| ... | ... | @@ -7,7 +7,7 @@ STATUS: DRAFT |
|
|
|
The purpose of this internal directive / qmp is to define the process of handle the correct use of email and its security.
|
|
|
|
|
|
|
|
Objectives of the directive :
|
|
|
|
* everybody understand the use of email as a internal and external communication process
|
|
|
|
* everybody understand the use of email as an internal and external communication process
|
|
|
|
* everybody understand the need of secure communication
|
|
|
|
* everybody understand how its expected to handle emails
|
|
|
|
* define the process of setup new employees
|
| ... | ... | @@ -16,10 +16,10 @@ Objectives of the directive : |
|
|
|
* define escrow key handling
|
|
|
|
|
|
|
|
## Wording
|
|
|
|
Email is a useful way to communicate internal with colleagues as well as external with customer, clients and suppliers. Please use in Emails a words in a good conversation like in official letters.
|
|
|
|
Email is a useful way to communicate internal with colleagues as well as external with customer, clients and suppliers. Please use in emails a words in a good conversation like in official letters.
|
|
|
|
|
|
|
|
## Format
|
|
|
|
FALCOM strongly recommend to use Email in text format - not HTML or any other.
|
|
|
|
FALCOM strongly recommend to use email in text format - not HTML or any other.
|
|
|
|
Please reply your answers for better/faster reading on top of the received email or
|
|
|
|
comment inline the other email with quoting the older email.
|
|
|
|
|
| ... | ... | @@ -42,8 +42,8 @@ Geschäftsführer: Holger Liebold, Stephan A. Orlamünder |
|
|
|
Sitz: Gewerbering 6, 98704 Langewiesen, Deutschland
|
|
|
|
```
|
|
|
|
## Daily work with emails
|
|
|
|
FALCOM expect from each employee with a email account to check the email minimum 2 times each working day (exclude vacation day, public holiday and sic days).
|
|
|
|
We recommend to check the incomming emails each time after start the daily work, after the lunch break and short before leave home. This is to reduce interruption of the other (primary) work in progress and to ensure a normal feedback of a email for 24h.
|
|
|
|
FALCOM expect from each employee with an email account to check the email minimum 2 times each working day (exclude vacation day, public holiday and sic days).
|
|
|
|
We recommend to check the incoming emails each time after start the daily work, after the lunch break and short before leave home. This is to reduce interruption of the other (primary) work in progress and to ensure a normal feedback of a email for 24h.
|
|
|
|
Our goal should be to reply to any email not later then 72h after receipt.
|
|
|
|
Please organize your daily work accordingly!
|
|
|
|
|
| ... | ... | @@ -51,21 +51,21 @@ Please organize your daily work accordingly! |
|
|
|
|
|
|
|
|
|
|
|
## Secure Email Tools
|
|
|
|
FALCOM recommend to use Thunderbird with Enigmail Plugin and OpenPGP to secure its emails. This combiantion is currnetly available for Microsoft Windows, Linux, and MacOSX. Please use the latest recommended version or ask FALCOM IT Administrator.
|
|
|
|
FALCOM recommend to use Thunderbird with Enigmail Plugin and OpenPGP to secure its emails. This combination is currently available for Microsoft Windows, Linux, and MacOSX. Please use the latest recommended version or ask FALCOM IT Administrator.
|
|
|
|
For use with Android and iOS we can recommend R2Mail2 to be used with OpenPGP.
|
|
|
|
|
|
|
|
## use of keys
|
|
|
|
OpenPGP keys should be generated :
|
|
|
|
- all 2 years
|
|
|
|
- with a key expire time of 2 year
|
|
|
|
- a good passphrase like a password (see Password Policy)
|
|
|
|
- with a key expire time of 2 years
|
|
|
|
- a good passphrase like a password (see password policy)
|
|
|
|
- RSA 4096 minimum or ECC
|
|
|
|
|
|
|
|
Keep the private keys secure and limit access.
|
|
|
|
DO NOT DELETE THE KEYS even after expire - keep them deactivated.
|
|
|
|
If you loose a key - deactivate the key and revoke the key but keep them - as you need it to decrypt older emails!
|
|
|
|
|
|
|
|
After a key expires or you leave the company you will hand out all keys include the passphrases as the company is forced to make all company related communication available for at least last 10 years by law. The handout keys will be handled in a internal escrow process and will be used only in a needed case.
|
|
|
|
After a key expires or you leave the company you will hand out all keys including the passphrases as the company is forced to make all company related communication available for at least last 10 years by law. The handout of keys will be handled in a internal escrow process and will be used only in a needed case.
|
|
|
|
|
|
|
|
|
|
|
|
|
| ... | ... | |
