Arizona Communications Policy - sample

Introduction
1.1 This policy should be read in conjunction with the organization's other policies.

1.2 If you have any questions regarding these guidelines and how they apply to you, please consult [Insert manager's name], [Insert manager's position] before taking any action that may breach this policy.

1.3 This policy applies to your employment within the organization. This policy must also be observed when visiting and using client or partner facilities. Employees must also comply fully with whatever policy or guidelines exist at client or partner sites.

1.4 Please note that this policy also applies to you if you are working as a contractor, agency worker, temporary worker, or volunteer within the organization.

1.5 For any policy to be effective, it must be applied throughout the organization and apply to all staff regardless of position or seniority.



2. Minor Breaches
Minor breaches of this policy shall constitute a disciplinary offense and will be dealt with using the organization's disciplinary procedures.



3. Major Breaches
Major or serious breaches of this policy shall constitute gross misconduct and shall allow the organization to terminate your employment immediately without notice. Or terminate your contract immediately without notice if you are a contractor, agency, or temporary worker.



4. Monitoring
4.1 The organization reserves the right to monitor all external and internal communications and access to the organization network, intranet, and the Internet (as applicable) where the organization's property is used in the communication or accessed remotely from outside the organization. This includes the use of portable computers and mobile devices, including cell phones issued to the employee by the organization.

4.2 The organization reserves the right to use the following methods for monitoring communications:

- Server log file analysis.
- Data packet analysis.
- Email message analysis, including the content of individual emails and attachments where required, relates to work email accounts and addresses only.
- Telephone number analysis.
- Telephone conversation recording, where required for regulatory purposes.

4.3 The organization will carry out impact assessments to assess the impact of any monitoring or extension to existing monitoring within the organization prior to its introduction. Any assessment will consider the following:

4.3.1 The reason for implementing or extending monitoring and whether it is justified.

4.3.2 The likely adverse impact on employees and third parties communicating with the organization.

4.3.3 The use of alternatives to monitoring or alternative methods of monitoring.

4.3.4 Any additional obligations that arise due to the monitoring, for example, the secure storage of and access to information gathered by monitoring.

4.4 The organization will also consider the impact of monitoring on employees, such as:

4.4.1 The risk of intrusion into employees' private lives.

4.4.2 The extent to which employees will be aware of the monitoring.

4.4.3 The impact monitoring will have on the relationship between employees and the organization.

4.4.4 How monitoring will be perceived by employees.

4.5 The organization shall inform all workers prior to the introduction of any such monitoring or the extension of any existing monitoring. Furthermore, the organization will inform individual workers if their communications are being specifically monitored or accessed. However, an individual will not be informed where serious breaches of the policy or criminal activity are suspected and where informing the individual would hamper any investigation or risk the loss of data and evidence.

4.6 The organization shall take all reasonable steps to ensure that personal communications are not accessed during monitoring. However, the organization can access personal communications where such communication is used to pass information belonging to the organization or where the nature of the personal communication provides evidence of the breach of this communications policy.

4.7 The organization shall not be liable for any breach of privacy should any communications of a personal nature be found and accessed by employees of the organization or third parties authorized by the organization and acting in the course of their employment.

4.8 The organization strongly recommends that, where possible, employees should not use any email or other account for a mixture of business and personal use. Use should be kept clearly separate between business and personal use.



5. Usernames and Passwords
5.1 You have a duty to keep safe all usernames and or passwords required to access your PC, portable computer, or any other mobile device that you are authorized to use by the organization.

5.2 For security reasons, you should not leave usernames or passwords attached to or near your PC, portable computer, or mobile device. If your usernames and or passwords are left on or in your desk, workstation, briefcase, carry case, or any personal item, they should not be readily identifiable as such.

5.3 You should immediately comply with any request from your manager to change your usernames and or passwords.

5.4 Where possible and whenever requested, usernames and passwords should be made up of a combination of letters and numbers. They should not consist of names or regular words that may be guessed by a fellow employee, a third party, or by software tools specifically designed to ascertain usernames and or passwords.

5.5 If you have any reason to believe that your usernames and or passwords have become known to another party, including a fellow employee who is not authorized to have access to your usernames and or passwords, you must inform your manager immediately, and if known provide details of how your usernames and or passwords became known to that party.



6. Internet Usage
6.1 You have a duty to use the Internet responsibly.

6.2 You should only access websites directly related to your work during work hours (work hours constitute all time spent at work excluding break or rest periods). This can include the organization's website (as applicable) and the websites of clients and organization partners. This duty extends to the use of the organization's intranet and network (as applicable).

6.3 The organization permits Internet access for personal use during rest and break periods during your work hours. However, you should not at any time access or seek to access websites that promote any of the following:

i) sexually explicit materials.

ii) violence.

iii) discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age.

iv) illegal activities or violation of intellectual property rights.

v) Furthermore, access to streamed or real-time audio, data, graphics, video, or any other data that uses a large amount of bandwidth or system resources is not allowed during work time or break or rest periods unless access to such services is directly related to your work. This includes accessing entertainment services such as "reality TV" shows and sports events.

