Agree on Your Philosophy
Step No. 1: Agree on your philosophy
Before writing the policy, first determine your goals and company philosophy for content control and acceptable Internet behavior. At a minimum, you need to keep malware and inappropriate content off your network.
This generally entails blocking access to Websites that are both inappropriate and a common source for malware (such as pornographic Websites). The thinking here is that, if blocked, no reasonable employee is going to raise his hand in a company meeting to ask why he can no longer access Playboy.com.
This type of company with minimal restrictions is coined "Big Family." The philosophy can be summed up as follows: "We consider our employees to be part of one big family. We trust them to manage their own time and commitments. We grant them a lot of latitude in how they meet their objectives."
On the other extreme of the continuum is what's termed "Big Brother." This company blocks all Websites except for those work-related sites explicitly approved and added to the pass list. The philosophy is: "Our employees are being paid to do a job, and we expect them to be productive at work. We do not want to see them staying late because they did not accomplish their tasks during the day. We definitely do not want to pay overtime because they were surfing the Internet for personal reasons."
Between Big Family and Big Brother, there is a broad spectrum across which companies establish acceptable and unacceptable network use. Two common practices are to provide wider access based on time of day, such as during lunch, or by category of worker. In a law firm, for example, lawyers and research associates often need more access to the Web for research than do administrative staff.