incommmsec Whitepaper: Increasing role of employee monitoring within public and private sector organisations.

Size: px
Start display at page:

Download "incommmsec Whitepaper: Increasing role of employee monitoring within public and private sector organisations."

Transcription

1 Whitepaper: Increasing role of employee monitoring within public and private sector organisations. GOOD GOVERNANCE OR BIG BROTHER STATE? So what do we mean by Network or Employee monitoring? For the purpose of this Whitepaper we have given it the definition of: To monitor, review and report on the traffic that is carried across an organisational LAN for the benefit of ensuring sound governance and corporate responsibility. There are a number of ways a network can be monitored, both as a managed process, or a malicious invasion. Monitoring can occur at a client level (the desktop/laptop) or at a network level (switch/server fabric). Regardless of where, or how traffic is monitored, it is good governance to be aware of the nature of the network and how your staff are conducting themselves as they represent the organisation you are responsible for. Or is it an imposition of the organisation and an infringement of the rights of the employee? We will look at the infringement of civil liberties and the invasion of privacy balanced against the organisation remaining compliant with the regulations, protecting data security and managing staff productivity. REASONS FOR USING NETWORK MONITORING: Broadly speaking, there are, two reasons for network monitoring; firstly, that a reasonable balance is maintained in the social management of staff, the protection of the company assets such as database records, brand and the highest levels of productivity. Secondly, to ensure the correct technical management of the network from the system administration point of view and that the optimum value for money is being realised by the ICT team for the organisation. Value for Money: A network is the balance of proven technology and cutting edge development aimed at increasing the speed of the network and thus productivity of the organisation. Knowing how traffic is flowing across the network, where bottlenecks occur, where potential risks that may cause disruption may arise is a constant task for the ICT team. Managing this process ensures value for money as investment can be made in areas that are most in need of development. 1

2 Compliance: Whether the regulations are ISO, PCI-DSS, Sarbanes Oxley, HiPPA, or any other industry sector requirement, compliance is a set of rules, a standard, a process. The organisation, when audited, needs to be able to show it has a clear process. It follows the process, reviews the process, can measure the process, can monitor, report and cross check the process, so that it can take action when needed. Otherwise compliance may not be attained. A good network monitoring tool will ensure this can happen. 1 in 5 employees would remove company data at least 5 days prior to resigning. Staff Productivity: Is often quoted as a benefit of many technologies, however it is very hard to prove. With the right tool, actual activity can be measured and performance can be quantified. This works as both a positive influence for the awarding of bonuses for management by objectives and a deterrent and guardian against inappropriate use of organisational property and resources. In some instances assessing staff productivity through activity, document and application usage, organisations are able to deal with redundancies in a fair and just way. Data Security: With modern Anti-Virus, Anti-SPAM, filtering and external threat management tools being so effective, the biggest risk to an organisation is from within. 1 in 5 employees would remove company data at least 5 days prior to resigning. Without real time reporting how else will your organisation be able to be aware of breaches in security? In the worst-case examples, would your organisation rather have a forensic archive of activity for proof? Billing and Fraud: Organisations that have fee-earning practitioners must be able to prove the value of the service to their clients. Specific applications have been designed to help in this, however, being able to prove without question can only enhance the client perception of your organisation, which in turn builds increased customer relations and trust. In the unlikely event that a member of staff claims for work that hasn t been done due to the employee being distracted with other tasks, or personal activities. This would open the organisation to accusations of fraud. Monitoring will ensure this rarely progresses to become an issue. 2

3 MYTHS OF NETWORK MONITORING: Common misleading statements that are heard when discussing network monitoring are: It s a bit Big Brother, isn t it? This is an invasion of privacy. This is an abuse of civil liberties. All three revolve around the idea of the individual being spied upon. Network monitoring does not spy on anyone individual, but looks at the network as a whole. The fact that a good system can provide granular analysis at an individual level is a reflection that a network is made of many individual machines and users. Invasion of Privacy: Regulation or statute that protects a person s right to be left alone, and governs collection, storage, and release of his or her financial, medical, and other personal information. Of all the human rights in the international catalogue, privacy is perhaps the most difficult to define. Definitions of privacy vary widely according to context and environment. In many countries, the concept has been fused with data protection, which interprets privacy in terms of management of personal information. No one should be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks on his honour or reputation. Everyone has the right to the protection of the law against such interferences or attacks. 1948; Universal Declaration of Human Rights, Article 12. (1) Everyone has the right to respect for his private and family life, his home and his correspondence. (2) There shall be no interference by a public authority with the exercise of this right except as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health of morals, or for the protection of the rights and freedoms of others. 1950; European Convention for the Protection of Human Rights and Fundamental Freedoms, Article 8. 3