6.4 The organization reserves the right to monitor the permitted personal Internet use during rest and break periods to ensure continued compliance with these guidelines. Such monitoring will not be used to access personal messages or data.



7. Social Networking Sites & Data
7.1 Access to social or professional networking websites is not allowed during work periods unless access to such services is directly related to your work.

7.2 Where the use of any social network or professional network is included as part of your work, you shall, at the request of the organization, provide the organization with full access to any such account, irrespective of whether the organization has paid for any access or upgraded features or functionality related to any such social or professional networking website. Access shall include full access to all account details, setup, and data. Furthermore, the organization shall have the right to download, take permanent copies, and have unlimited use of all such account data; this includes (but is not limited to) all current and prospective customer or client details and data.

7.3 Prior to leaving the organization (either temporarily or permanently), you will provide the organization with full access to all social or professional networking websites. Furthermore, prior to leaving the organization (either temporarily or permanently), you undertake not to make any copies or retain any such related data.

7.4 Prior to leaving the organization (either temporarily or permanently), you undertake not to canvass any current or prospective customers or clients, either directly or indirectly, with a view to obtaining or retaining their data or with a view to securing them as future customers or clients.

7.5 On leaving the organization (either temporarily or permanently), you undertake not to subsequently access or attempt to access any such account except where the organization specifically requests that you access any such account in order to provide the organization with full access to the account.

7.6 You should not at any time use social or professional networking or any other public websites or forums for commenting on organization work-related issues, procedures, or clients or customers unless such activity is specifically sanctioned by the organization as part of your work.

7.7 Where any such account contains a mixture of personal and business data or is used by you for both business and personal purposes, the organization still retains the right to access the account in full, as detailed above.



8. Personal Social Media
8.1 Access to personal, such as Facebook, Twitter, Instagram, and others, is only allowed during breaks or rest periods unless access to such services is directly related to your work.

8.2 You should not at any time use your personal social media accounts or any other public or private social media service for commenting on organization work-related issues, procedures, or clients or customers without prior written permission.



9. Password Protected Areas
9.1 You must not access or attempt to access password-protected parts of the organization's website, intranet, or network (as applicable) or those of clients or organization partners unless you have specifically been given the necessary usernames and or passwords by another employee of the organization authorized to hold and provide such information to you, or in the case of customers or organization partners, a third party who in turn has the authority to provide such information to you.

9.2 Furthermore, you must not attempt to access password-protected parts of any third-party website, intranet, or network (as applicable) while using the Internet for permitted personal use unless you have specifically been given the necessary usernames and or passwords by the relevant third party.



10. Email Usage Guidelines
10.1 Your email facility within the organization (including your email address) must only be used for communications directly related to your work.

10.2 You should not use your organization's email facility to send and receive personal email messages.

10.3 If you wish to send and receive personal emails, you are advised to use an Internet-only based email system. Any use of an Internet-based email system is restricted to your periods of personal use permitted during rest and break periods. You should not use an Internet-based email account for work purposes.



11. Emails are Permanent
It is a common misconception that emails are a temporary form of communication, similar to a phone call. The reality is that any email message can be traced back to its original sender and to all message recipients. Copies of emails not only reside on the network, PC, portable computer, or mobile device of the sender and recipient, copies also reside with the service provider through which they were sent. Even if every party in the chain deletes an email and its attachment, (if applicable) sections or the entire email and attachment can be reconstructed from the hard drives of the PCs and fileservers on which they originally resided using specialist software.



12. Proper Deletion of Emails
12.1 Only emails that breach these guidelines should be deleted. If you have any queries regarding the deletion of an email, you should contact your manager before deleting the email message.

12.2 To delete a message properly, it should be moved to the bin or trash folder of your email program and then deleted from the bin or trash folder. Moving the message to your bin or trash folder will not automatically remove the email from your PC.



13. Email Signature File
All emails (including replies and forwarded emails) should contain the standard email signature of the organization. From time to time, you may be requested to alter or update your email signature file. If requested, this should be carried out immediately. If your email signature contains your personal contact information, such as office telephone number, cell number, or pager, you should ensure that these details are correct and kept up to date.



14. Email Etiquette
14.1 You should never send abusive or rude emails or attachments, even if you are responding to such an email received by you. This includes emails that attack the recipient directly or refer to a third party or organization.

14.2 You should never send emails or attachments that promote the following types of content:

i) sexually explicit materials.

ii) violence.

iii) discrimination based on race, sex, religion, nationality, disability, sexual orientation, or age.

iv) illegal activities or violate intellectual property rights.

14.3 Never send emails containing confidential or sensitive information without first checking that the recipient is prepared to receive such information via email. Such emails should be encrypted to ensure they cannot be readily opened and read by anyone other than the intended recipient. You should contact your manager to obtain details on how to send emails in an encrypted form.

