1.0 Introduction

IL2000's computer network allows access to resources and services through Internet connectivity. This document formally defines our official policy regarding Internet usage, and all Internet users are expected to be familiar with and to comply with this policy.

For the purposes of this document the Internet is defined as a worldwide "network of networks" using Transmission Control Protocol/Internet Protocol (TCP/IP) for communication.

2.0 Purpose

IL2000 is committed to preventing the occurrence of inappropriate, unethical, or unlawful behavior by any of the users of its computing systems and telecommunications networks. These responsibilities are not only mandated by the facility’s business interests but by legal and ethical obligations concerning the welfare and privacy of its customers and business partners. This IL2000 Intranet / Internet Policy and its strict enforcement is an important and necessary part of the overall usage strategy.

3.0 Scope

The scope of this policy includes the following information:

• Internet services;
• Resource usage;
• Expectation of privacy;
• Corporate image;
• Contacts for usage issues and questions;
• Periodic reviews.

The components outlined in this document focus on issues associated with IL2000's host computers, PCs, routers, terminal servers, and other devices that support access to the Internet. The scope of this document does not include facility-specific usage policies, application usage, and non-Internet usage.

The IL2000 Intranet / Internet Policy applies to all Internet users (individuals working for IL2000, including permanent full-time and part-time employees, contract workers, temporary agency workers, business partners, and vendors) who access the Internet through the computing or networking resources. IL2000's Internet users are expected to be familiar with and to comply with this policy, and are also required to use their common sense and exercise their good judgment while using Internet services.

4.0 Consequences of Violations

Violations of the IL2000 Intranet / Internet Policy will be documented and can lead to revocation of system privileges and/or disciplinary action up to and including termination.

Additionally, IL2000 may at its discretion seek legal remedies for damages incurred as a result of any violation. IL2000 may also be required by law to report certain illegal activities to the proper enforcement agencies.

Before access to the Internet via company network is approved, the potential Internet user is required to read this IL2000 Intranet / Internet Policy and sign an acknowledgment form (located on the last page of this document). The signed acknowledgment form should be turned in and will be kept on file at the facility granting the access. For questions on the IL2000 Intranet / Internet Policy, contact the Information Technology (IT) Department.

5.0 Usage Threats

Internet connectivity presents IL2000 with new risks that must be addressed to safeguard the facility’s vital information assets. These risks include:

5.1 Inappropriate Use of Resources

Access to the Internet by personnel that is inconsistent with business needs results in the misuse of resources. These activities may adversely affect productivity due to time spent using or "surfing" the Internet. Additionally, IL2000 may face loss of reputation and possible legal action through other types of misuse.

5.2 Misleading or False Information

All information found on the Internet should be considered suspect until confirmed by another reliable source. There is no quality control process on the Internet, and a considerable amount of its information is outdated or inaccurate.

6.0 Internet Services

The use of Internet is a privilege, not a right, and inappropriate use will result in a cancellation of those privileges. Each and every user must agree to all company and IT related polices before internet access is permitted. The IT Department and Executives will deem what is inappropriate use and their decision is final. Managers may deny, revoke, or suspend a user’s access for reasons believed to be in violation of IL2000’s policies.

7.0 User Services

7.1 Internet Services Allowed

Capabilities for the following standard Internet services will be provided to users as needed:

• Email -- Send/receive Email messages to/from the Internet (with or without document attachments).
• Navigation -- WWW services as necessary for business purposes, using a hypertext transfer protocol (HTTP) browser tool. Full access to the Internet; limited access from the Internet to dedicated company public web servers only.
• File Transfer Protocol (FTP) -- Send data/files and receive in-bound data/files, as necessary for business purposes. FTP use is strictly prohibited on IL2000 networks unless specifically permitted by the IL2000 IT Department.

IL2000 IT Department reserves the right to add or delete services as business needs change or conditions warrant. All other services which are not listed will be considered unauthorized access to/from the Internet and will not be allowed.

