Mailbox Access Policy

Purpose:
To protect employee privacy and ensure appropriate access to mailbox data, this policy outlines the conditions under which mailbox permissions may be granted to agencies or individuals outside of the direct employee structure.

Policy Statement:
Mailbox access—including forwarding, delegation, or conversion to shared mailboxes—will not be provided to agencies or external parties without prior approval from one of the following:

  • Human Resources (HR)
  • Mike Meyer, AVP/Director of Information Technology Operations and Security
  • James Kim, SVP of Information Technology

Guidelines:

  1. Temporary Access Requests

    • May be considered in cases such as unexpected leave or termination.
    • Must be escalated to Mike Meyer or James Kim for review and approval.

  2. Forwarding to Shared Mailboxes

    • Permitted only when justified by business need and approved by the above parties.
    • Example: Involuntary terminations where client data continuity is critical.

  3. Leave of Absence (LOA)

    • Out-of-office messages are preferred over mailbox access.
    • Temporary access may be granted with HR confirmation and IT Leadership approval.

  4. Privacy Considerations

    • Mailbox access is considered a privacy-sensitive action and must be handled with discretion.
    • All requests must include a clear business justification.

  5. MSP Restrictions

    • Managed Service Providers (MSPs) are not permitted to re-enable disabled accounts or modify mailbox access without collaboration with Patriot IT.

Enforcement:
Violations of this policy may result in disciplinary action and revocation of access privileges.