Qatar Aeronautical Academy

DOC No.: ITP11

Rev. No.: 03

Rev. Date: 25.01.2021

E-MAIL USAGE POLICY

1.0 Purpose

The purpose of this document, the E-mail Usage Policy, is to inform employees, contractors, consultants, clients and interns of Qatar Aeronautical Academy (QAA) of the proper way to use the email account afforded to them by QAA.

2.0 Scope

This policy applies to every single person who works for or with QAA and has an email account from QAA.

3.0 Policy

3.1. QAA is an actual business, and the email it provides to users is a tool of business; therefore, users may not use their email accounts for purposes other than QAA’s business.

3.2. Microsoft Outlook can be configured and used to view and manage the email account provided by QAA. Personal preference does not factor into choosing what email client a user may want to use.

3.3. Personal email accounts, free or paid, web-based or not, may not be used for QAA’s business. Only the email account provided by QAA can be used for its business and business-related purposes.

3.4. The email account provided by QAA to its employees is a property of QAA, and it is a business tool that’s subject to audit and monitoring procedures of business tools at QAA. Users should not expect privacy while using the email account as QAA reserves the right to monitor, audit, archive, or investigate in some cases the content users send or receive using the email account. All of these actions may be taken by QAA without prior notice or forewarning.

3.5. Email lists, newsgroups, and distribution groups on email are restricted to business-related purposes. Social newsgroup/social networks and email lists where the order is socialization are prohibited from being added to any user’s address book so long as the email in question is the one provided by QAA.

3.6. Emails extracted/archived to local machines by users will not be retained on QAA’s servers if the user chose a setting not to keep a copy of the email on QAA’s servers after extracting/archiving.

3.7. Emails deleted by users directly from the account (not applicable to local files on machines) will be retained in QAA’s email servers as per retention rules.

3.8. At least for the purposes of email retention, a Risk Analysis & Business Continuity process must be performed at QAA to decide on the criticality/impact levels related to email retention. An example of impact levels can be as follows:

3.8.i. Catastrophic Impact: Applies to all email the loss of which may cause significant damage to QAA’s business, reputation, market standing, or image. QAA must guarantee that such email will be retained by IT for twelve (12) months.

3.8.ii. Major Impact: Applies to all email the loss of which is recoverable but may cause some discomfort to QAA’s business, its affiliates, or its employees. QAA must guarantee that such email will be retained by IT for six (6) months.

3.8.iii. Minor Impact: Applies to all email that does not necessarily fit into either of the previous categories. The retention of such emails does not fall within QAA’s guarantees or responsibilities. The retention in this case is upon the employee personally.

3.9. Business-related email lists, distribution groups, and newsgroups are permissible to subscribe to for business-related purposes inside QAA. If there is involvement by parties outside QAA, then proper approval needs to be obtained from the business unit’s manager and the IT Section Head.

3.10. Mass-mail, unsolicited email, junk-like mail, and anything similar to spam is strictly prohibited while using QAA’s email accounts. Users may not engage in these activities themselves nor may they use their email accounts in a way that makes it subject to spamming by others (such as subscribing to suspicious mass-mailing websites).

3.11. Offensive, rude, threatening, abusive, harassing, insulting, or derogatory emails may never be sent from the email account provided to users by QAA. If such emails are received by users within QAA, then the IT department must be informed immediately to investigate the problem.

3.12. Users may not create chain letters, and they may not forward them on to other users if they receive them from another party, irrespective if this other party is another email user at QAA or not.

3.13. Except for authorized individuals, users may not send mass mail to others within QAA or outside of it. This applies also to “emergency” messages such as the common email messages warning users against a new virus or malware. Sending such emails is the responsibility of the Information Security Team of the IT Dept. at QAA.

3.14. Users are not allowed to set their emails to auto-forward email messages from their QAA’s email account to another email account outside QAA including, but not limited to, personal email providers and web-based email providers such as Gmail, Hotmail, Yahoo, etc.