7.2 Internet Access

As part of the Internet access guidelines, all employees are required to read the following policies before access has been granted:

• Intranet / IL2000 Intranet / Internet Policy
• Email Policy
• Software Policy

The user must then sign the provided agreement statements (located on the last page of each document) that he/she understands and agrees to comply with the policies. Users not complying with these policies could be subject to disciplinary action up to and including termination. Policy awareness and acknowledgment, by signing the acknowledgment form, is required before access will be granted. Access User IDs and initial passwords will be provided directly to the user from the IT Department.

The signed forms will be kept and maintained in the employees personnel file by the Human Resources department.

7.3 Outside Organizations, Vendors, Contractors, Visitors, and Guest Access

All outside organizations, vendors, contractors, visitors, and guests under contract or working with or on the IL2000 network will be required to include in their contract their agreement to adhere to the restrictions on Internet use and information dissemination as set forth in this policy. Privileges granted to users who are not company employees must be granted for periods of 60-days or less. Users who are not company employees must have their privileges re-authorized by the IL2000 IT department every 60 days.

This policy and all changes must be reviewed annually, by all users, and a new IL2000 Intranet / Internet Policy Acknowledgment Form must be signed.

7.4 Removal of privileges

Internet access will be discontinued upon termination of employee, completion of contract, end of service of non-employee, or disciplinary action arising from violation of this policy.

All user accounts that have been inactive for thirty (30) days will be revoked. The privileges granted to users must be reevaluated by IT department annually or as needed. Systems administrators must promptly revoke all privileges no longer needed by users.

8.0 Usage Policies

As, previously stated in section 3 (Internet Services) of this policy; the use of Internet is a privilege, not a right, and inappropriate use will result in a cancellation of those privileges. User Internet access requirements will be reviewed periodically by the IT department.

8.1 Allowed Usage

Every user will follow the corporate principles regarding resource usage and exercise good judgment in using the Internet. All IL2000 computer systems, both remote issued and within the corporate office are subject to monitoring at all times. Unauthorized access to the IL2000 computer systems is prohibited by Public Law 99-474 (The Computer Fraud and Abuse Act of 1986).

Acceptable use of the Internet for performing job functions might include:

• Communication between employees and non-employees for business purposes;
• IT technical support downloading software upgrades and patches;
• Review of possible vendor web sites for product information;
• Reference regulatory or technical information.
• Research

8.2 Personal Usage

• Using resources for educational, informational and recreational purposes only, not for unauthorized, illegal or unethical purposes.
• Users must respect the privacy of others by not misrepresenting oneself as another user; by not attempting to modify or gain access to files, passwords, or data belonging to others; by not seeking unauthorized access to any computer system, or damaging or altering components of any network or database.
• Making only authorized copies of copyrighted or licensed software or data.

All users of the Internet should be aware that IL2000 network creates an audit log reflecting request for service, both in-bound and out-bound addresses, and is periodically reviewed.

Users who choose to store or transmit personal information such as private keys, credit card numbers or certificates or make use of Internet "wallets" do so at their own risk. IL2000 is not responsible for any loss of information, such as information stored in the wallet, or any consequential loss of personal property.

8.3 Prohibited Usage

Acquisition, storage, and dissemination of data which is illegal, pornographic, or which negatively depicts race, sex or creed is specifically prohibited. IL2000 also prohibits the conduct of a business enterprise, political activity, engaging in any form of intelligence collection from our facilities, engaging in fraudulent activities, or knowingly disseminating false or otherwise libelous materials. Other activities that are strictly prohibited include, but are not limited to:

