depth Advice
Hi all, I am after some general comments and advice on how deep do you need to go with a policy around email or any technology/IT service in general? Some of the example “email policies” I found on the Internet are so vague and short, and give examples of: “all mail traffic will be monitored; employees are expected to use email sensibly, with limited private use acceptable in non-work hours”. But to me, there are so many issues in email management that I wasn’t sure if these are typically documented in policy, or documented somewhere else. As I have never written a policy before, I don’t know what needs to go in it, and what needs to go in other documentation, or what this other documentation is called. For example, if an email accounts receive sensitive data – there is surely a duty to only allow users access to that mailbox who need access to it, and there is a duty to from time to time audit who has access to the mailbox set via AD, or who has access to the mailbox set via delegate rights, check they are applicable, or any inappropriate entries remove. Would this be documented in an email policy, or in some other kind of document? For example if users have a responsibility to check delegate rights to their mailbox, do you need to tell them this in the policy? Same for users with “send as” rights, if they have send as rights, there’s accountability issues in that you could not readily identify who is sending the email if say 15 people have send as permissions for a given mailbox. But do you need to put a point in the email policy around send as rights, or not? i.e. send as rights will only be granted where there is a business need that demonstrates send of behalf of is not applicable? Mailbox retention – does the policy need to state we will only keep mailbox of ex employees for x amount of days. Does that need to go into a policy, or is it just done? Just some general advice on the above on what typically goes in a policy, and what doesn’t. And if it doesn’t go in the policy, where does it go?
June 21st, 2011 9:07am

You know, this is probably not the place to come for legal advice since there are few if any attorneys at law participating in this forum. I recommend that you consult with your company's legal department.Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2011 3:27pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics