John R. Patrick
Networked Applications Services
Nicholas R. Trio
IBM T.J. Watson Research Center
At the same time, companies and individuals have developed less than positive reputations in the public eye based on how they interacted with the Internet community.
Providing guidance to users of the Internet is an important aspect of being a good citizen and presenting one's company as a positive asset to the Internet community. This paper describes the process and issues we went through at IBM to produce our guidelines and the role that they play in how IBM interacts with the Internet.
The Internet is a very different communications medium than most companies have ever before experienced. There is little if any regulation on the content or business relatedness of the information, and indeed, it's a place where there are few barriers to prevent anyone from contacting anyone else, whether desirable or not by the recipient.
Companies now understand that how they are viewed on the Internet is critical to the success of their business dealings and their reputation. This sensitivity leads companies to provide guidance to employees on what is considered appropriate and inappropriate usage and conduct when using the Internet.
At IBM, we understood early on that our image on the Internet was directly related to how our employees presented themselves. We wanted to provide guidance to help enhance that image, but also to provide help to the employee to learn how to communicate in a very new and very different environment.
In the past, there were hurdles for general users to get Internet access. IBM has now pushed for every employee to "get connected" to the Internet and use it as an everyday part of the work environment. This push has come from all levels from the technical ranks to the top executives of IBM.
At the same time, IBM has it's own internal conferencing systems, where the mode of interaction is very different and more controlled than that on the Internet. Many IBMers were simply unaware of the nature of how people interact on the Internet.
Because of this and the fact that IBM has been changing itself moving toward more openness and personal responsibility, many employees would ask about appropriate usage of the Internet. The IBM Internet community decided to create a guideline for helping these employees use the Internet.
This process of developing an Internet acceptable use policy (AUP) for IBM brought together for the first time many people who would not otherwise get to work together. Many of the traditional barriers had to come down to make this work and all involved wanted that to happen.
This project was instrumental in changing the attitudes of the divergent groups with respect to their visions of others (e.g. the technical folks found the business folks very understanding in wanting to approach the Internet on the Internet's own terms, and the business folks found the technical folks concerned about the business aspects of IBM's use of the Internet.
The group started with the general goal of clearly wanting IBMers on the Internet and have them use it as other business professionals would. We also decided that we would allow for personal usage, since it encourages people to learn about the Internet and it's uses.
Basically, we wanted to use the current set of IBM policies and merge them with what the Internet community considered good Internet practices to come up with these guidelines.
We wanted to make clear that certain activities would not be tolerated because they weren't in accordance with IBM's policies (release of IBM proprietary information, for example), but also things that were frowned upon on the Internet (e.g. chain letters, forging e-mail and news postings).
From there, we moved to specific services such as Telnet, FTP and Usenet. Usenet turned out to be the toughest area since it requires a high degree of interaction (it's not quite as as Telnet and FTP) and it's a different type of communication from that within IBM's walls (Usenet having less controls over content and business relatedness) . Since people using Usenet are interacting with a wide variety of people, IBM employees had to understand how to respond in difficult situations, and indeed, when to not respond at all. We wanted to do all we could to discourage inappropriate advertising and other types of postings that were considered bad form on the Internet.
Users at IBM had a large role in these guidelines. They were made available for public review and discussion so that we could find out if there was anything that would hinder their work or use of the Internet within the guidelines.
We've certainly seen a major reduction in the number of complaints coming into email@example.com based on IBMers usage of the Internet. This has reduced the workload on not only the postmaster, but the management and human relations personnel in dealing with these kinds of problems.
We also now have something that we can use to educate the users on what the Internet is and how to use it, as well as a way to measure whether their usage is acceptable or not.
A set of corporate Internet usage guidelines is critical to maintain and enhance this image, as well as gain maximum utility from the Internet. Sensitivity and balance must be maintained between business needs and the culture and norms of generally acceptable Internet behavior.
As more and more of our employees use the Internet to connect with our customers, suppliers and other key organizations, it is important we all understand the appropriate "netiquette" and how to protect IBM assets when using the Internet.
We want our employees to use the Internet to get connected to people and vital sources of information around the world. These brief guidelines are meant to provide useful tips and techniques to promote effective Internet communications. Updates to the guidelines will be available on the "Get connected" world wide web server which is now available for access by IBM'ers via the Multi Protocol Network at http://w3.nas.ibm.com
IBM Internet Guideline
These guidelines will help you find appropriate uses of the Internet for IBM business purposes.
IBM's visibility on the Internet is rapidly increasing both inside and outside our company. Not all the do's and don'ts can be put down on paper--your best guide to appropriate work-related uses of the Internet are both the IBM Business Conduct Guidelines and common sense. Your good judgment can guide you to appropriate uses of the Internet and will help enhance the image of IBM.
Your first obligation is to protect IBM information assets. Generally, all servers being put on the Internet for access by non-IBMers should be approved by IBM management with appropriate safeguards to protect IBM intellectual property. Here are the general principles for Internet use for IBM business purposes:
When an employee connects to the Internet using the "ibm.com" or other IBM address designation, it should be for IBM business-related activity. IBM Business Conduct Guidelines state that "IBM equipment, systems, facilities and supplies must be used only for conducting IBM's business or for purposes authorized by management." This applies to both internal IBM systems and to IBM's connections to the Internet.
Specifically, the Internet should not be used:
IBM material which is classified IBM Confidential should not be stored or sent on the Internet. Local management can make exceptions for IBM Confidential material when appropriate contracts are in place and encryption is used. IBM Internal Use Only data can be transmitted if there are appropriate agreements in place with the recipient. Encryption is not needed.
Internet Access and Facilities:
Electronic mail is the most commonly used facility on the Internet. When communicating outside IBM, remember:
When downloading software, you must comply with your local IBM procedures for the importation of software, even if it's "public domain." As a courtesy to others, try to do large file transfers during off hours for the server.
Usenet Conference Participation: Usenet is a conferencing system similar to IBM forums. Usenet exchanges tend to be more open, more candid, and more adversarial at times. If you are new to Usenet, subscribe to "news.announce.newusers," which provides information on "netiquette" (etiquette on the Internet). Usenet is for the most part a pretty friendly place. However, if you are on Usenet and find yourself being "attacked," be thoughtful about how you respond. Remember, you're responding from an IBM address even though you may be expressing your own opinion . In many cases, the best thing is to limit your replies to the facts, or withdraw from the conversation altogether. Here are some other guidelines for IBM participation in Usenet: