Skip to content

GitLab

Last edited by Steffen Schneider
Page history

qm_public_qmp_it_email_security

FALCOM QMP Email & Email Security

status of this document

STATUS: DRAFT

scope

The purpose of this internal directive / qmp is to define the process of handle the correct use of email and its security.

Objectives of the directive :

  • everybody understands the use of email as an internal and external communication process
  • everybody understands the need of secure communication
  • everybody understands how it's expected to handle emails
  • define the process of setup new employees
  • define the process of release employees
  • creation and handling of employee's (Open)PGP keys
  • define escrow key handling

Wording

Email is a useful way to communicate internal with colleagues as well as external with customer, clients and suppliers. Please use in emails words in a good conversation like in official letters.

Format

FALCOM strongly recommends to use email in text format - not HTML or any other. Please reply your answers for better/faster reading on top of the received email or comment inline the other email with quoting the older email.

Signature

Any FALCOM employee must use this template as signature:

-- 
Mit freundlichen Grüßen / Best regards

<Vorname> <Nachname>
<Funktionsbezeichnung>

FALCOM GmbH
Tel.:	+49 3677 8042 0
Fax:	+49 3677 8042 215
http://www.falcom.de

Handelsregister: HRB 510170 (Amtsgericht Jena)
Geschäftsführer: Holger Liebold, Stephan A. Orlamünder
Sitz: Gewerbering 6, 98704 Langewiesen, Deutschland

Daily work with emails

FALCOM expects to check the email minimum 2 times each working day (exclude vacation day, public holiday and sic days) from each employee with an email account. We recommend to check incoming emails each time after start the daily work, after the lunch break and short before leave home. This is to reduce interruption of the other (primary) work in progress and to ensure a normal feedback of a email for 24h. Our goal should be to reply to any email not later then 72h after receipt. Please organize your daily work accordingly!

Security in Email Handling

Secure Email Tools

FALCOM recommends to use Thunderbird with Enigmail Plugin and OpenPGP to secure its emails. This combination is currently available for Microsoft Windows, Linux, and MacOSX. Please use the latest recommended version or ask FALCOM IT Administrator. For use with Android and iOS we can recommend R2Mail2 to be used with OpenPGP.

use of keys

OpenPGP keys should be generated :

  • all 2 years
  • with a key expire time of 2 years
  • a good passphrase like a password (see password policy)
  • RSA 4096 minimum or ECC

Keep the private keys secure and limit access. DO NOT DELETE THE KEYS even after expire - keep them deactivated. If you loose a key - deactivate the key and revoke the key but keep them - as you need it to decrypt older emails!

After a key expires or you leave the company you will hand out all keys including the passphrases as the company is forced to make all company related communication available for at least last 10 years by law. The handout of keys will be handled in a internal escrow process and will be used only in a needed case.