ITU Computer Network, Internet Access & policy ( Network Access Policy )

Transcription

1 ITU Computer Network, Internet Access & policy South Norfolk Council IT Unit Documentation

2 Page : 2 of 8 Summary This policy informs all users about acceptable use of the Council s computer networks. It also contains the form that users are required to sign and return before access can be granted. This document is in accordance with ISO/IEC 27001, and is referenced from the ITU Information Security Manual (section 7.1) Contents 1. Disclaimer Your Responsibilities Scope Permitted Use of , the Internet and SNC Computer Network Computer Network, and Internet Use Limitations Duty Not to Waste or Damage Computer Resources No Expectation of Privacy If you receive offensive or suspect material Managers and Supervisors Connecting equipment to the network Information classification and handling Removable media Notification of changes to this policy Acknowledgement of Understanding... 8 Document Details Author Simon Lincoln Reviewed by Tanya Bandekar, CMT, Unison Approved by CMT Approval date Next review date Document History Date Updated by Reason / Comments Simon Lincoln DRAFT 2B ready for approval by JCC Simon Lincoln Amended to correct title of ITU (from Information Classification Guidelines to Information Protection Policy ) George Colvin Include amendments approved at JCC (Now ISSUE 3) Mel Wiles Amendment to Paragraph 14.2 (Now ISSUE 4) Tanya Bandekar Amendment to revise Paragraph 5.2 (Now ISSUE 5) Last saved: 01/03/2012 9:48 AM Page 2 of 8

3 Page : 3 of 8 1. Disclaimer 1.1. The Internet is a world-wide network of computers that contains millions of pages of information. Users are cautioned that many of these pages include offensive, sexually explicit, and inappropriate material. In general, it is difficult to avoid at least some contact with this material while using the Internet. Even innocuous search requests may lead to sites with highly offensive content. Additionally, having an address on the Internet may lead to receipt of unsolicited containing offensive content. South Norfolk Council ( SNC ) is not responsible for material viewed or downloaded by users from the Internet. To minimise these risks, your use of the Internet at South Norfolk Council is governed by the following policy: 2. Your Responsibilities 2.1. It is your responsibility to: Familiarise yourself with the detail, essence and spirit of this policy before using the Council s information and communications technology ( ICT ) systems. Assess any risks associated with Internet usage and ensure that the Internet is the most appropriate mechanism to use. Know that you may only use the Council s systems within the terms described herein. Read and abide by other documents referenced herein. 3. Scope 3.1. This policy applies to, but is not limited to, all persons or entities (e.g. all SNC Councillors, Employees, contractual third-parties) that access SNC ICT systems For the avoidance of doubt the term ICT includes, but is not limited to, computers, laptops, , Internet connection, networks, mobile devices, PDAs, and telephony systems (including mobile phones and blackberry devices). 4. Permitted Use of , the Internet and SNC Computer Network 4.1. The computer network is the property of South Norfolk Council and is to be used for legitimate business purposes. Users (i.e. employees and other authorised persons) are provided access to the computer network to assist them in the performance of their jobs. Additionally Users may also be provided with access to the Internet and through the computer network or via stand-alone PC s. All Users have a responsibility to use SNC s computer resources and the Internet in a professional, lawful and ethical manner. It is essential that you maintain the security of the Council s ICT systems and data by protecting your personal password (see Data Protection & Freedom of Information policy on elink) Abuse of the council s ICT systems may result in disciplinary action, including possible termination of employment, and civil and/or criminal liability If you use the council s ICT systems to transmit material deemed to be personally or otherwise generally offensive you will render yourself liable to disciplinary action, including termination for gross misconduct If you use the council s ICT systems to download or transmit obscene or paedophiliac material you will be committing a criminal offence at work and may be summarily dismissed for gross misconduct. Last saved: 01/03/2012 9:48 AM Page 3 of 8

