The SharePoint Server implementation is a strategic asset of [Organization] that must be managed as a valuable [Organization] Information Technology resource. Thus, this SharePoint Acceptable Use Policy is established to achieve the following:
To ensure compliance with applicable statutes, regulations, and mandates regarding the management of SharePoint property.
To establish prudent and acceptable practices regarding the use of SharePoint resources.
To educate individuals who may use SharePoint Information Technology resources with respect to their responsibilities associated with such use.
The SharePoint Acceptable Use Policy applies equally to all individuals granted access privileges to any [Organization] SharePoint resources.
Ownership of SharePoint Assets
Electronic files created, sent, received, or stored on SharePoint property owned, leased administered, or otherwise under the custody and control of [Organization] are the property of [Organization].
SharePoint Privacy Acts
Electronic files created, sent, received, or stored on SharePoint property owned, leased, administered, or otherwise under the custody and control of [Organization] are private and may not be accessed by [Organization] employees at any time without knowledge of the [Organization] user or SharePoint site owner.
SharePoint Acceptable Use Policy
SharePoint users must report any weaknesses in [Organization] SharePoint security, any incidents of possible misuse or violation of this agreement to the proper authorities by contacting the appropriate management.
Users must not attempt to access any data or programs contained on [Organization] SharePoint property for which they do not have authorization or explicit consent.
Users must not purposely engage in activity that may: harass, threaten or abuse others; degrade the performance of SharePoint and related Information Technology property; deprive an authorized [Organization] user access to a [Organization] SharePoint resource; obtain extra resources beyond those allocated; circumvent [Organization] SharePoint security measures.
Users must not download, install or run security programs or utilities that reveal or exploit weaknesses in the security of SharePoint and related Information Technology property, unless directly said in job purpose. The exception are system administrators given explicit rights for SharePoint vulnerability and penetration testing.
[Organization] SharePoint property must not be used for personal benefit.
Users must not intentionally access, create, store or transmit material on the SharePoint implementation which [Organization] may deem to be offensive, indecent or obscene.
Users must not otherwise engage in acts against the aims and purposes of [Organization] as specified in its governing documents or in rules, regulations and procedures adopted from time to time.
SharePoint Incidental Use
As a convenience to the [Organization] SharePoint user community, incidental use of SharePoint is permitted. The following restrictions apply:
Incidental personal use of electronic mail, internet access, fax machines, printers, copiers, and so on, is restricted to [Organization] approved users; it does not extend to family members or other acquaintances.
Incidental SharePoint use must not result in direct costs to [Organization].
Incidental SharePoint use must not interfere with the normal performance of an employee’s work duties.
No SharePoint based files or documents may be sent or received that may cause legal action against, or embarrassment to, [Organization].
Storage of personal email messages, voice messages, files and documents within [Organization]’s SharePoint and related Information Technology property must be nominal.
All messages, files and documents including personal messages, files and documents located on [Organization] SharePoint property are owned by [Organization], may be subject to open records requests, and may be accessed in accordance with this policy.
SharePoint Acceptable Use Policy Supporting Information
All personnel are responsible for managing their use of SharePoint and related Information Technology property and are accountable for their actions relating to SharePoint security. Personnel are also equally responsible for reporting any suspected or confirmed violations of the SharePoint Acceptable Use Policy to the appropriate management.
The use of SharePoint and related Information Technology property must be for officially authorized business purposes only. There is no guarantee of personal privacy or access to tools within the SharePoint implementation. The use of these electronic communications tools may be monitored to fulfill complaint or investigation requirements. Departments responsible for the custody and operation of the SharePoint system shall be responsible for proper authorization of SharePoint and related Information Technology property utilization, the establishment of effective use, and reporting of performance to management.
Any data used in the SharePoint must be kept confidential and secure by the user. The fact that the data may be stored electronically does not change the requirement to keep the information confidential and secure. Rather, the type of information or the information itself is the basis for determining whether the data must be kept confidential and secure. Furthermore if this data is stored in a paper or electronic format, or if the data is copied, printed, or electronically transmitted the data must still be protected as confidential and secured.
All SharePoint software programs, applications, source code, object code, documentation and data shall be guarded and protected as if it were state property.
Custodian departments must provide adequate access controls in order to monitor systems to protect data and programs from misuse in accordance with the needs defined by owner departments. Access to SharePoint equipment must be properly documented, authorized and controlled.
All commercial software used on SharePoint systems are supported by a Microsoft software license agreement that specifically describes the usage rights and restrictions of the product. Personnel must abide by all Microsoft license agreements and must not illegally copy licensed software.
[Organization] reserves the right to remove any non-business related SharePoint software.
Violation of this policy may result in disciplinary action which may include termination for employees and temporaries; a termination of employment relations in the case of contractors or consultants; dismissal for interns and volunteers; or suspension or expulsion in the case of a student. Additionally, individuals are subject to loss of [Organization] SharePoint access privileges, civil, and criminal prosecution.
Compliance / Regulation Contributed to by this Policy
Copyright Act of 1976
Foreign Corrupt Practices Act of 1977
Computer Fraud and Abuse Act of 1986
Computer Security Act of 1987
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)