JUSTFAB JUSTFAB ELECTRONIC MAIL STANDARD - ELECTRONIC MAIL STANDARD
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Electronic Mail Standard
JustFAB
JustFAB Electronic Mail Standard
Version Control
Version Date Author Modifications
1.0 6/24/2014 Jason Loomis, VP IT Initial release
Security/Operations
CONFIDENTIAL Page 1 of 7 7/8/2014Electronic Mail Standard
1. Overview
As a productivity enhancement tool, JustFAB encourages the business use of electronic communications
systems, notably the Internet, telephone, smartphone, voice mail, electronic mail, and fax. Unless third
parties have clearly noted copyrights or some other rights on the messages handled by these electronic
communications systems, all messages generated on, received on or handled by JustFAB electronic
communications systems are considered to be the property of JustFAB.
2. Purpose
The standard applies to all those who use the JustFAB email services. All JustFAB email users are
expected to be familiar with and fully comply with this standard.
3. Scope
This standard applies to all workers, employees, contractors, consultants, temporaries,interns and
volunteers, who use the Internet with JustFAB computing or networking resources. Questions about the
policy should be directed to the IT Security Department. Violations of this policy can lead to revocation
of system privileges or additional disciplinary action up to and including termination.
4. Standard Requirements
Company Property — As a productivity enhancement tool, JustFAB encourages the business use of
electronic communications systems, notably the Internet, telephone, smartphone, voice mail, electronic
mail, and fax. Unless third parties have clearly noted copyrights or some other rights on the messages
handled by these electronic communications systems, all messages generated on, received on or
handled by JustFAB electronic communications systems are considered to be the property of JustFAB.
Authorized Usage — JustFAB electronic communications systems generally must be used for business
activities only. Incidental personal use is permissible as long as it does not consume more than a trivial
amount of system resources, does not interfere with worker productivity, and does not preempt any
business activity. JustFAB electronic communication systems must not be used for charitable fund
raising campaigns, political advocacy efforts, religious efforts, private business activities, or personal
amusement and entertainment. News feeds, electronic mail mailing lists, social media, media streaming,
push data updates, and other mechanisms for receiving information over the Internet must be restricted
to material that is clearly related to both JustFAB business and the duties of the receiving workers.
Workers are reminded that the use of corporate information system resources must never create the
appearance or the reality of inappropriate use.
Default Privileges — Electronic communication systems must be established and maintained such that
only the privileges necessary to perform a job are granted to a worker. For example, when a worker’s
relationship with JustFAB comes to an end, all of the worker’s privileges on JustFAB electronic
communications systems must also cease.
CONFIDENTIAL Page 2 of 7 7/8/2014Electronic Mail Standard
User Separation — These facilities must be implemented where electronic communications systems
provide the ability to separate the activities of different users. For example, electronic mail systems
must employ personal user IDs and associated passwords. Unless a computerized fax mailbox system is
employed, fax machines that do not generally have separate mailboxes for different recipients, so such
user separation is not required. JustFAB has established user separation, therefore workers must not
employ the user ID or the identifier of any other user.
User Accountability — Regardless of the circumstances, individual passwords must never be shared or
revealed to anyone else besides the authorized user. Information Technology department staff must
never ask users to reveal their passwords, unless there has been approval by the Legal Department for
compliance with a government or legal investigation. If users need to share computer resident data,
they should utilize message forwarding facilities, public directories on local area network servers,
groupware databases, and other authorized information-sharing mechanisms. To prevent unauthorized
parties from obtaining access to electronic communications, users must choose passwords that are
difficult to guess. These and related considerations are discussed in greater detail in the
Information Security Policy.
User Identity — Misrepresenting, obscuring, suppressing, or replacing another user’s identity on an
electronic communications system is forbidden. The user name, electronic mail address, organizational
affiliation, and related information included with electronic messages or postings must reflect the actual
originator of the messages or postings. With the exception of hot lines or surveys that are intended to
be anonymous, workers must not send anonymous electronic communications. At a minimum, all
workers must provide their name in all electronic communications. Electronic mail signatures indicating
job title, company affiliation, address, and other particulars are strongly recommended for all electronic
mail messages. Digital certificates are also recommended for electronic mail.
Use Only JustFAB Electronic Mail Systems — Unless permission from IT Security Department has been
obtained, workers must not use their personal electronic mail accounts with an Internet service provider
or any other third party for any JustFAB business messages. Workers must not use the electronic mail
features found in web browsers for any JustFAB business communications. They must employ
authorized JustFAB electronic mail software and sites.
Use Of Encryption Programs — Workers are reminded that JustFAB electronic communications systems
are not encrypted by default. If sensitive information classified as Confidential or Secret must be sent by
electronic communication systems, an encryption process approved by the IT Security Department
should be employed. These encryption systems must protect the sensitive information from end to end.
They must not involve decryption of the message content before the message reaches its intended final
destination. Mobile computers, notebook computers, portable computers, smartphones, and similar
computers that store JustFAB sensitive information should consistently employ file encryption to protect
this Secret or Confidential information when it is stored inside these same computers, and when it is
stored on accompanying data storage media. Users of these types of computers who are recipients of
Secret or Confidential information sent by electronic mail must delete this information from their
systems if they do not have encryption software that can properly protect it.
Labeling Electronic Mail Messages — All electronic mail messages containing Secret information should
include the appropriate classification in the header. This label will remind recipients that the information
must not be disseminated further or be used for unintended purposes without the proper authorization.
CONFIDENTIAL Page 3 of 7 7/8/2014Electronic Mail Standard
Respecting Intellectual Property Rights — Although the Internet is an informal communications
environment, the laws for copyrights, patents, and trademarks apply. Workers using JustFAB electronic
mail systems must repost or reproduce material only after obtaining permission from the source, quote
material from other sources only if these other sources are properly identified, and reveal internal
JustFAB information on the Internet only if the information has been officially approved for public
release. All information acquired from the Internet must be considered suspect until confirmed by
another source.
Respecting Privacy Rights — Except as otherwise specifically approved by the IT Security Department,
workers must not intercept or disclose, or assist in intercepting or disclosing, electronic
communications. JustFAB is committed to respecting the rights of its workers, including their reasonable
expectation of privacy, however any information created, stored, transmitted or received on JustFAB
electronic resources is the property of JustFAB and there is no worker expectation or right to privacy in
these materials. JustFAB also is responsible for operating, maintaining, and protecting its electronic
communications networks. To accomplish these objectives, it is occasionally necessary to intercept or
disclose, or assist in intercepting or disclosing, electronic communications. To meet these objectives,
JustFAB may employ content monitoring systems, message logging systems, and other electronic system
management tools. By making use of JustFAB systems, users consent to and grant permission for all
information they store on JustFAB systems to be divulged to law enforcement, governmental agencies
and/or as a response to litigation at the discretion of JustFAB management.
No Guaranteed Message Privacy — JustFAB cannot guarantee that electronic communications will be
private. Workers must be aware that electronic communications can, depending on the technology, be
forwarded, intercepted, printed, and stored by others. Electronic communications can be accessed by
people other than the intended recipients in accordance with this policy. Because messages can be
stored in backups, electronic communications actually may be retrievable when a traditional paper
letter would have been discarded or destroyed. Workers must be careful about the topics covered in
JustFAB electronic communications, and must not send a message discussing anything that they would
not be comfortable reading about on the front page of their local newspaper.
Contents Of Messages — Workers must not use profanity, obscenities, or derogatory remarks in
electronic mail messages discussing employees, customers, competitors, or others. Such remarks may
create legal problems such as trade libel and defamation of character. Workers must concentrate on
business matters in JustFAB electronic communications. As a matter of standard business practice, all
JustFAB electronic communications must be consistent with conventional standards of ethical,
professional and polite conduct. Any transmission of offensive or objectionable content is prohibited
and may lead to disciplinary action, up to and including termination. Workers are prohibited from
sending messages that violate any federal, state or local laws and regulations.
Statistical Data—Consistent with generally-accepted business practice, JustFAB collects statistical data
about its electronic communication systems. Using such information, technical support personnel
monitor the use of electronic communications to ensure the ongoing availability, reliability, and security
of these systems. JustFAB may employ computer systems that analyze these types of statistical
information to detect unauthorized usage, toll fraud, denial of service attacks, and other problems.
CONFIDENTIAL Page 4 of 7 7/8/2014Electronic Mail Standard
Handling Attachments—All attachment files should be scanned with an authorized anti-malware
detection software package before opening or execution. In some cases, attachments must be
decrypted or decompressed before a malware scan takes place. Workers must be suspicious about
unexpected electronic mail attachments received from third parties, even if the third party is known and
trusted.
Message Forwarding—Electronic communications users must exercise caution when forwarding
messages. JustFAB sensitive information such as Confidential or Secret must not be forwarded to any
party outside JustFAB without the prior approval of management. Blanket forwarding of messages to
parties outside JustFAB is prohibited unless the prior permission of the IT Security Department has been
obtained. Messages sent by outside parties must not be forwarded to other third parties unless the
sender clearly intended this and such forwarding is necessary to accomplish a customary business
objective. In all other cases, forwarding of messages sent by outsiders to other third parties can be done
only if the sender expressly agrees to this forwarding.
Protection of Personal Information- Electronic mail or other forms of communication which identify or
reflect “personal information” of customers or employees must be treated as Confidential and
protected from unauthorized access, destruction, use, modification or disclosure. Employees must be
aware when handling such information and refrain from transmitting it to unauthorized third parties.
