JUSTFAB JUSTFAB ELECTRONIC MAIL STANDARD - ELECTRONIC MAIL STANDARD

 
NEXT SLIDES
Electronic Mail Standard

                                                            JustFAB

    JustFAB Electronic Mail Standard

                             Version Control
 Version      Date         Author              Modifications
1.0        6/24/2014    Jason Loomis, VP IT               Initial release
                       Security/Operations

CONFIDENTIAL                 Page 1 of 7                    7/8/2014
Electronic Mail Standard

1. Overview
     As a productivity enhancement tool, JustFAB encourages the business use of electronic communications
     systems, notably the Internet, telephone, smartphone, voice mail, electronic mail, and fax. Unless third
     parties have clearly noted copyrights or some other rights on the messages handled by these electronic
     communications systems, all messages generated on, received on or handled by JustFAB electronic
     communications systems are considered to be the property of JustFAB.

2. Purpose
     The standard applies to all those who use the JustFAB email services. All JustFAB email users are
     expected to be familiar with and fully comply with this standard.

3. Scope
     This standard applies to all workers, employees, contractors, consultants, temporaries,interns and
     volunteers, who use the Internet with JustFAB computing or networking resources. Questions about the
     policy should be directed to the IT Security Department. Violations of this policy can lead to revocation
     of system privileges or additional disciplinary action up to and including termination.

4. Standard Requirements

     Company Property — As a productivity enhancement tool, JustFAB encourages the business use of
     electronic communications systems, notably the Internet, telephone, smartphone, voice mail, electronic
     mail, and fax. Unless third parties have clearly noted copyrights or some other rights on the messages
     handled by these electronic communications systems, all messages generated on, received on or
     handled by JustFAB electronic communications systems are considered to be the property of JustFAB.

     Authorized Usage — JustFAB electronic communications systems generally must be used for business
     activities only. Incidental personal use is permissible as long as it does not consume more than a trivial
     amount of system resources, does not interfere with worker productivity, and does not preempt any
     business activity. JustFAB electronic communication systems must not be used for charitable fund
     raising campaigns, political advocacy efforts, religious efforts, private business activities, or personal
     amusement and entertainment. News feeds, electronic mail mailing lists, social media, media streaming,
     push data updates, and other mechanisms for receiving information over the Internet must be restricted
     to material that is clearly related to both JustFAB business and the duties of the receiving workers.
     Workers are reminded that the use of corporate information system resources must never create the
     appearance or the reality of inappropriate use.

     Default Privileges — Electronic communication systems must be established and maintained such that
     only the privileges necessary to perform a job are granted to a worker. For example, when a worker’s
     relationship with JustFAB comes to an end, all of the worker’s privileges on JustFAB electronic
     communications systems must also cease.

CONFIDENTIAL                           Page 2 of 7                                  7/8/2014
Electronic Mail Standard

     User Separation — These facilities must be implemented where electronic communications systems
     provide the ability to separate the activities of different users. For example, electronic mail systems
     must employ personal user IDs and associated passwords. Unless a computerized fax mailbox system is
     employed, fax machines that do not generally have separate mailboxes for different recipients, so such
     user separation is not required. JustFAB has established user separation, therefore workers must not
     employ the user ID or the identifier of any other user.

     User Accountability — Regardless of the circumstances, individual passwords must never be shared or
     revealed to anyone else besides the authorized user. Information Technology department staff must
     never ask users to reveal their passwords, unless there has been approval by the Legal Department for
     compliance with a government or legal investigation. If users need to share computer resident data,
     they should utilize message forwarding facilities, public directories on local area network servers,
     groupware databases, and other authorized information-sharing mechanisms. To prevent unauthorized
     parties from obtaining access to electronic communications, users must choose passwords that are
     difficult to guess. These and related considerations are discussed in greater detail in the
     Information Security Policy.

