Publication Summary

Title	Web Filtering Policy
Author(s)	Alessandro Cardinali
Issued by	CEO
Version doc. Review freq.	0.1 Yearly
Date of issue	December 11, 2023
Owner	CEO/Founder
Document status	Draft – Final Draft - Final
Approval Date	n/a
Classification	Internal

Change Log

Version	Date	Author	Comments
0.1	December 11, 2023	Olaf Jacobson	First draft document

Table of Contents

Publication Summary 2

1 Introduction 4

1.1 Purpose of this document 4

1.2 Areas of the standard addressed 4

2 Web filtering policy 5

Introduction

The Internet is at the same time a place of enormous opportunity and one of huge risk and it can be difficult to know which websites are safe and which are not. Soon Technologies B.V. has a duty to its employees and other interested parties to protect them and itself from harmful content, and a necessary way of achieving this is to monitor user activities and block those that are potentially unsafe.

Reasonable personal use of the Internet from organization-supplied devices is permitted and the intention of Soon Technologies B.V. is to strike a fair balance between safety and convenience for its employees.

This policy describes the principles that Soon Technologies B.V. uses to decide which sites will be blocked and the main mechanisms that are used to achieve this.

This control applies to all systems, people and processes that constitute the organization’s information systems, including board members, directors, employees, suppliers and other third parties who have access to Soon Technologies B.V. systems.

The following policies and procedures are relevant to this document:

• Social Media Policy

• Acceptable Use Policy

• Internet Access Policy

Purpose of this document

This document sets out the organization’s policy for restricting access to Internet sites that are deemed inappropriate.

Areas of the standard addressed

The following areas of the ISO/IEC 27001 standard are addressed by this document:

• A.5 Organizational controls

• A.5.1 Policies for information security

• A.8 Technological controls

• A.8.23 Web filtering

Web filtering policy

Access to the Internet from devices provided by Soon Technologies B.V. will be monitored in order to ensure that exposure to malicious content is minimised.

Where possible, this will include access via networks outside of the control of Soon Technologies B.V., such as broadband connections when working from home or when mobile working.

Monitoring will at all times comply with relevant legislation within the employee’s country of employment.

Access to websites that are considered to be inappropriate will be blocked to the user. Specific, business-justified requests to access blocked websites may be allowed by management on an exception basis.

A list of categories of websites that will be blocked will be maintained by the [ICT Team]. In general, these will include websites which:

• Host malware or are involved in phishing activities

• Are concerned with illegal content, such as file sharing

• Provide inappropriate content, such as sexually explicit, illegal drugs, intolerance, violence and weapons

• Host downloads of specific file types, such as executables

Access to web-based email will be allowed but must be used with caution. File downloads of allowed file types will be permitted.

Uploads of files will be allowed but will be subject to Soon Technologies B.V. Data Leakage Prevention Policy.

Access to social networking sites is generally permitted in accordance with the Soon Technologies B.V. Acceptable Use Policy.

All Soon Technologies B.V. users will be informed that their Internet access is monitored according to this policy, and awareness training will be provided concerning the main threats involved.

Attempts to access blocked websites will be logged and will be available in management reports, which may be used as the basis of disciplinary action for persistent cases.

Amendments to web filtering policies within monitoring software will be subject to change control.