Assignment
Name
Institution

Executive Summary
This guideline is to be included in the organization’s Employee Handbook. It purposes to offer guidelines to employees with regards to the company’s “Acceptable Use Policy for IT”, “Bring Your Own Device Policy ” and “Digital Media Sanitization, Reuse, and Destruction Policy,” all of which are aimed at enhancing IT security within and without the organization. The Corporate Governance Board has the authority to modify the guidelines to best suit the needs of Red Clay Renovations whenever it deems fit.
The policy guidelines will thus highlight the activities employees are permitted to engage in or not to engage in while using the different IT infrastructure, and highlight the gadgets that employees can use to conduct the company’s business, and what entails safe use of these devices. Guidelines on how to clean off BYOD after they reach the end of their use will also be provided.

“Approval Drafts”
Acceptable Use Policy for Information Technology
Overview
This policy highlights the security and utilization of all company’s data and IT infrastructure.
Scope
Each employee of the company is expected to comply with this guideline, and it is applicable to all data, in whatever form, pertaining to the company’s business activities.
Policy Statement
Computer Use
• Safety use of computers and any computing gadgets is expected. Every computer and laptop should be secured with strong passwords so as to ensure the highest security levels (Santos, 2018)
• You must not leave your user accounts logged in at a computer that is unlocked and unattended
• You are not allowed to interfere with the work of the corporate security system software
Electronic Communication
• Safe use of electronic communication, such as communications through mobile phones, email, smart phones and other electronic gadgets is highly encouraged (Dulaney & Easttom, 2014)
• You are prohibited from using the electronic devices inappropriately to, for instance, share private data, send spam or harass others

Use of Network
• You should be aware of phishing attacks as well as take measures of protecting the organization from malware, viruses, worms, Trojans, adware, and other types of suspicious codes
• The use of encryption and codes to secure confidential information is encouraged
• You should inform the relevant department about any emerging threats immediately
Enforcement
Any violation of the policy as provided above will attract disciplinary action
Bring Your Own Device Policy
Overview
The goal of this guideline is to safeguard the integrity and security of the company’s data and technology infrastructure
Scope
This policy describes the responsibilities of all employers of this company. Every worker is required to consent to and comply with the terms and conditions described herein to enable them to connect their gadgets to the network of the organization
Policy Statement
Acceptable Use
• Acceptable use in business is described by the company as tasks that bolster the company’s dealing
• Acceptable personal utilization on the organization’s time is described as logical and limited individual communication or leisure like reading
• You may utilize mobile gadgets to gain access to the following resources that the company owns: calendars, email, documents contracts, etc (Latifi, 2017)

Devices and Support
• All kinds of Smartphones and Tablets can be brought to the company
• IT supports connectivity issues as they pertain to the Smartphones and Tablets; workers are banned from contacting the makers of the gadget
Security
• Unauthorized access to the devices should be ensured by using strong passwords
• You are prohibited from downloading, setting up and utilizing any application that is not on the organization’s list of applications that are approved
Enforcement
Any violation of the policy as provided above will attract disciplinary action
Digital Media Sanitization, Reuse, & Destruction Policy
Overview
This guideline highlights the proper sanitization, recycling and obliteration of media
Scope
All workers are targeted by this policy
Policy Statement
• The company’s Equipment Disposal Team (EDT) is tasked with the duty of properly disposing all IT assets, which are no longer in use
• You are required to present all of your IT assets that are no longer in use to the EDT
• Electronic media must be disposed of through the use of overwriting (clearing data from magnetic media) or destruction (physically dismantling the media by crushing, or disassembling) (Williams, 2013)
• The company shall retain control of all systems of IT that have been utilized to process, amass, or convey confidential/classified data until sanitization of the equipment has been done, and all data cleared utilizing overwriting or destruction methods
Enforcement
Violating the above policy may attract disciplinary action that may also encompass suspension or employment termination

References
Dulaney, E., & Easttom, C. (2014). CompTIA Security+ study guide: SY0-401. John Wiley & Sons.
Latifi, S. (2017). Information technology – New generations: 14th International Conference on information technology. Springer.
Santos, O. (2018). Developing cybersecurity programs and policies. Pearson IT Certification.
Williams, B. L. (2013). Information security policy development for compliance: ISO/IEC 27001, nist Sp 800-53, HIPAA standard, PCI DSS V2.0, and AUP V5.0. CRC Press.

Published by
Essays
View all posts