4 What all these quotes illustrate is the notion of home and privacy. Without roaming into a wider dialogue of the intricacies of legal definition the exceptions are considered for crime, morals, rights and freedoms of others. But this is still within the home environment. Network monitoring is in the sole area of the business context and does not extend into the home. If someone is working from home they are in context at work, being paid by the organisation to fulfil their responsibilities as an employee. When at work we are contracted to be at work and accept the remunerations awarded to us for representing our organisation, not to undertake our own activities, post CVs, visit job websites, take company data and use social media for personal gain. Privacy is for us as individuals, when we join a company, we become part of that organisation, utilising our knowledge and character, accepting a salary so that our actions will benefit the whole. Big Brother: George Orwell s story 1984, of the state controlling, conditioning and organising the life of an individual, leaving them without choice of action and subjugating them through fear of retribution, is not what network monitoring does. There is more concern with the number of CCTV cameras that are currently in operation in the UK. At present the figure varies between 1 for every 30 to 40 people depending on whose figures you read. A general understanding is that rules, laws, the monitoring and policing of them are of no concern for those that keep them, they only bother those who break them. Children understand the meaning of words and actions as black and white. Adults will rationalise shades of grey relative to their own social environmental and educational upbringing. What might be right for one person might not be for another. Network Monitoring should only be used to monitor staff under suspicion: Ironically, this is more Orwellian than simply monitoring the whole network. It jeopardises the HR function and can open the organisation to discrimination tribunals, constructive dismissal and victimisation claim. All of which are voided when everyone is included in the process of network monitoring. 4

5 ETHICS AND NETWORK MONITORING: It is a de facto standard in that all organisations to some degree have got a level of monitoring already in place, such as: Anti-Virus Anti-SPAM Web filtering All of which can monitor traffic and report on activity. Acceptable Use Policy (AUP): All organisations have an AUP now that and Internet usage is so common place. Within a standard AUP it clearly states what is expected of an employee and that the system will be monitored. So much so that the Department for Trade and Industry via Business Link have given guidelines stating what an acceptable AUP should contain, see the link for details. =RESOURCES To quote directly from the text: Use of by employees of [business name] is permitted and encouraged where such use supports the goals and objectives of the business. Supporting the goals and objectives of the business does not include personal use. The document then goes on to say. the employee must ensure that they: comply with current legislation; use in an acceptable way; do not create unnecessary business risk to the company by their misuse of the Internet. Not creating unnecessary business risk, any business has the right to protect itself from malicious attack whether from the outside or from within. The text then goes on to list what is considered unacceptable behaviour including: personal business, breach of confidentiality, distribution of indecent material, hacking, breaking, or wasting network resources etc. Finally the document recognises the valuable use of but that misuse will have a negative impact on the productivity and reputation of the business. To this end quoting the text again... In order to ensure compliance with this policy, the company also reserves the right to use monitoring software in order to check upon the use and content of s. 5

6 Contract of Employment: Every member of staff would normally have signed a contract of employment, which binds them in agreement to working for your organisation during certain times with a remuneration package in return. This contract will include AUP, confidentiality, equal opportunities, health and safety clauses. So how do organisations police breaching this contract? Most organisations don t and only realise this after the event when it is often too late to take effective action. As part of the daily log on process a popup window can appear informing the user that they are using a system that is monitored as part of company procedure. Thus ensuring compliance, AUP, confidentiality at a corporate level. EXAMPLES OF NETWORK MONITORING: For the purpose of this Whitepaper we will not name names of companies, or organisations involved, but will relay their experiences. Monitoring of the network is widespread within both the public and private sectors. We have seen it effectively working within education from primary through secondary to university level. In law enforcement, agencies have used this for analysis of data traffic and the elimination of potential corruption. In legal and accountancy firms the use of monitoring to prove billable hours. In banks the implementation of software as a combatant to illegal trading. In firms generally spotting when a member of staff is looking at job sites and posting their CV whilst at work. Being able to see that the company as a whole spends a disproportionate amount of time using the Internet, seeing who and when is doing what can save an organisation time and increase productivity. The anguish of low quality lingers long after the sweetness of low cost is forgotten. Peter Gregory, CISSP, CISA 6