• Accessing company information that is not within the scope of one’s work. This includes unauthorized reading of customer account information, unauthorized access of personnel file information, and accessing information that is not needed for the proper execution of job functions.
• Misusing, disclosing without proper authorization, or altering customer or personnel information. This includes making unauthorized changes to a personnel file or sharing electronic customer or personnel data with unauthorized personnel.
• Deliberate pointing or hyper-linking of company Web sites to other Internet/WWW sites whose content may be inconsistent with or in violation of the aims or policies of IL2000.
• Any conduct that would constitute or encourage a criminal offense, lead to civil liability, or otherwise violate any regulations, local, state, national or international law including without limitations US export control laws and regulations.
• Use, transmission, duplication, or voluntary receipt of material that infringes on the copyrights, trademarks, trade secrets, or patent rights of any person or organization. Assume that all materials on the Internet are copyright and/or patented unless specific notices state otherwise.
• Transmission of any proprietary, confidential, or otherwise sensitive information without the proper controls.
• Creation, posting, transmission, or voluntary receipt of any unlawful, offensive, libelous, threatening, harassing material, including but not limited to comments based on race, national origin, sex, sexual orientation, age, disability, religion, political beliefs.
• Any form of gambling.
• Unauthorized downloading of any programs or files for
• Accessing profane or obscene material, material suggesting illegal acts and material advocating violence or discrimination.
• Using the access for illegal acts.
• Attempts to access any resources that are restricted, confidential or privileged.
• Internet Relay Chat, news groups, or mailing list
• Granting Internet or Network access to unauthorized persons intentionally or unintentionally, or failing to notify an administrator if you suspect someone of using your password.
• Attempts to disrupt access.
• Causing damage to or changing function, operation or design of the technology.
• Using obscene, profane, lewd, vulgar, rude, inflammatory, threatening language.
• Harassing another person or persons.
• Posting web pages without the consent of IL2000 IT department.
• Participation in any on-line contest or promotion.
• Acceptance of promotional gifts.

Bandwidth both within IL2000 and in connecting to the Internet is a shared, finite resource. Users must make reasonable efforts to use this resource in ways that do not negatively affect other employees. The IT department may set guidelines on bandwidth use and resource allocation, and may ban the downloading of particular file types to conserve company bandwidth.

8.4 Software License

IL2000 will strongly support strict adherence to software vendors’ license agreements. When at work, or when company computing or networking resources are employed, copying of software in a manner not consistent with the vendor’s license is strictly forbidden.

Making illegal copies of software it strictly prohibited.

9.0 Privacy

9.1 Monitoring

Users should consider their Internet activities as periodically monitored and limit their activities accordingly. Excessive use of personal internet resources in which job performance has decreased or excessive work is being placed on fellow co-workers will result in disciplinary action up to termination of employment.

Management reserves the right to examine Email, personal file directories, web access, and other information stored on company computers, at any time and without notice. This examination ensures compliance with internal policies and assists with the management of company information systems.

9.2 Email Confidentiality

Users should be aware that clear text Email is not a confidential means of communication. IL2000 cannot guarantee that electronic communications will be private. Employees should be aware that electronic communications can, depending on the technology, be forwarded, intercepted, printed, and stored by others. Users should also be aware that once an Email is transmitted it may be altered. Deleting an Email from an individual workstation will not eliminate it from the various systems across which it has been transmitted. Emailing of usernames and passwords is strictly prohibited.

10.0 Maintaining Corporate Image

10.1 Representation

When using company resources to access and use the Internet, users must realize they represent IL2000.

10.2 Company Materials

Users must not place company material on any mailing list, public news group, or such service. Any posting of materials must be approved by the IT department and company Executives.

10.3 Web Sites

All company web sites must be protected from unwanted intrusion through formal security measures which can be obtained from the IT department.

11.0 Periodic Reviews

11.1 Usage Compliance Reviews

To ensure compliance with this policy, periodic reviews will be conducted. These reviews will include testing the degree of compliance with usage policies.

11.2 Policy Maintenance Reviews

Periodic reviews will be conducted to ensure the appropriateness and the effectiveness of usage policies. These reviews may result in the modification, addition, or deletion of usage policies to better suit company information needs.

12.0 Points of Contact

If additional assistance is needed regarding the following topics related to Intranet / Internet Usage Agreement, contact the IL2000 IT Department for additional assistance.