Corporate Forensic Policy
I just finished my degree and am staying on at the company where I did my internship. They asked me to draft a corporate CF policy/statement that would contain items such as
X number of systems will be spot checked for legal and corporate compliance (porn, excessive personal use, etc.)
Has anyone written or seen a policy like this?
The main reason for this is that during my internship I was allowed to conduct a forensic examination on a laptop of a former employee. I discovered illegal activity and it has since been turned over to the FBI.
The company is now wanting to become proactive in monitoring employee computer use, but unsure how much to do. They were informed that they can not do random checks- if they decide to do checks they must do all systems. I disagree (if a company can do random drug tests then they should be able to do random computer checks).
I would really like to discuss this with anyone who thinks they can help.
Thanks, I'll check it out.