3.15. Sensitive topics, confidential information, and business-critical issues may not be discussed frankly over email as it may jeopardize QAA’s business. When such information needs to be communicated over email for purposes related to critical-business affairs, the Director of Joint Services at QAA must be consulted to provide adequate instructions and training on how to achieve that.

3.16. The Head of IT at QAA must devise and implement a policy that defines the permissions of Email System Administrators and limits the possibilities of abuse of privilege. A potential abuse of authority may come in the form of Administrators viewing users’ emails without permission and without the activity being logged. The Head of IT must ensure against such a possibility.

3.17. The Head of IT at QAA must devise and implement a policy that defines the proper use of emails for other managers within QAA while off-premises. Managers may access their email accounts from hotels, conferences, meeting rooms, and other public venues where security vulnerabilities may be abundant. Managers need to protect against the occurrence of such vulnerabilities in accordance with the policy devised by the Head of IT at QAA.

3.18. User email accounts must be terminated and disabled after termination of service and before the final settlement is reached. This is to protect against abuse of email account by users.

3.19. The Head of IT at QAA must devise a policy that sets the permissions and access rights for those who have the privilege to send to email distribution groups (specific groups or “all staff”). This must be set as a privilege for users with a business need for such a privilege.

3.20. Contractors, outsourced personnel, and temporary help should be particularly aware of the fact that they are granted QAA’s corporate identity, through the email account, while they are not permanent members of QAA. This awareness must result in very strict adherence to using email strictly for business purposes. It should also result in a sense of personal responsibility towards maintaining the email account and using it in accordance with this policy. 

3.21. QAA requires all faculty and staff members to use a standardized email signature in all internal or external communication related to the academy. This signature gives recipients an understanding of the sender’s name and position in the academy while maintaining credibility. In addition, this signature represents the academy and helps us maintain a clean, cohesive brand.

Here are a few tips to remember as you create or update your signature:

3.21.i. Please use the Signature Template to create or update your signature. This will ensure that the branding is up-to-date and the format is correct.

3.21.ii. Delete any old signatures from your Outlook account. Deleting old signatures will help you avoid accidentally using an old signature.

3.21.iii. Use your signature on all internal and external communication. This helps to identify who you are and the position you hold at the academy.

3.21.iv. Don’t add information or modify the format of your signature. This format is defined by the QAA Management, and you are expected to comply as representatives of the academy to this policy.

3.21.v. The QAA email signature has been approved for all faculty & staff to use and should not include any additions. Additions not approved include, and are not limited to, webpage links, social media links, mailing addresses, email addresses, Scripture, department taglines, office hours, pictures etc. For any clarification, please email ithelpdesk@qaa.edu.qa

3.21.vi. All work-related email messages should include no backgrounds or email templates. Your email body text should be the default setting or a similarly legible font. It is imperative for all email communication to be visually professional and clear.

3.21.vii. The email signature may look smaller or larger depending on screen resolution. The size that has been selected for the email signature is the most compatible with a wide variety of screen resolutions. Please keep this in mind if the email signature appears too large or too small on your screen.

4.0 Communication Channels & Hierarchy

4.1 Staff Commitment to Communicate with those of the equivalent grade and job designation

4.2 Staff are not allowed to communicate directly with the heads of the other departments and directors without assignment from the line manager in compliance with the hierarchy and in accordance with the professional standards.

4.3 All Heads of Departments and Managers must not assign any functional tasks to employees of departments who are not under their direct supervision without permission from the line manager to ensure proper control of communication channels.

5.0 Enforcement

Disciplinary action will be taken in case of E-mail Usage Policy violation, which may range from verbal reprimand to final termination of employment, depending on the severity and seriousness of the violation. Considering the nature of internet activities, there may be tendencies for most violations to be serious and therefore most cases may result in disciplinary actions that lean closer to the heavy-handed side.

6.0 Responsibility

All employees, contractors, consultants, vendors, and interns using QAA’s email accounts have the responsibility to follow this policy while the IT management at QAA have the responsibility of maintaining it.

7.0 Revision History

Revision: 00   Revision Date: 01.01.2012     Initial Issue

Revision: 01 Revision Date: 01.01.2017

Revision: 02 Revision Date: 25.04.2020