Logon Banner Policy

Version: 1.00Issue Date: 10/15/2014

1.0 Overview

A properly worded logon banner is required to inform users of their responsibilities and possible monitoring and recording of activities when using organizational computer resources. This Logon Banner Policy protects the organization, its users, and customers by informing those who would exploit the organizational system or network that unauthorized activities are not permitted. This is done in part so offenders may be prosecuted.

2.0 Purpose

This Logon Banner Policy is required to protect the organization by informing users that only authorized users may use the organizational computer resources. The ability to investigate and prosecute abuse is also preserved by informing the user that their activities may be monitored and recorded.

3.0 Scope

This Logon Banner Policy applies to all users of any organizational assets or systems. This Logon Banner Policy establishes organizational policy for all electronic systems capable of displaying system messages. Qualifying systems must display a warning that the system being accessed is an organizational system, and that access is for official use only. This must be the first message seen by the user. This policy is effective as of the issue date and does not expire unless superceded by another policy.

4.0 Requirements

It is necessary to inform people about the limitation of the use of systems before they may be held accountable for inappropriate actions. Users must be informed that systems are for official use, that their actions may be monitored and/or recorded,, and that punishment may result from abuse. The following requirements apply to the Logon Banner Policy:

  • Users must be informed that the system is for authorized use only.
  • Users must be informed that the system is for official use only.
  • Users must be informed that their activities may be monitored or recorded.
  • Users must be informed that information gathered about their activities may be given to law enforcement agencies or other investigative agencies.
  • Users must be informed that unauthorized or illegal use may be punishable by law.
  • The word "welcome" may not appear on the first system login screen.
  • Users should acknowledge the warning through an action such as attempting to log in.
  • The banner must meet legal requirements for prosecution when systems are broken into by unauthorized parties.
  • The banner should require the user to, by logging in, agree to abide by the above conditions and the IT Acceptable Use Policy.

5.0 Banner Example

This system is for official use only by authorized personnel only. There is no right to privacy for anyone using this system. By using this system, you agree to allow monitoring and recording of your activities on this system which may be provided to law enforcement or other investigative agencies for official reasons including criminal investigations. Unauthorized or illegal activities on this system may be punishable by law. By logging into this system you indicate your acceptance of these terms and agree to abide by the IT Acceptable Use Policy.

6.0 Enforcement

Violators of this policy may be subject to disciplinary action up to and including denial of access, legal prosecution, and/or dismissal. Any employee aware of any violation of this policy is required to report it to their supervisor or other authorized representative.

Approval

Approved by:__________________________ Signature:_____________________ Date:_______________