7 SUMMARY: Monitoring the network is a necessary part of modern communications. Primarily from the point of view of the organisation ensuring it gets as quick a return on investment as possible so that it realises the greatest value for money from the technology it purchases. In addition protecting company assets whether from internal or external threat is good practice; to ignore either threat is negligent. To know how to do it is simple, the difficulty is doing it. Chinese Proverb For those that worry about the social impact of network monitoring it does depend on how the information is used once a picture of who is doing what, within the network is gained. If the organisation sees there is a trend of private , surfing Internet and inactivity during the work hours, it has a choice of either removing staff members (which will only cost more money to replace) or embarking on a social capital investment with motivation, coaching, team-building development programmes. The technology we offer will monitor your network conclusively, we are also able to offer Employment Law specialists for free consultations once the software is in place and we are able to do the same for social capital programmes in people development. 7

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services Issue 1.0 (Effective 27 June 2012) This document contains a copy of the STFC policy statements outlining

More information

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes INFORMATION SECURITY POLICY Ratified by RCA Senate, February 2007 Contents Introduction 2 Policy Statement 3 Information Security at RCA 5 Annexes A. Applicable legislation and interpretation 8 B. Most

More information

Berwick Academy Policy on E Safety

Berwick Academy Policy on E Safety Berwick Academy Policy on E Safety Overview The purpose of this document is to describe the rules and guidance associated with E Safety and the procedures to be followed in the event of an E Safety incident

More information

Essex County Council Policy for Information Management and Security

Essex County Council Policy for Information Management and Security Essex County Council Policy for Information Management and Security Title Author/Owner Status Essex County Council Policy for Information Management and Security Information Management IS Final Version

More information

How To Deal With Social Media At Larks Hill J & I School

How To Deal With Social Media At Larks Hill J & I School LARKS HILL JUNIOR & INFANT SCHOOL Social Media Policy Written: Reviewed Autumn Term 2015 Larks Hill J & I School Social Media Policy 1. Introduction For the purposes of this policy, social media refers

More information

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE GENERAL STATEMENT TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & EMAIL POLICY AND CODE 1.1 The Council recognises the increasing importance of the Internet and email, offering opportunities for improving

More information

Policy No: 2-B8. Originally Released: 2001. Date for Review: 2016

Policy No: 2-B8. Originally Released: 2001. Date for Review: 2016 Topic: Information and Communication Technology use by Students Policy No: 2-B8 Policy Area: Standing Committee: Education Religious Education and Curriculum Committee Originally Released: 2001 Date for

More information

workplace efficiency and compliance with Impero

workplace efficiency and compliance with Impero white paper: employee monitoring workplace efficiency and compliance with Impero task Keep employees on task whilst ensuring compliance with acceptable use policies solution Deploy a granular monitoring

More information

Virgin Media Business Acceptable Use Policy (Internet)

Virgin Media Business Acceptable Use Policy (Internet) Virgin Media Business Acceptable Use Policy (Internet) 1 Introduction 1.1 This Acceptable Use Policy ( AUP ) specifies actions prohibited by Virgin Media Business to users of the Internet Services (in

More information

Internet Use Policy and Code of Conduct

Internet Use Policy and Code of Conduct Internet Use Policy and Code of Conduct UNIQUE REF NUMBER: AC/IG/023/V1.1 DOCUMENT STATUS: Agreed by Audit Committee 18 July 2013 DATE ISSUED: July 2013 DATE TO BE REVIEWED: July 2014 1 P age AMENDMENT

More information

Whistleblower Protection Policy

Whistleblower Protection Policy Whistleblower Protection Policy TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 Introduction... 3 Policy Objectives... 4 Policy Parameters... 4 OBLIGATION TO DISCLOSE REPORTABLE CONDUCT... 4 COMMITMENT TO WHISTLEBLOWER

More information

RIPA (Regulations and Investigatory Powers Act)

RIPA (Regulations and Investigatory Powers Act) Dartmoor National Park Authority INTERNET MONITORING POLICY & INVESTIGATION PROTOCOL Approved: February 2010 Review Date: September 2010 1. Introduction Private use of the computer facilities is covered

