ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

Security Policies and Procedures for users

Updated on August 5, 2011

Security policies & procedures are a set of written documents that describe exactly how a safe and secure working PC environment is to be created and also maintained inside an organization. You normally have various parts of this policy included in your contract, when you are employed in a new job.

Acceptable use policy.

The acceptable use policy describes the guidelines that users have to follow, so that they use the PCs and the networks, and data appropriately. Acceptable use policy explains which activities are permitted and which are prohibited. There are some guidelines included in an acceptable use policy:

• Users should not take part in activities that will cause damage to the image of the company.

• Users should not take part in computer activities that may consume network resources beyond their limits.

• Users must follow the rules that restricts any visits to web sites and certain email attachments, and programs.

• Users should make sure any confidential documents that are used or printed, are not taken out of the company, and destroyed appropriately.

• Users should never transfer any classified or confidential company information over the Internet.

Due care policy.

A due care policy will describe how the employees should use the computer hardware and the software safely. Since any computer equipment and software bought are expensive, employees need to be given guidelines on how to use them properly. An effort should also be made to protect the integrity of all data by using a regular virus scan. An example of due care in protecting the users operating systems is to use the Shut Down feature correctly instead of just hitting the main power switch. Users must also follow manufacturers guidelines when using any type of equipment.

Privacy policy.

Privacy is one of the main issues concerning every employee in the organization. As well as the privacy of an individual, the privacy of each department and of the organization as a whole, is also important. Employees should be trained on how to maintain their privacy while using any of the company technologies. Users should be instructed to refrain from undertaking any activities such as disclosing personal or organizational information over the Internet, or through emails, or even in general chatting. A privacy policy also usually states that the organization has the right at any time to inspect any personal data that is stored on the company computers. Data that is critical to the operation of a company should automatically be considered private and confidential. It is the job of the administrators to make sure that this confidentiality of data is protected.

Separation of duties policy.

The separation of duties policy ensures that any critical tasks are not assigned to just a single person. These tasks are meant to be divided among two or more persons so that no single person can stop the overall completion of the critical tasks are not left to one person. This is also a great way to enforce security, since all the employees who will be involved in the critical task, should not have all the information to purposely enforce this security. The senior supervisors and managers, should break up the duties among their subordinates and they should be responsible for the coordination among them.

need to know policy.

The need to know policy dictates that an employee should be given only as much information as they require to perform their job functions to the fullest of their capabilities. Giving too much information to employees can result in the inappropriate handling of information and data, and even its leakage to competitors. If any employee needs more information than what they are authorized to use, then a written request to their supervisor must be submitted. This ensures that permission to use the classified data is in the control of supervisors and the managers. A company will try to protect the confidential information by having the employees sign a non-disclosure agreement at the time of hiring.

Password management policy.

A password management policy will describe how an employee should manage their passwords safely. A password is the employee’s key to gaining access to the companies resources that are stored on computers. If you don't have a good password policy, employees might make their passwords weak or even disclose them to unauthorized people. Professional hackers can easily exploit a companies confidential resources by guessing passwords that are insecure. Some recommended elements are:

• Employees should not use blank passwords.

• Passwords must be at least eight characters long., and made up of a combination of upper and lowercase letters, and numbers.

• Employees should be forced to change their passwords on a regular basis, which can be done automatically by the network administrator.

• Employees should be discouraged from reusing their old passwords.

• Even an administrator should use a normal user account when they are not performing any administrative tasks.

Service Level Agreements (SLA).

An SLA is an agreement between a company and a third party or supplier that is providing critical services to the company. SLAs will usually describe the expected level of performance and confidentiality within the company. This is important for self employed temporary staff, who might be hired complete certain key network, or data duties. The SLA can also be used inside a company to describe exactly what they expect from their IT employees and what procedures they should follow to perform their duties. SLAs will often include information on the maximum allowed downtime of the network and computer systems.


    0 of 8192 characters used
    Post Comment
    • carcamping profile image


      8 years ago

      Informative and easy to read. Many people get these policies confused or they try to put them all into one document, not really understanding the differences themselves.


    This website uses cookies

    As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

    For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

    Show Details
    HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
    LoginThis is necessary to sign in to the HubPages Service.
    Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
    AkismetThis is used to detect comment spam. (Privacy Policy)
    HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
    HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
    Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
    CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
    Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
    Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
    Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
    Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
    Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
    Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
    VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
    PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
    Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
    MavenThis supports the Maven widget and search functionality. (Privacy Policy)
    Google AdSenseThis is an ad network. (Privacy Policy)
    Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
    Index ExchangeThis is an ad network. (Privacy Policy)
    SovrnThis is an ad network. (Privacy Policy)
    Facebook AdsThis is an ad network. (Privacy Policy)
    Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
    AppNexusThis is an ad network. (Privacy Policy)
    OpenxThis is an ad network. (Privacy Policy)
    Rubicon ProjectThis is an ad network. (Privacy Policy)
    TripleLiftThis is an ad network. (Privacy Policy)
    Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
    Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
    Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
    Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
    ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
    Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
    ClickscoThis is a data management platform studying reader behavior (Privacy Policy)