“Personal information” means an individual’s first name or first initial and last name and one or more of
the individual’s : (1) social security number; (2) driver’s license or California identification card number;
(3) account number, credit card or debit card number, in combination with any required security code,
access code or password that would permit access to the individual’s financial account; (4) medical
information; or (5) health insurance information. If JustFab is required by contract to provide personal
information to a third party then the applicable contract must require that the third party implement
and maintain reasonable security procedures and practices appropriate to the nature of the
information, to protect the personal information from unauthorized access, destruction, use,
modification or disclosure. Due to the risk of identity theft there is serious legal risk and consequences
related to protection of such data. Any breach of this procedure or suspected unauthorized access,
destruction, use, modification or disclosure of personal information must be reported immediately to
the IT Security Department and internal legal counsel.
Handling Alerts About Security—Users must promptly report all information security alerts, warnings,
and reported vulnerabilities to the IT Security department. The IT Security Department is the only
organizational unit authorized to determine appropriate action in response to such notices. Users must
not utilize JustFAB systems to forward these notices to other users, whether the other users are internal
or external to JustFAB. Users must promptly report all suspected security vulnerabilities or problems
that they notice to the IT Security Department.
Public Representations—No media advertisement, Internet home page, electronic bulletin board
posting, electronic mail message, voice mail message, or any other public representation about JustFAB
may be issued unless it has been approved by the Marketing group. JustFAB, as a matter of policy, does
not send unsolicited electronic mail, nor does it issue unsolicited fax advertising. Nobody outside
JustFAB may be placed on an electronic mail distribution list without indicating their intention to be
included on the list through an opt-in process. If JustFAB workers are bothered by an excessive amount
of unwanted messages from a particular organization or electronic mail address, they must not respond
directly to the sender. Recipients must forward samples of the messages to the IT Email Administrator in
CONFIDENTIAL Page 5 of 7 7/8/2014Electronic Mail Standard
charge of the electronic mail system for resolution. Workers must not send large number of messages in
order to overload a server or user’s electronic mailbox in retaliation for any perceived issue.
User Backup—If an email contains information classified as Secret or Confidential, such as emails related
to the completion of a business transaction, the email contains potentially important reference
information, or it has value as evidence of a JustFAB management decision, it should not be deleted
from the users email until approved by the user’s manager or the legal department.
Legal Holds – The Internal Legal department may require users to retain emails for a specified time in
accordance with legal hold requirements. Users are required to follow the instructions for retention
provided by the Internal Legal Department anytime a legal hold is issued.
Harassing Or Offensive Materials—JustFAB respects workers’ rights, including freedom of speech,
however all communications created on, stored in or transmitted through JustFAB electronic resources
are property of JustFAB and are not protected by workers’ freedom of speech rights. JustFAB computer
and communications systems are not intended to be used for, and must not be used for the exercise of
the workers’ right to free speech. These systems must not be used as an open forum to discuss JustFAB
organizational changes or business policy matters. Sexual, ethnic, and racial harassment, including
unwanted telephone calls, electronic mail, and internal mail, is strictly prohibited. Workers who receive
offensive unsolicited material from outside sources must not forward or redistribute it to either internal
or external parties, unless this forwarding or redistribution is to the JustFAB Human Resources
department in order to assist with the investigation of a complaint.
Responding To Offensive Materials—Workers receiving offensive electronic mail messages, telephone
calls, or other electronic communications, must report the unsolicited offensive communication to their
manager, supervisor, the Human Resources Department or the Legal Department. JustFAB retains the
right to remove from its information systems any material it views as offensive or potentially illegal.
JustFAB IT reserves the right to revoke the system privileges of any user at any time. Conduct that
interferes with the normal and proper operation of JustFAB IT information systems, which adversely
affects the ability of others to use these information systems, or that is harmful or offensive to others is
not permitted. JustFAB does not consider conduct in violation of these procedures to be within the
scope of employment or the direct consequence of the discharge of one’s duties. Accordingly, to the
extent permitted by law, the company reserves the right not to provide a defense or pay damages
assessed against an employee for conduct in violation of these policies.
Use At Your Own Risk—Workers access the Internet with JustFAB facilities at their own risk. JustFAB is
not responsible for material viewed, downloaded, or received by users through the Internet. Electronic
mail systems may deliver unsolicited messages that contain offensive content.
Establishing Electronic Business Systems—Although JustFAB implements electronic data interchange
(EDI), Internet commerce, and other electronic business systems with third parties, all contracts must be
formed by paper documents prior to purchasing or selling through electronic systems. EDI, electronic
mail, and similar binding business messages must be releases against blanket orders, such as a blanket
purchase order. All electronic commerce systems must be approved by the Chief Information Officer,
the Information Security Department, and the Chief Legal Counsel prior to usage.
CONFIDENTIAL Page 6 of 7 7/8/2014Electronic Mail Standard
Paper Confirmation For Contracts—All contracts formed through electronic offer and acceptance
messages that impose financial or legal obligations on JustFAB, including but not limited to employment
agreements, service agreements or any other type of business relationship, must be formalized and
confirmed through paper documents within a reasonable period of acceptance. Workers must not
employ scanned versions of hand-rendered signatures to give the impression that an electronic mail
message or other electronic communications were signed by the sender.
CONFIDENTIAL Page 7 of 7 7/8/2014You can also read
