Surf Control Policy

Version: 1.00Issue Date: 12/8/2014

This is an example Surf Control Policy. A Surf Control Policy is required as one facet of protection to both user computers and the network since it can block sites that have harmful content. It also helps deter and detect unacceptable use of resources.

1.0 Overview

This Surf Control Policy defines several rules to be followed when implementing surf control and provides some recommendations to allow administrators to have flexibility in implementing surf control.

2.0 Definitions

  • Surf control - Surf control is the process of limiting access to internet resources to safe and acceptable resources both to prevent abuse of the internet by members of the organization and to protect the members and the organization from harmful content.

3.0 Purpose

This Surf Control Policy is designed to protect the organization and members of the organization from harmful content on the internet. It also helps prevent and detect abuse of internet resources.

4.0 Scope

This Surf Control Policy applies to all members of the organization or anyone using the internet from inside the organization's network whether they are a contractor, vendor, employee, business partner or any other third party. This policy is effective as of the issue date and does not expire unless superceded by another policy.

5.0 Filtering Options

There are several possible surf control configurations for members of the organization or groups in the organization. Some of those configurations are:

  • Blocking all sites except those specifically allowed.
  • Blocking sites with prohibited content such as pornography, gambling, shopping, games, etc.

6.0 Surf Control Configuration

Sites that may be a security threat or bypass security measures shall be blocked including:

  • Sites that are infected with hostile content.
  • Sites that have downloads that compromise the security of the network such as downloads that contain viruses or other malware.
  • Sites that support Instant Messaging and other services that are not secure or approved for use.
  • Sites that attempt to mask internet activity such as anonymous surfing websites.

No bypassing of surf control will be allowed.

7.0 Appropriate Sites

Sites that provide no business need shall be blocked except when required for special reasons. These types of sites include but are not limited to.

  • Adult oriented content
  • Gambling
  • Racism or hate
  • Violence
  • Games
  • Dating
  • Personal webmail sites
  • Sports
  • Shopping (outside business functions which may be required)

Time limits or times that internet access is allowed to non business websites may be allowed.

8.0 Advertising

  • Advertising on websites that is not in the form of pop-ups should not be blocked since it may violate terms of use for many websites, is unethical, and potentially illegal.

9.0 Enforcement

Organizational members that do not adhere to this policy may be subject to disciplinary action up to and including denial of access, legal penalties, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

10.0 Additional Requirements

  • Senior management must ensure that this policy is published and users agree to abide by the policy.
  • Auditors must periodically check to be sure this policy is being followed.


Approved by:__________________________ Signature:_____________________ Date:_______________