Telecommuting Policy
Telecommuting is a popular alternative to making the drive in to work every day. If your users are asking about telecommuting to work, you may find that a telecommuting policy helps makes things clear to them.
With the rise of the Internet, and the increase in affordable bandwidth came a new type of worker, the telecommuter. Available technologies, in certain cases, have allowed some companies to offer the ability for certain employees to work from home instead of the office. This can be not only a benefit for the employee, but also for the company itself. As more and more employees clamor for the ability to telecommute, it is imperative for companies to have an in place a viable telecommuting policy.
Telecommuting Policy Template - This policy is 13 pages in length. It contains everything that an enterprise needs to implement a functioning and compliant telecommuting process. Included are forms defining the working environment in addition to a check list to validate that the offsite location complies with you safety requirements.
Other Individual Policies
All of the policies that are provided here are contained within one or more of the templates that are on this site. These policies have been added as individual documents in WORD format (WORD 2003 and WORD 2007) for those clients who just need this particular policy. All policies are Sarbanes-Oxley, HIPAA, PCI-DSS, and ISO compliant.
Internet, e-Mail, Social Networking
Mobile Device, Electronic Communications, and Record Retention Policy
Organizations that have or want to establish a companywide telecommuting program should establish a formal, written telecommuting policy document that is regularly reviewed and updated by IT, human resources, legal, and finance. This will ensure that managers and the corporate services and technical support groups within the organization are aware of their respective role and responsibilities for enabling and supporting telecommuting. It also will help ensure that telecommuting employees know about their responsibilities too, along with new company and approved third-party applications and support services available outside company facilities.
Telecommuting Treats
Today’s email threats are far more dangerous than yesterday’s. On the inbound side, blended email and web attacks masterminded by profit-seeking criminals are now the norm. Spam is no longer about selling, it’s about stealing. Attacks are targeted and fast moving. The perpetrators are more sinister, organized, and sophisticated. Orchestrated botnet armies strike globally and quickly go dormant. Harmful payloads morph continuously to evade signature-based defenses, and are more often delivered through an embedded web link rather than a direct file attachment. Every malicious email that penetrates the perimeter carries dramatically more risk than ever before.
Over 50% of all companies do not have policies for the appropiate use of the Internet. The problem now is that when you Twitter or post to a blog information that might be sensitive thousands of people can see it immediately, and then thousands more could see it as it's forwarded on to others. The ramifications of making a mistake, of putting things that shouldn't be on there on those sites, are even greater than they used to be.
This policy is is compliant with all recent legislation (SOX, HIPAA, Patriot Act, and Sensitive information), and
covers: 
- Appropriate Use of Equipment
- Social Networks
- Mobile Devices
- Internet Access
- Electronic Mail
- Retention of Email on Personal Systems
- E-mail and Business Records Retention
- Copyrighted Materials
- Banned Activities
- Ownership of Information
- Security
- Sarbanes-Oxley
- Abuse
Included with the policy are forms that can be used to facilitate the implementation of the policy. Included are these ready to use forms:
- Internet & Electronic Communication Employee Acknowledgement
- E-Mail - Employee Acknowledgement
- Internet Use Approval Form
- Internet Access Request Form
- Security Access Application Form
Outsourcing Policy
Outsourcing Policy - This policy is eighteen page in length and defines everything that is need for function to be outsourced. The policy comes as a Microsoft Word document that can be modified as needed. The template has been updated to include a HIPAA audit program definition in length and covers:
- Outsourcing Management Standard
- Service Level Agreement
- Responsibility
- Outsourcing Policy
- Policy Statement
- Goal
- Approval Standard
- Base Case
- Responsibilities
Note: Look at the Practical Guide for Outsourcing over 110 page document for a more extensive process for outsourcing
Sensitive Information Policy
Includes HIPAA Audit Program Guide and a PCI Audit Program
This
policy is easily modified and defines how to treat Credit Card,
Social Security, Employee, and Customer Data. The template is 34
pages in length and complies with Sarbanes Oxley Section 404,
ISO 27000 (17799), and HIPAA. The PCI Audit Program that is
included is an additional 50 plus pages in length.
This policy applies to the entire enterprise, its vendors, its suppliers (including outsourcers) and co-location providers and facilities regardless of the methods used to store and retrieve sensitive information (e.g. online processing, outsourced to a third party, Internet, Intranet or swipe terminals).
The HIPAA Audit Program Guide provides you with a checklist of the must be implemented items which HIPAA mandates.
You can download the Table of Contents and some sample pages by clicking on the link below.
Backup and Backup Retention Policy
IT organizations of all sizes contend with a growing data footprint with more data to manage, protect and preserve for longer periods of time. Online primary storage, has focus a on fast lowlatency, reliable access to data while near-line secondary storage has a focus on low cost and high capacity. Long-term data retention requires a combination of ultra-low cost, good performance during storage and retrieval, and reduced footprint in terms of power, cooling, floor-space and economics (PCFE) - also known as a small green footprint - for inactive data.
Factors that CIOs and IT professionals need to consider for data retention include:
- Business and regulatory requirements – regulatory compliance and data preservation
- Economic and budgetary concerns – doing more with less
- Data loss prevention and information protection – protect, preserve and serve
- Environmental and business sustainment – green and economically efficient
- Maximize IT resource effectiveness and return on investment (ROI)
- Reduce total cost ownership (TCO) of IT resources and service delivery
The Backup and Backup Retention policy is an 11 page sample policy that is a complete policy which can be implemented immediately.
The document is provided in both Word 2003 and Word 2007 format and is easily modified. This policy is included in the Disaster Recovery / Business Continuity Template.
Below is a table from the policy:
Type of Data |
Minimal Backup Policy |
Backup Retention Policy |
System software |
Latest Version plus patches |
Annual (verified) Backup |
Application software |
Latest Version plus patches |
Annual (verified) Backup |
System data |
Daily |
Annual (verified) Backup |
Application Data |
Daily with real time transaction files |
Annual (verified) Backup |
Software licenses, encryption keys, & Protocol Data |
Weekly |
Annual (verified) Backup |
Travel and Off-Site Meeting Policy
Travel and Off-Site Meeting Policy - Protection of data and software is often is complicated by the fact that it can be accessed from remote locations. As individuals travel and attend off-site meetings with other employees, contractors, suppliers and customers data and software can be compromised. This policy is seven (7) page in length and covers:
- Laptop and PDA Security
- Wireless and Virtual Private Networks (VPN)
- Data and Application Security
- Public Shared Resources
- Minimizing attention
- Off-Site Meetings
- Remote Computing Best Practices
This policy has been updated to reflect the requirements of PCI-DSS, Sarbanes-Oxley, HIPAA, and ISO. The policy comes as both a WORD file and a PDF file utilizing a standard CSS style sheet.