E-mail SOP

Document Name: Email SOP Prepared By: Issuance Date:

Revision No: Approved By: New Revision date:

Access authorization Change Recommendation Authorization

 Table of Contents
Purpose ........................................................................................................................................2
Scope ............................................................................................................................................2
1. Eligibility / New email Account..............................................................................................2
2. Privacy ......................................................................................................................................2
3. Acceptable Use/Abuse/Etiquette............................................................................................2
3.1 Using Email ............................................................................................................................3
3.2 Unacceptable Email Use .........................................................................................................3
3.3 Email Signatures.....................................................................................................................3
4. Account Term/Expiration ........................................................................................................4
5. Data Ownership........................................................................................................................4
6. Unnamed Group Accounts ......................................................................................................4
7. Password Procedure.................................................................................................................4
8. Spam .........................................................................................................................................5
8.1 Sending Spam.........................................................................................................................5
8.2 Receiving Spam ......................................................................................................................5
9. Phishing ....................................................................................................................................5
10. Quotas...................................................................................................................................5
11. Attachments, Viruses and Malware .....................................................................................6
12. Use of Personal Devices........................................................................................................6
1
Page
 E-mail SOP

Purpose
GFG e-mail services support the operational activities of the organization and serve as a means
of official communication by and between users and GFG. This is to ensure that these critical
services are available, safe and secure, and reliable from end to end.

Scope
This E-mail SOP applies to all employees of the GFG who are entitled to email services.

Ghulam Faruque Group uses Email for its official communications through which IT-Admins can manage
all hosting services of a certain domains, the proper and acceptable use of the email server should be
maintained at all times. The email server exists for the purpose of providing written communication
between GFG staff and its stakeholders and is a primary means of disseminating important information
within the organization.

This document defines eligibility to possess a server account, the procedures for requesting a new
account, acceptable use, proper etiquette, and account expiration, ownership of data within the email
server, associated password policies, privacy, spam, document archival and the use of outside email
servers.

1. Eligibility / New email Account

All regular, active, permanent employees are eligible for email account on the GFG email server. Email
accounts are established via the “User Access Form” when a new employee is hired and email mailbox
available as per quota. The use of the email account is a facility and it utilize under the same this SOP.

2. Privacy
The email server is owned and operated by GFG IT Department. GFG has right to monitor emails in
the SERVER. GFG may inspect the contents of any individual or group mailbox.
Email should be considered a postcard sent in the public mail. The information is delivered to the
addressee but can be read at any time in transit or after delivery.

3. Acceptable Use/Abuse/Etiquette
It is important that our communications:
 are respectful in tone
 are consistent across our employees, programs and offices
 Comply with GFG IT policy about confidential information; acceptable use of technology; use of
GFG resources for political activities, etc.
2
Page
 By ensuring our communications meet these standards, GFG employees will convey a professional
image, ensure efficient and accurate responses, and prevent misunderstandings and even legal
problems. These guidelines have been created to assist employees in ensuring emails rise to these
standards.

3.1 Using Email

 Limit use of GFG email to official business.
 Be considerate of other people’s time by not answering emails simply to say “I agree” or
“Thanks”

3.2 Unacceptable Email Use

Includes but is not limited to:
 Sending email with content or links that are threatening, obscene, repeated and unwanted,
harassing, and/or racially,, or ethnically offensive
 Using GFG email for personal use (including political, social, religious, recreational, financial
gain)
 Revealing confidential information via email

3.3 Email Signatures

GFG staff shall follow the prescribed format of email signature.

GFG Email Signature Convention

Name of employee
Designation – Company

Ghulam Faruque Group of Companies

T: +92 (21) 111-000-010 (EXT) XXXX

F: +92 (21) 35682839 – 35683426

E: abc.xyz@gfg.com.pk
W: www.gfg.com.pk

Modern Motors House Beaumont Road, Karachi

Karachi | Lahore | Islamabad | Peshawar

Disclaimer: This email (including any attachments) is confidential and intended for the recipient specified in message only. It is strictly
forbidden to disseminate any part of this message to a third party without the prior written consent of the sender. If you ha ve received
this message in error, please notify the sender by return email and delete the message from y our system.
3
Page
 4. Account Term/Expiration
Regular Employees: Access to the SERVER is available while the employee remains a Regular Employee
and is revoked upon resignation, retirement or release from GFG.
Exceptions: The IT may grant a later account expiration, only with the approval of senior management,
to meet the business needs of GFG.

5. Data Ownership
All email, files, attachments, calendar entries and task items are the exclusive property of GFG. The
bulk release of any data from the SERVER requires approval from management. No data is
transferable to any former employee upon separation from GFG.

6. Unnamed Group Accounts

Individual employee accounts in the SERVER are named and associated with each employee’s name.
However, internal Group accounts may be approved to facilitate a department’s work flow. Email
delivered to these accounts may be accessed by members of these email groups. A moderator is
assigned from each to manage the email items in the group.

7. Password Procedure
GFG email account is a valuable asset that uniquely identifies each employee. The password used to
access the SERVER should be kept private to safeguard one’s identity and privacy and should not be
shared.

The SERVER requires a strong password that meets the following criteria:
 It must be a minimum of seven (8) characters
 It must contain three (3) of the following types of characters:
o Uppercase letter
o Lowercase letter
o Numeral
o Non-alphanumeric characters (%, !, &, etc.)
4
Page
 8. Spam
Email spam, also referred to as junk email or simply SPAM, is unsolicited messages sent in bulk by
email. The Spam is ubiquitous, unavoidable, and repetitive

8.1 Sending Spam

All users of the SERVER are prohibited from sending spam under any circumstance.

8.2 Receiving Spam

GFG utilizes an email security gateway product as part of the SERVER that analyzes incoming email
and classifies it as deliverable or as spam. Spam techniques change frequently as spammers try to
defeat anti-spam servers. Users may see a periodic increase in the number of unwanted messages
received as these techniques leapfrog the anti-spam methods used in the SERVER.

9. Phishing
Scammers research the target organization and its suppliers. This research may send emails with links
to ‘phish’ for information, install spyware on the recipient’s computer or infiltrate their wider
network.

The scammers then pretend to be a supplier who has carried out work or provided products for the
organization. They ask for a change to the payment process and supply alternative bank account
details for the money to be transferred to. The new account actually belongs to the scammers. If you
receive an email from a supplier seeking a change to the bank account details you use to pay them,
be suspicious!

Call the sender to confirm the authenticity of the request and the account details. Use previously
known contact numbers or the correct, verified number from the supplier’s website. It is vitally
important not to use contact details contained in the email as they may be fake and put you in touch
with the scammers instead of the supplier.

When responding to emails, use the forward button instead of reply, and manually type or select the
address from your address book. This will help you make sure you are communicating with a known
contact.

10.Quotas
At present, the SERVER enforce quotas governing the maximum size of 1 GB any mailbox. However,
the quota can be increased with approval of management.
5
Page
 11.Attachments, Viruses and Malware
The SERVER can receive attachments up to twenty-five (25) megabytes in size.

The SERVER blocks the delivery of files with filename extensions that pose a significant risk to GFG
servers. These files often hide viruses.

The SERVER scans all incoming email for viruses and other malware threats. However, new threats
are discovered hourly and there is no guarantee that every scanned file is truly virus free. Users should
not open attachments that are suspicious or unexpected. Many virus infected email is delivered from
accounts a user may recognize. Users should attempt to verify with the sender of the legitimacy of an
unexpected attachment before opening the file(s.)

If a user of the SERVER inadvertently opens a suspicious file or web site link, the user should contact
the IT support immediately to report the incident and to initial removal of any infection.

Once reported, harmful email may be deleted by server administrators through the entire SERVER to
preserve the integrity of the SERVER.

12.Use of Personal Devices

The SERVER is accessible to many wireless communication devices. The use is regulated by GFG IT
Policy.

Access to the SERVER will be provided to an authorized employee under the following conditions:

 The employee agrees to configure his/her activated wireless communication device(s) to require
password access. To maintain GFG network security, employees are discouraged from saving
passwords in the email configuration of the device.

 The employee agrees to notify IT Department immediately in the event of loss or theft of his/her
activated wireless communication device(s).
6
Page