Tim -
If only your employees sign it, then only the employees are "notified"
of the policy (i.e. actual unauthorized users never saw the
authorized use policy). If you have a logon that cites the
policy (which is posted as a webpage as many people have suggested),
then there is no "I'm not an employee, so I never knew there
was an authorized use policy" type of excuse. I don't know of
any legal cases that hinged on this, but I can see from what little
I've read how one could make such a technicality argument and get off.
Of course, if you're only worried about your employees' behavior, then
the signed policy might be enough.
Just my 0.02,
Charley
--
Charles Hamilton, MS EIT Doctoral Candidate
Department of Civil and Phone: 949.824.8694
Environmental Engineering FAX: 949.824.2117
University of California, Irvine Email: [EMAIL PROTECTED]