     User Identity — Misrepresenting, obscuring, suppressing, or replacing another user’s identity on an
     electronic communications system is forbidden. The user name, electronic mail address, organizational
     affiliation, and related information included with electronic messages or postings must reflect the actual
     originator of the messages or postings. With the exception of hot lines or surveys that are intended to
     be anonymous, workers must not send anonymous electronic communications. At a minimum, all
     workers must provide their name in all electronic communications. Electronic mail signatures indicating
     job title, company affiliation, address, and other particulars are strongly recommended for all electronic
     mail messages. Digital certificates are also recommended for electronic mail.

     Use Only JustFAB Electronic Mail Systems — Unless permission from IT Security Department has been
     obtained, workers must not use their personal electronic mail accounts with an Internet service provider
     or any other third party for any JustFAB business messages. Workers must not use the electronic mail
     features found in web browsers for any JustFAB business communications. They must employ
     authorized JustFAB electronic mail software and sites.

     Use Of Encryption Programs — Workers are reminded that JustFAB electronic communications systems
     are not encrypted by default. If sensitive information classified as Confidential or Secret must be sent by
     electronic communication systems, an encryption process approved by the IT Security Department
     should be employed. These encryption systems must protect the sensitive information from end to end.
     They must not involve decryption of the message content before the message reaches its intended final
     destination. Mobile computers, notebook computers, portable computers, smartphones, and similar
     computers that store JustFAB sensitive information should consistently employ file encryption to protect
     this Secret or Confidential information when it is stored inside these same computers, and when it is
     stored on accompanying data storage media. Users of these types of computers who are recipients of
     Secret or Confidential information sent by electronic mail must delete this information from their
     systems if they do not have encryption software that can properly protect it.

     Labeling Electronic Mail Messages — All electronic mail messages containing Secret information should
     include the appropriate classification in the header. This label will remind recipients that the information
     must not be disseminated further or be used for unintended purposes without the proper authorization.
CONFIDENTIAL                            Page 3 of 7                                  7/8/2014
Electronic Mail Standard

     Respecting Intellectual Property Rights — Although the Internet is an informal communications
     environment, the laws for copyrights, patents, and trademarks apply. Workers using JustFAB electronic
     mail systems must repost or reproduce material only after obtaining permission from the source, quote
     material from other sources only if these other sources are properly identified, and reveal internal
     JustFAB information on the Internet only if the information has been officially approved for public
     release. All information acquired from the Internet must be considered suspect until confirmed by
     another source.

     Respecting Privacy Rights — Except as otherwise specifically approved by the IT Security Department,
     workers must not intercept or disclose, or assist in intercepting or disclosing, electronic
     communications. JustFAB is committed to respecting the rights of its workers, including their reasonable
     expectation of privacy, however any information created, stored, transmitted or received on JustFAB
     electronic resources is the property of JustFAB and there is no worker expectation or right to privacy in
     these materials. JustFAB also is responsible for operating, maintaining, and protecting its electronic
     communications networks. To accomplish these objectives, it is occasionally necessary to intercept or
     disclose, or assist in intercepting or disclosing, electronic communications. To meet these objectives,
     JustFAB may employ content monitoring systems, message logging systems, and other electronic system
     management tools. By making use of JustFAB systems, users consent to and grant permission for all
     information they store on JustFAB systems to be divulged to law enforcement, governmental agencies
     and/or as a response to litigation at the discretion of JustFAB management.

     No Guaranteed Message Privacy — JustFAB cannot guarantee that electronic communications will be
     private. Workers must be aware that electronic communications can, depending on the technology, be
     forwarded, intercepted, printed, and stored by others. Electronic communications can be accessed by
     people other than the intended recipients in accordance with this policy. Because messages can be
     stored in backups, electronic communications actually may be retrievable when a traditional paper
     letter would have been discarded or destroyed. Workers must be careful about the topics covered in
     JustFAB electronic communications, and must not send a message discussing anything that they would
     not be comfortable reading about on the front page of their local newspaper.

