2/29/2016 Email Policies: Tools to Govern Usage, Access and Etiquette - IT-Toolkits.org http://it-toolkits.org/blog/?p=67 1/8 Email Policies: Tools to Govern Usage, Access and Etiquette - IT-Toolkits.org Email is a fast, easy and readily accessible means of business communication. It has changed the way we communicate. These are the obvious rewards – but they are also the basis of every risk. Whenever email content is ill-advised, inappropriate, or even gets into the wrong hands, negative consequences can follow, including legal liability, regulatory penalties, confidentiality breaches, damage to corporate reputation, public embarrassment, internal conflicts, and all the related losses in productivity and performance that these circumstances can cause. Further, data loss and damage to technology assets can be realized through the transmission of malicious code, spam and computer viruses. Perform the “What-if” Analysis: What are the risks to my organization of email abuse and/or misuse, and what are the likely consequences if these risks are not properly addressed? The next step is to weigh the costs and complications of all mitigating actions, and to then strike an appropriate balance between risk and probability. To eliminate email usage is impractical and even unthinkable – so the goal has to be to minimize the risks through the best means possible – and that is through the use of physical security precautions and practical, relevant and enforceable email policy. To realize all of the intended goals and objectives, related policies (which will integrate closely with data security and internet usage policies) must encompass four (4) key governance needs: 1. Email Usage : To determine the circumstances under which email can and will be used within a given organization, whether there will be any limits and/or restrictions on the types of information that can be transmitted via email, as well as any limits and/or restrictions on the use of business email systems for personal communications. 2. Email Oversight: To establish that emails are official company records and to determine the manner in which email usage will be monitored and controlled, including the “ownership” of email content transmitted on business email systems.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
2/29/2016 Email Policies: Tools to Govern Usage, Access and Etiquette - IT-Toolkits.org
http://it-toolkits.org/blog/?p=67 1/8
Email Policies: Tools to Govern Usage, Access and
Etiquette - IT-Toolkits.org
Email is a fast, easy and readily accessible means of business communication. It has changed the
way we communicate. These are the obvious rewards – but they are also the basis of every risk.
Whenever email content is ill-advised, inappropriate, or even gets into the wrong hands, negative
consequences can follow, including legal liability, regulatory penalties, confidentiality breaches,
damage to corporate reputation, public embarrassment, internal conflicts, and all the related losses in
productivity and performance that these circumstances can cause. Further, data loss and damage to
technology assets can be realized through the transmission of malicious code, spam and computer
viruses.
Perform the “What-if” Analysis: What are the risks to my organization of email abuse and/or
misuse, and what are the likely consequences if these risks are not properly addressed? The next
step is to weigh the costs and complications of all mitigating actions, and to then strike an
appropriate balance between risk and probability.
To eliminate email usage is impractical and even unthinkable – so the goal has to be to minimize the
risks through the best means possible – and that is through the use of physical security precautions
and practical, relevant and enforceable email policy. To realize all of the intended goals and
objectives, related policies (which will integrate closely with data security and internet usage policies)
must encompass four (4) key governance needs:
1. Email Usage : To determine the circumstances under which email can and will be used within a
given organization, whether there will be any limits and/or restrictions on the types of information
that can be transmitted via email, as well as any limits and/or restrictions on the use of business
email systems for personal communications.
2. Email Oversight: To establish that emails are official company records and to determine the
manner in which email usage will be monitored and controlled, including the “ownership” of email
content transmitted on business email systems.
2/29/2016 Email Policies: Tools to Govern Usage, Access and Etiquette - IT-Toolkits.org
http://it-toolkits.org/blog/?p=67 2/8
3. Email Etiquette : To establish formatting, content and usage guidelines designed to minimize the
risk that email content will be deemed unprofessional, offensive, inappropriate or subject to ridicule
and criticism.
4. Email Management: To establish and implement appropriate technical controls to limit the risks
of inbound email spam, virus and malicious code, and to establish automated procedures for email
backup, storage and retention.
As a whole, usage, oversight, etiquette and management parameters must be combined to formulate
“policy” that is aligned with business and technical needs, realistic considering actual communication
needs, and enforceable considering corporate culture and related technical abilities.
Key Questions for Policy Scope and Content
To ensure that all usage, oversight, etiquette and management needs can be met, adopted email
policies must be designed according to anticipated email usage, corporate culture, characteristics,
business requirements, legal requirements, technical requirements and internal capabilities for
enforcement. The list below provides a head start for policy planning, listing the key questions to be
considered and addressed as part of the policy development process:
Policy Purpose
What are the specific goals of this email policy?
Why has the policy been created (considering the background events leading to policy
development)?
What will the policy accomplish considering email usage, access, etiquette and management
goals and objectives?
Policy Basis
What is the underlying authority and/or organizational basis for this email policy (considering