Overview
Electronic email is pervasively used in almost all industry verticals and is often the primary communication and awareness method within an organization. At the same time, misuse of email can pose many legal, privacy and security risks, and thus it's important for users to understand the proper use of electronic communications. All e-mail transmissions sent or received through the Company's information systems are the property of the Company. Employees waive any right to privacy in their use of Company e-mail. The Company may review and monitor any internal or external transmissions sent or received through its e-mail systems and may disclose such e-mails to third parties.
Purpose
The purpose of this email policy is to ensure the proper use of InContext Solutions email system and make users aware of what InContext Solutions deems as acceptable and unacceptable use of its email system. This policy outlines the minimum requirements for the use of Company email resources.
Scope
This policy covers appropriate use of any email sent from an InContext Solutions email address and applies to all employees of the Company.
Policy
-
All use of email must be consistent with InContext Solutions' policies and procedures of ethical conduct, safety, compliance with applicable laws and proper business practices.
-
InContext Solutions email accounts should be used primarily for InContext Solutions business-related purposes; personal communication is permitted on a limited basis, but employees may not use Company-provided e-mail for any non-business-related solicitations during working hours.
-
Email should be retained only if it qualifies as an InContext Solutions business record. Email is an InContext Solutions business record if there exists a legitimate and ongoing business reason to preserve the information contained in the email. You may also be required to retain specific e-mail messages when required for litigation purposes pursuant to a hold notice.
-
Email that is identified as an InContext Solutions business record shall be retained according to InContext Solutions' retention policy.
-
The InContext Solutions email system shall not to be used for the creation or distribution of any harassing or offensive messages, including offensive comments about race, gender, color, disabilities, age, sexual orientation, religion, or national origin. Employees who receive any emails with this content from any InContext Solutions employee should report the matter to their supervisor immediately.
-
Users are prohibited from automatically forwarding InContext Solutions email to a third party email system (noted in 4.7 below). Individual messages which are forwarded by the user must not contain InContext Solutions' confidential, proprietary, or trade secret information.
-
Users are prohibited from using third-party email systems and storage servers such as Google, Yahoo, and MSN Hotmail etc. to conduct InContext Solutions business, to create or memorialize any binding transactions, or to store or retain email on behalf of InContext Solutions. Such communications and transactions should be conducted through proper channels using InContext Solutions-approved documentation.
-
Using a reasonable amount of InContext Solutions resources for personal emails is acceptable, but non-work-related email shall be saved in a separate folder from work related email. Sending chain letters or joke emails from an InContext Solutions email account is prohibited.
-
InContext Solutions employees shall have no expectation of privacy in anything they store, send or receive on the Company's email system.
-
InContext Solutions may monitor e-mail messages without prior notice.
Policy Compliance
Compliance Measurement
The Infosec team will verify compliance with this policy through various methods, including but not limited to, periodic walk-thrus, video monitoring, business tool reports, internal and external audits, and feedback to the policy owner.
Exceptions
Any exception to the policy must be approved by the Infosec team in advance.
Non-Compliance
An employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.
Related Standards, Policies and Processes
None.
Definitions and Terms
None.
Revision History
| Date of Change | Responsible | Summary of Change |
|---|---|---|
| August 2018 | ICS InfoSec Team | Combined mobile device, acceptable use, clean desk and email policy into a single policy document |
| August 2019 | ICS InfoSec Team | Annual policy review, no changes |
| Nov 2020 | ICS InfoSec Team | Annual policy review, no changes |
| June 2022 | ICS InfoSec Team | Annual policy review, minor grammatical fixes. |
| February 2023 | ICS InfoSec Team | Annual policy review, no changes. |
| August 2023 | ICS InfoSec team | Updates to verbiage, content via GRC review |
| October 2023 | ICS InfoSec Team | Updates from GRC review, split into separate DOC files for ease of management. Formatting updates. |
| March 2026 | ICS InfoSec Team | Published to Trust Center |