4 Page : 4 of 8 5. Computer Network, and Internet Use Limitations 5.1. Prohibited Activities. Without prior written permission from the I.T. Manager, the council s ICT systems may not be used to disseminate, view or store unsolicited commercial or advertising material, destructive code (e.g. viruses, Trojan horse programs, etc.) or any other unauthorised materials Personal use of the Internet is allowed during lunch breaks and outside working hours. However such use must not: - a) interfere with the user s or any other employee s job performance; b) or violate any other policies, provisions, guidelines or standards of this agreement or any other of SNC. Further, at all times users are responsible for the professional, ethical and lawful use of the council s ICT systems. Personal use of the computer is a privilege that may be revoked at any time. If personal use has an undue effect on the computer or SNC network s performance, then the Council may have to re-consider allowing such use. Except for emergency contacts, you must not use your s-norfolk address for any private purpose. It is explicitly prohibited to use your s-norfolk address to sign up for private newsletters, blogs, offers on sites such as Amazon, Discount Voucher sites, ebay (the companies listed are only examples). If you feel that you should be exempt from this prohibition, please consult with your director. You may, of course, from time to time receive spam s from such companies and these should be deleted or reported to the IT Unit. Personal use of Social Media Make sure that you have read and followed the Code of Conduct for Employees Make sure that your online activities do not interfere with your job, your colleagues or commitments to customers. Some staff may be permitted to use social networking sites in the course of their employment, however your personal use of such sites must be in your own time. Such staff will need the permission of their Director before being granted access for work purposes Be aware of your association with South Norfolk Council when using social networking sites. If you identify yourself as having an association with South Norfolk Council as an employee, ensure your profile and related content is consistent with how you wish to present yourself with colleagues and customers Remember that you are responsible for the content you place on such sites yourself and you should remain professional at all times. You should refrain from making derogatory remarks about the Council or your colleagues. If you do so, you may be in breach of the Code of Conduct and this policy and may be subject to the Council s disciplinary proceedings. Further guidance on the use of Social Media is available on elink Private Transactions. SNC will not be held responsible for private transactions conducted by credit or debit card over the Internet. Nor will SNC accept responsibility for items ordered over the Internet which fail to arrive. Ordered goods should not be delivered to your place of work Illegal Copying. Users may not illegally copy material protected under copyright law or make that material available to others for copying. You are responsible for complying with copyright law and applicable licenses that may apply to software, files, graphics, documents, messages, and other material you wish to download or copy. You may not agree to a licence or download any material for which a registration fee is charged without first obtaining the express written permission of the IT Manager. Last saved: 01/03/2012 9:48 AM Page 4 of 8

5 Page : 5 of Software and Programmes. No software from any source should be obtained or loaded on to the council s ICT systems without the prior written consent of the IT Manager. 6. Duty Not to Waste or Damage Computer Resources 6.1. Accessing the Internet. If your computer is connected to the SNC network you must not access any other network or system using a modem or other direct means. Bypassing SNC s computer security solutions is strictly prohibited and may lead to disciplinary action. This is to ensure security and avoid the spread of viruses Frivolous Use. Computer resources are not unlimited. Network bandwidth and storage capacity have finite limits, and all Users connected to the network have a responsibility to conserve these resources. As such, the User must not deliberately perform acts that waste computer resources or unfairly monopolise resources to the exclusion of others. These acts include, but are not limited to, sending mass mailings or chain letters, spending excessive amounts of time on the Internet, playing games, engaging in online chat groups, uploading or downloading large files, accessing streaming audio and/or video files, or otherwise creating unnecessary loads on network traffic associated with non-business-related uses of the Internet Virus detection. Files obtained from sources outside SNC, including disks brought from home, files downloaded from the Internet, newsgroups, bulletin boards, or other online services; files attached to , and files provided by customers or vendors, may contain dangerous computer viruses that may damage the council s ICT systems. Our current computer configuration is designed to ensure that viruses cannot enter the system; however, if you suspect that a virus has been introduced into SNC's network, you must notify the IT Service Desk immediately. 7. No Expectation of Privacy 7.1. Employees and other authorised users are given access to the council s ICT systems to assist them in the performance of their jobs. Employees and other authorised users should have no expectation of privacy in anything they create, store, send or receive using the council s ICT systems. The computer network is the property of SNC. The Council retains a record of all sites visited together with all items created, stored, sent, or received in it's storage archives for such period as it thinks fit Waiver of privacy rights. User expressly waives any right of privacy in anything they create, store, send or receive using the council s ICT systems. User consents to allow SNC personnel access to and review of all materials created, stored, sent or received by User through the council s ICT systems Monitoring of computer and Internet usage. SNC has the right to monitor and log any and all aspects of its ICT systems including, but not limited to, monitoring Internet sites visited by Users, monitoring chat and newsgroups, monitoring file downloads, and all communications sent and received by users. From time to time SNC will monitor activities to ensure that our computer network, Internet access and policy is being adhered to Blocking sites with inappropriate content. SNC has the right to utilise software that makes it possible to identify and block access to Internet sites containing material deemed inappropriate in the workplace In case of doubt. If you are at all unsure if your action will comply with this policy, you must not undertake such action until you have sought advice from IT Service Desk. Last saved: 01/03/2012 9:48 AM Page 5 of 8