     Contents Of Messages — Workers must not use profanity, obscenities, or derogatory remarks in
     electronic mail messages discussing employees, customers, competitors, or others. Such remarks may
     create legal problems such as trade libel and defamation of character. Workers must concentrate on
     business matters in JustFAB electronic communications. As a matter of standard business practice, all
     JustFAB electronic communications must be consistent with conventional standards of ethical,
     professional and polite conduct. Any transmission of offensive or objectionable content is prohibited
     and may lead to disciplinary action, up to and including termination. Workers are prohibited from
     sending messages that violate any federal, state or local laws and regulations.

     Statistical Data—Consistent with generally-accepted business practice, JustFAB collects statistical data
     about its electronic communication systems. Using such information, technical support personnel
     monitor the use of electronic communications to ensure the ongoing availability, reliability, and security
     of these systems. JustFAB may employ computer systems that analyze these types of statistical
     information to detect unauthorized usage, toll fraud, denial of service attacks, and other problems.

CONFIDENTIAL                           Page 4 of 7                                  7/8/2014
Electronic Mail Standard

     Handling Attachments—All attachment files should be scanned with an authorized anti-malware
     detection software package before opening or execution. In some cases, attachments must be
     decrypted or decompressed before a malware scan takes place. Workers must be suspicious about
     unexpected electronic mail attachments received from third parties, even if the third party is known and
     trusted.

     Message Forwarding—Electronic communications users must exercise caution when forwarding
     messages. JustFAB sensitive information such as Confidential or Secret must not be forwarded to any
     party outside JustFAB without the prior approval of management. Blanket forwarding of messages to
     parties outside JustFAB is prohibited unless the prior permission of the IT Security Department has been
     obtained. Messages sent by outside parties must not be forwarded to other third parties unless the
     sender clearly intended this and such forwarding is necessary to accomplish a customary business
     objective. In all other cases, forwarding of messages sent by outsiders to other third parties can be done
     only if the sender expressly agrees to this forwarding.

     Protection of Personal Information- Electronic mail or other forms of communication which identify or
     reflect “personal information” of customers or employees must be treated as Confidential and
     protected from unauthorized access, destruction, use, modification or disclosure. Employees must be
     aware when handling such information and refrain from transmitting it to unauthorized third parties.
     “Personal information” means an individual’s first name or first initial and last name and one or more of
     the individual’s : (1) social security number; (2) driver’s license or California identification card number;
     (3) account number, credit card or debit card number, in combination with any required security code,
     access code or password that would permit access to the individual’s financial account; (4) medical
     information; or (5) health insurance information. If JustFab is required by contract to provide personal
     information to a third party then the applicable contract must require that the third party implement
     and maintain reasonable security procedures and practices appropriate to the nature of the
     information, to protect the personal information from unauthorized access, destruction, use,
     modification or disclosure. Due to the risk of identity theft there is serious legal risk and consequences
     related to protection of such data. Any breach of this procedure or suspected unauthorized access,
     destruction, use, modification or disclosure of personal information must be reported immediately to
     the IT Security Department and internal legal counsel.

     Handling Alerts About Security—Users must promptly report all information security alerts, warnings,
     and reported vulnerabilities to the IT Security department. The IT Security Department is the only
     organizational unit authorized to determine appropriate action in response to such notices. Users must
     not utilize JustFAB systems to forward these notices to other users, whether the other users are internal
     or external to JustFAB. Users must promptly report all suspected security vulnerabilities or problems
     that they notice to the IT Security Department.

     Public Representations—No media advertisement, Internet home page, electronic bulletin board
     posting, electronic mail message, voice mail message, or any other public representation about JustFAB
     may be issued unless it has been approved by the Marketing group. JustFAB, as a matter of policy, does
     not send unsolicited electronic mail, nor does it issue unsolicited fax advertising. Nobody outside
     JustFAB may be placed on an electronic mail distribution list without indicating their intention to be
     included on the list through an opt-in process. If JustFAB workers are bothered by an excessive amount
     of unwanted messages from a particular organization or electronic mail address, they must not respond
     directly to the sender. Recipients must forward samples of the messages to the IT Email Administrator in
CONFIDENTIAL                            Page 5 of 7                                    7/8/2014
Electronic Mail Standard

     charge of the electronic mail system for resolution. Workers must not send large number of messages in
     order to overload a server or user’s electronic mailbox in retaliation for any perceived issue.