More information

AN INFORMATION GOVERNANCE BEST

AN INFORMATION GOVERNANCE BEST SMALL BUSINESS ID THEFT AND FRAUD AN INFORMATION GOVERNANCE BEST PRACTICES GUIDE FOR SMALL BUSINESS IT IS NOT A MATTER OF IF BUT WHEN AN INTRUSION WILL BE ATTEMPTED ON YOUR BUSINESS COMPUTER SYSTEM IN

More information

Social Media Policy. Policies and Procedures. Social Media Policy

Social Media Policy. Policies and Procedures. Social Media Policy Policies and Procedures Social Media Policy 1 1. Introduction...3 2. Privacy settings and personal information.....3 3. Use of Social Media at Work.....4 4. Account Administrators and Login Details......4

More information

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft

Cyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security

More information

Monitor All Employee Activity Across PCs, Laptops & the Internet

Monitor All Employee Activity Across PCs, Laptops & the Internet Monitor All Employee Activity Across PCs, Laptops & the Internet Paul Down, Director EMEA. SpectorSoft Corp. 24 October 2012 Agenda Introductions About SpectorSoft Prominent business challenges How you

More information

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1 Dundalk Institute of Technology Acceptable Usage Policy Version 1.0.1 1 Document Location..\DkIT_Policy_Documents\Policies Revision History Date of this revision: Date of next review: Version Revision

More information

E Safety Policy. 6 th March 2013. Annually. 26 th February 2014

E Safety Policy. 6 th March 2013. Annually. 26 th February 2014 E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to

More information

CYBERSAFETY USE AGREEMENT for Cambridge High School Students

CYBERSAFETY USE AGREEMENT for Cambridge High School Students CYBERSAFETY USE AGREEMENT for Cambridge High School Students Cambridge High School This document is comprised of this cover page and three sections: Section A: Introduction Section B: Cybersafety Rules

More information

U 16 Internet Monitoring Policy & Investigation Protocol

U 16 Internet Monitoring Policy & Investigation Protocol Dartmoor National Park Authority U 16 Internet Monitoring Policy & Investigation Protocol February 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted

More information

Roles and Responsibilities The following section outlines the e-safety roles and responsibilities of individuals and groups within Heath Farm School:

Roles and Responsibilities The following section outlines the e-safety roles and responsibilities of individuals and groups within Heath Farm School: Introduction This e-safety policy was approved by the School Senior Leadership Team: January2015 The implementation of this e-safety policy will be monitored by the: E-Safety Coordinator, Senior Leadership

More information

EASTNOR PAROCHIAL PRIMARY SCHOOL STAFF SOCIAL NETWORKING POLICY. Inspire and Achieve

EASTNOR PAROCHIAL PRIMARY SCHOOL STAFF SOCIAL NETWORKING POLICY. Inspire and Achieve EASTNOR PAROCHIAL PRIMARY SCHOOL STAFF SOCIAL NETWORKING POLICY Inspire and Achieve Introduction This document sets out the guidance on social networking and aims to: Set clear expectations of behaviour

More information

Cyber-safety Agreements are also an educative tool and shall be used as a resource to support the professional development of the school community.

Cyber-safety Agreements are also an educative tool and shall be used as a resource to support the professional development of the school community. Cyber Safety Policy Rationale Mannum Community College places a high priority on providing its school community with Internet facilities, ICT devices and equipment which will benefit student learning outcomes

More information

SCHOOL ONLINE SAFETY SELF REVIEW TOOL

SCHOOL ONLINE SAFETY SELF REVIEW TOOL SCHOOL ONLINE SAFETY SELF REVIEW TOOL UPDATED February 2016 The South West Grid for Learning, Belvedere House, Woodwater Park, Pynes Hill, Exeter, EX2 5WS. Tel: 0844 381 4772 Email: esafety@swgfl.org.uk

More information

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK

INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK INFORMATION GOVERNANCE STRATEGIC VISION, POLICY AND FRAMEWORK Policy approved by: Assurance Committee Date: 3 December 2014 Next Review Date: December 2016 Version: 1.0 Information Governance Strategic

More information

If you have any questions about any of our policies, please contact the Customer Services Team.

