email , policies

Sample – Secure Sendmail Security Standard Considerations

October 18, 2012

Scope

This standard applies to all Corporate data, including Corporate customer data, whether located at a Corporate facility or a third party facility, and whether handled by Corporate employees, or Corporate contractors, vendors, third party service providers, or their staff or agents.  This standard also applies to all wholly owned and partially owned subsidiaries.

The guidance in this standard shall be considered the minimum acceptable requirements for the use of Sendmail. This standard sets forth expectations across the entire organization.  Additional guidance and control measures may apply to certain areas of Corporate.  This standard shall not be construed to limit application of more stringent requirements where justified by business needs or assessed risks.

Sendmail Standard

Corporate’s business functions rely upon the integrity, confidentiality, and availability of its computer systems and the information assets stored within them.

Responsibilities and procedures for the management, operation and security of all information processing facilities must be established.  This Policy supports the stated objectives.

It is the policy of Corporate to provide safe, secure electronic messaging systems to its employees, contingent workforce, and other properly authorized persons, for the purpose of enabling and supporting the conduct of business.  Use of electronic messaging systems shall be in conformance with relevant Corporate policies, and shall not, whether by intent or mistake, increase the risks to Corporate information assets or business functions.

Roles & Responsibilities

The End User is responsible for the creation of electronic messages, usage of the related messaging services in a manner consistent with this Policy, and when such activity is within their span of control, the retention and disposal of electronic messages sent and received.

The IT Custodian is responsible for defining and implementing security measures and controls to ensure the system(s)/application(s) are managed and operated in a secure and effective manner.

The Information Security Organization will assist End Users and IT Custodians in assessing, defining, implementing, managing and monitoring appropriate controls and security measures.

The Information Security Organization will audit and review the adequacy of controls and security measures in place to measure and enforce conformance to this policy.

.

.

.  Etc..