14.4 If you wish to send a large attachment(s) via email, you should contact the recipient before sending the email to ensure that they are prepared to receive it and that their email and internet connection are able to download large attachments effectively.

14.5 You must not use your email facility to exceed your authority, represent that you have the authority to bind the organization (if you do not), or use it to conduct business other than that of the organization.

14.6 Do not compose and send emails containing uppercase text, as this is used to "shout" or exaggerate the information contained and is considered rude and offensive.

14.7 Do not attempt to be humorous in your email or resend or forward jokes received by you. Due to the direct nature of email, humor can often be mistaken for sarcasm or aggression.

14.8 Do not send, resend, or forward emails that list a large number of recipients in the CC field, as this will reveal each recipient's address to fellow recipients and will breach their privacy.

14.9 Do not use ASCII text to create characters, symbols, or pictures within your email messages.



15. Third Party Products, Software & Apps
You must not use the Internet or other network or store to download and activate third-party software programs, utilities, or apps. Furthermore, you must not load any third-party software from any other data or media storage product you have in your possession onto your computer or mobile device. This also applies to any software received from a partner organization. All software received from a partner organization must be given to your manager so that it can be assessed. You must also explain why third-party software is required for evaluation and use.



16. Downloads and Attachments
16.1 You must not download or use the following file formats, devices, or utilities on your PC, portable computer, or mobile device unless they are directly related to your work:

Mpeg
MP3
Peer-to-Peer file sharing services
Personalized search software

16.2 Nor any other file format or software used to distribute or access audio, video, or graphic-intensive displays or animation that require the use of relatively large files to store, distribute or transmit the data.

16.3 Furthermore, you must not use your PC, portable computer, or mobile device to distribute any of the files, devices, or utilities listed above within or outside the organization.



17. Transportation and Security
You are reminded (where provided) that your portable computer or mobile device may contain confidential and commercially sensitive information. You should ensure that your portable computer or mobile device is not left in any vehicle overnight if this can be avoided. If not, they should be kept out of sight in the vehicle, and if fitted, the vehicle alarm should be activated. Your vehicle should also be locked if left unattended, even if only for a short time and even if you can see your vehicle. If this can be avoided, your portable computer or mobile device should not be taken to social events. If in a public place, you should never leave your portable computer or mobile device unattended or out of your direct sight at any time. Your portable computer or mobile device should always be transported in a suitable case as provided by the organization.



18. Organization Access
The organization reserves the right to request access to your portable computer or mobile device at any time to ensure compliance with these guidelines. Failure to make your portable computer or mobile device available when requested shall constitute a disciplinary offense.



19. Telephone Use
19.1 Local and national call-rate personal calls are permissible but should not interfere with your work. Long-distance or international calls of a personal nature are not permitted. The exception to this is when there is a personal or family emergency.

19.2 No restrictions are placed on calls for business purposes where the organization's business is being carried out.

19.3 Premium-rate telephone services not directly connected to your work are not permitted. If such services are used, the onus is on you to show that such calls are strictly for business purposes. The repeated use of such services for non-business purposes shall constitute a disciplinary offense.

19.4 If your telephone has voicemail, you should ensure that your voicemail is working correctly, that the message on the voicemail is correct and up to date, and that this facility is used whenever you are unable to answer a call in person.

19.5 If you intend to discuss confidential or sensitive information with another party over the telephone, you should first confirm that they are prepared to discuss such information. If such information is discussed, you should ensure that you are not overheard. If, however, the discussion is taking place with other parties over a speaker or conference phone, all parties to the conversation should be identified and should agree to the discussion of the information.

19.6 All conference calls (regardless of whether confidential or sensitive information is discussed) should take place in a separate room where the discussion cannot be overheard from outside the room. All parties to a conference call should be identified prior to commencement. If a party to the conversation leaves or a new party joins, this should be announced to the other participants.



20. Cell Phone Use
20.1 You are reminded that personal voice and data calls (as applicable) via your cell phone (if supplied by the organization) should be kept to a minimum. The organization reserves the right to examine cell phone bills received by the organization to ensure compliance.

20.2 Cameras, video, or audio recorders on any mobile device (or otherwise) should not be used on the organization premises or outside the premises at organization-related events without prior written permission.

20.3 The organization reserves the right to ban all camera, video, or audio recording mobile devices from the organization's premises or parts thereof.



21. Authority
You must not use any form of communication to exceed your authority, represent that you have the authority to bind the organization (if you do not), or use any form of communication to conduct business other than that of the organization.



22. Date of Implementation
This policy is effective from [insert date] and shall not apply to any actions that occurred prior to this date.



23. Questions
If you have any questions regarding this policy document and how it applies to you, please consult your manager.



24. Alteration of this Policy
This policy will be subject to review, revision, change, updating, alteration, and replacement to introduce new policies from time to time to reflect the organization's changing needs or to comply with any applicable state or federal laws.



25. Governing Law
This Agreement shall be construed in accordance with and governed by the laws of the state of Arizona.