6 Page : 6 of 8 8. If you receive offensive or suspect material 8.1. Don t panic. Do not delete it or forward it to anyone the item may be required for evidence, and forwarding it may cause (further) damage Immediately contact your supervisor or manager and report the matter to them; also inform the IT Service Desk, who will make arrangements with you to copy the item for further investigation If you suspect that the council s ICT systems are being abused or that offensive or suspect material is being circulated you are required to inform your supervisor or manager Receiving unsolicited, offensive material is not considered an abuse of the system. However - asking for material, passing it on and / or not asking for it to stop is an abuse If you are unsure if you are working within the Council s guidelines ask yourself the following question Would I be prepared for the material / my actions to be viewed by any member of the public or elected members? The answer should help you decide. 9. Managers and Supervisors 9.1. If your staff tell you that they have received offensive or suspect material you are required to ensure that the IT Service Desk has been informed and are taking action to isolate and trace the origin of the item In the event that the offensive or suspect item has originated from within the organisation the matter will be referred to the relevant manager who will decide on the appropriate action to be taken after consulting the Human Resources Manager or their representative If you suspect that the council s ICT systems are being abused or that offensive or suspect material is being circulated you must follow the normal disciplinary guidelines. Additionally you are required to inform the IT Manager or the IT Infrastructure Manager in order for the electronic evidence to be secured and placed in safe keeping for any subsequent action or investigation As a manager you have the responsibility of giving guidance and supervising staff within your control, which should include talking to your staff on a regular basis to ensure that they understand and are complying with the Council s code of conduct. 10. Connecting equipment to the network No equipment may be connected to the SNC network (e.g. for vendor demonstrations) without prior written consent of the IT Infrastructure Manager or IT Manager. 11. Information classification and handling Information must be handled in a way appropriate to its classification, which can be found in ITU Information Protection Policy. For instance; information classified as RESTRICTED must only be viewable by authorised personnel, and must be secured appropriately at all times You must not forward RESTRICTED information over the Internet, or via your normal account. RESTRICTED information may only be ed if you have a GCSx secure account The information owner is responsible for correct classification and marking. Last saved: 01/03/2012 9:48 AM Page 6 of 8

7 Page : 7 of Removable media The use of removable media including, but not limited to, CDs; DVDs; USB memory sticks ; floppy disks; PDAs is only permitted if the media is fully encrypted using the SNC encryption solution. 13. Notification of changes to this policy In the event of any change being made to this policy you will be informed by The most current version of this policy will be available on elink (the Intranet) via the Terms & Conditions link. Last saved: 01/03/2012 9:48 AM Page 7 of 8

8 Page : 8 of Acknowledgement of Understanding I have read and agree to comply with the terms of the South Norfolk Council Computer Network, Internet Access and Policy including all reasonable amendments and additions of which I have been given adequate notice governing the use of South Norfolk Council s information and communications technology systems ( ICT ) I understand that violation of this policy may result in disciplinary action, including possible termination of employment and civil and criminal penalties. In the case of a violation of this policy by an elected Member, details will be forwarded to the leader of their party and could result in sanctions by their party and civil and criminal penalties. Signature Date Printed name Directorate / Team / Unit Please return this page to the IT Service Desk. You may retain all other pages for your own records. Last saved: 01/03/2012 9:48 AM Page 8 of 8