If you have any questions about any of our policies, please contact the Customer Services Team. Acceptable Use Policy (AUP) 1. Introduction Blue Monkee has created this Acceptable Use Policy (AUP) for hosting customers to protect our resources and the resources of our other customers and hosting

More information

Conditions of Use. Communications and IT Facilities

Conditions of Use. Communications and IT Facilities Conditions of Use of Communications and IT Facilities For the purposes of these conditions of use, the IT Facilities are [any of the University s IT facilities, including email, the internet and other

More information

How To Protect Children Online From Harm

How To Protect Children Online From Harm Talk Show: The Media as a Tool for Social Inclusion Public Policy for Children and Communication Brian O Neill, Dublin Institute of Technology, EU Kids Online Children and Communication. Rights, Democracy

More information

Bullying. A guide for employers and workers. Bullying A guide for employers and workers 1

Bullying. A guide for employers and workers. Bullying A guide for employers and workers 1 Bullying A guide for employers and workers Bullying A guide for employers and workers 1 Please note This information is for guidance only and is not to be taken as an expression of the law. It should be

More information

TECHNOLOGY USAGE POLICY

TECHNOLOGY USAGE POLICY TECHNOLOGY USAGE POLICY Computer Usage Policy (CUP). 2 Aims/Objectives. 2 General.. 2 Student Responsibilities 2 Monitoring 3 Access Violations... 3 Personal Devices 3 Internet Safety: Acceptable Usage

More information

Monitoring Employee Communications: Data Protection and Privacy Issues

Monitoring Employee Communications: Data Protection and Privacy Issues Monitoring Employee Communications: Data Protection and Privacy Issues By Anthony Sakrouge, Kate Minett, Daniel Preiskel and Jose Saras Reprinted from Computer and Telecommunications Law Review Issue 8,

More information

ONE TO ONE LAPTOP PROGRAMME POLICY

ONE TO ONE LAPTOP PROGRAMME POLICY ONE TO ONE LAPTOP PROGRAMME POLICY CONTENTS 1 Vision and Rationale... 2 2 Ownership Model... 2 3 End of Lifecycle Process... 2 4 Early Return Policy... 2 5 Appearance / Personalisation... 2 6 Device Specifications...

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Raising concerns (Whistleblowing) Policy and Procedure

Raising concerns (Whistleblowing) Policy and Procedure Raising concerns (Whistleblowing) Policy and Procedure The Public Interest Disclosure Act provides strong protection for workers who blow the whistle on or raise a genuine concern about malpractice. The

More information

Performance Management Is performance management really necessary? What techniques are best to use?

Performance Management Is performance management really necessary? What techniques are best to use? Performance Management Is performance management really necessary? What techniques are best to use? This e-book is a guide for employers to help them discover tips and methods of performance management,

More information

nationalcarestandards

nationalcarestandards nationalcarestandards dignity privacy choice safety realising potential equality and diversity SCOTTISH EXECUTIVE Making it work together nationalcarestandards dignity privacy choice safety realising potential

More information

Human Rights. Resource Pack

Human Rights. Resource Pack 1 Human Rights Resource Pack 2 What s in this pack? Sections Pages Important Notes Page 3 What s it all about? Page 4 Why the Human Rights Act? Page 6 Who we are and what we do Page 9 What are human rights?

More information

Acceptable Use Policy

Acceptable Use Policy Sell your Products Online and Web by Numbers are brands of Web by Numbers Ltd (hereinafter referred to as Web by Numbers ) Acceptable Use Policy Web by Numbers has created this Acceptable Use Policy (AUP)

More information

HP Laptop & Apple ipads

HP Laptop & Apple ipads Shalom College Student 1:1 Laptop & ipad Program HP Laptop & Apple ipads Policy and Guidelines Booklet TABLE OF CONTENTS 1. Educational Opportunities of A 1 to 1 Laptop & ipad Program... 2 2. Overview

More information

Guidance on professional conduct. For nursing and midwifery students

Guidance on professional conduct. For nursing and midwifery students Guidance on professional conduct For nursing and midwifery students 1 We are the nursing and midwifery regulator for England, Wales, Scotland, Northern Ireland and the Islands. We exist to safeguard the

More information

Hallett Cove South Primary School Communications/Network Use Policy

Hallett Cove South Primary School Communications/Network Use Policy Hallett Cove South Primary School Communications/Network Use Policy The Communications/Network Use Policy ( Policy ) sets out the rights and responsibilities for computer and communications network users

More information

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS Policy: Title: Status: ISP-S9 Use of Computers Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1. Introduction 1.1. This information security policy document contains high-level