     User Backup—If an email contains information classified as Secret or Confidential, such as emails related
     to the completion of a business transaction, the email contains potentially important reference
     information, or it has value as evidence of a JustFAB management decision, it should not be deleted
     from the users email until approved by the user’s manager or the legal department.

     Legal Holds – The Internal Legal department may require users to retain emails for a specified time in
     accordance with legal hold requirements. Users are required to follow the instructions for retention
     provided by the Internal Legal Department anytime a legal hold is issued.

     Harassing Or Offensive Materials—JustFAB respects workers’ rights, including freedom of speech,
     however all communications created on, stored in or transmitted through JustFAB electronic resources
     are property of JustFAB and are not protected by workers’ freedom of speech rights. JustFAB computer
     and communications systems are not intended to be used for, and must not be used for the exercise of
     the workers’ right to free speech. These systems must not be used as an open forum to discuss JustFAB
     organizational changes or business policy matters. Sexual, ethnic, and racial harassment, including
     unwanted telephone calls, electronic mail, and internal mail, is strictly prohibited. Workers who receive
     offensive unsolicited material from outside sources must not forward or redistribute it to either internal
     or external parties, unless this forwarding or redistribution is to the JustFAB Human Resources
     department in order to assist with the investigation of a complaint.

     Responding To Offensive Materials—Workers receiving offensive electronic mail messages, telephone
     calls, or other electronic communications, must report the unsolicited offensive communication to their
     manager, supervisor, the Human Resources Department or the Legal Department. JustFAB retains the
     right to remove from its information systems any material it views as offensive or potentially illegal.
     JustFAB IT reserves the right to revoke the system privileges of any user at any time. Conduct that
     interferes with the normal and proper operation of JustFAB IT information systems, which adversely
     affects the ability of others to use these information systems, or that is harmful or offensive to others is
     not permitted. JustFAB does not consider conduct in violation of these procedures to be within the
     scope of employment or the direct consequence of the discharge of one’s duties. Accordingly, to the
     extent permitted by law, the company reserves the right not to provide a defense or pay damages
     assessed against an employee for conduct in violation of these policies.

     Use At Your Own Risk—Workers access the Internet with JustFAB facilities at their own risk. JustFAB is
     not responsible for material viewed, downloaded, or received by users through the Internet. Electronic
     mail systems may deliver unsolicited messages that contain offensive content.

     Establishing Electronic Business Systems—Although JustFAB implements electronic data interchange
     (EDI), Internet commerce, and other electronic business systems with third parties, all contracts must be
     formed by paper documents prior to purchasing or selling through electronic systems. EDI, electronic
     mail, and similar binding business messages must be releases against blanket orders, such as a blanket
     purchase order. All electronic commerce systems must be approved by the Chief Information Officer,
     the Information Security Department, and the Chief Legal Counsel prior to usage.

CONFIDENTIAL                            Page 6 of 7                                   7/8/2014
Electronic Mail Standard

     Paper Confirmation For Contracts—All contracts formed through electronic offer and acceptance
     messages that impose financial or legal obligations on JustFAB, including but not limited to employment
     agreements, service agreements or any other type of business relationship, must be formalized and
     confirmed through paper documents within a reasonable period of acceptance. Workers must not
     employ scanned versions of hand-rendered signatures to give the impression that an electronic mail
     message or other electronic communications were signed by the sender.

CONFIDENTIAL                          Page 7 of 7                                 7/8/2014
You can also read
NEXT SLIDES ... Cancel