More information

CEOP Relationship Management Strategy

CEOP Relationship Management Strategy Making every child child matter matter... everywhere... everywhere CEOP Relationship Management Strategy Breaking down the barriers to understanding child sexual exploitation Child Exploitation and Online

More information

HUMAN RESOURCES POLICIES & PROCEDURES

HUMAN RESOURCES POLICIES & PROCEDURES HUMAN RESOURCES POLICIES & PROCEDURES Policy title Application IT systems and social networking policy All employees and students CONTENTS PAGE Introduction and scope 2 General points 2 Authorisation to

More information

Information Governance Strategy & Policy

Information Governance Strategy & Policy Information Governance Strategy & Policy March 2014 CONTENT Page 1 Introduction 1 2 Strategic Aims 1 3 Policy 2 4 Responsibilities 3 5 Information Governance Reporting Structure 4 6 Managing Information

More information

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction

LEEDS BECKETT UNIVERSITY. Information Security Policy. 1.0 Introduction LEEDS BECKETT UNIVERSITY Information Security Policy 1.0 Introduction 1.1 Information in all of its forms is crucial to the effective functioning and good governance of our University. We are committed

More information

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014

WORTHING COLLEGE STUDENT IT SECURITY POLICY. October 2014 WORTHING COLLEGE STUDENT IT SECURITY POLICY October 2014 Policy name Student Information Technology Security Policy Author: Lesley May/Michael Perry Approved by SLT October 2014 Approved by Corporation

More information

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review Blakeley Heath Primary School E-Safety Policy Development / Monitoring / Review of this Policy This e-safety policy has been developed by a working group made up of: Headteacher Coordinator Staff including

More information

Social Media Guidance for Staff

Social Media Guidance for Staff Social Media Guidance for Staff May 2013 Social media guidance aims Establish practical and reasonable guidelines to help staff in their professional use of social media. Promote a safe environment to

More information

The guidance 2. Guidance on professional conduct for nursing and midwifery students. Your guide to practice

The guidance 2. Guidance on professional conduct for nursing and midwifery students. Your guide to practice The guidance 2 Guidance on professional conduct for nursing and midwifery students Your guide to practice The Nursing & Midwifery Council Vision, mission and values Our vision To safeguard the public by

More information

COMPUTER USAGE - EMAIL

COMPUTER USAGE - EMAIL BASIC BELIEF This policy relates to the use of staff email at Mater Dei and is designed to provide guidelines for individual staff regarding their use. It encourages users to make responsible choices when

More information

Cyber Security - What Would a Breach Really Mean for your Business?

Cyber Security - What Would a Breach Really Mean for your Business? Cyber Security - What Would a Breach Really Mean for your Business? August 2014 v1.0 As the internet has become increasingly important across every aspect of business, the risks posed by breaches to cyber

More information

FRAUD PREVENTION STRATEGY FOR UGU DISTRICT MUNICIPALITY (UGU)

FRAUD PREVENTION STRATEGY FOR UGU DISTRICT MUNICIPALITY (UGU) FRAUD PREVENTION STRATEGY FOR UGU DISTRICT MUNICIPALITY (UGU) CONTENTS 1. Introduction.. 3 2. Characteristics of Fraud.. 5 3. Fraud Strategy..... 6 4. Building the Fraud Prevention Plan........ 8 Fraud

More information

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT. Website - Terms and Conditions Welcome to our website. If you continue to browse and use this website you are agreeing to comply with and be bound by the following terms and conditions of use, which together

More information

COLLINS FOODS LIMITED (the COMPANY) CODE OF CONDUCT

COLLINS FOODS LIMITED (the COMPANY) CODE OF CONDUCT COLLINS FOODS LIMITED (the COMPANY) CODE OF CONDUCT 1. Introduction The Company is committed to maintaining ethical standards in the conduct of its business activities. The Company's reputation as an ethical

More information

Fraud and Abuse Policy

Fraud and Abuse Policy Fraud and Abuse Policy 2015 FRAUD AND ABUSE POLICY 2015 1 Contents 4. Introduction 6. Policy Goal 7. Combatting Customer Fraud and Abuse 8. Reporting Breaches 9. How Alleged Breaches Will Be Investigated

More information

Corporate Information Security Management Policy

Corporate Information Security Management Policy Corporate Information Security Management Policy Signed: Chief Executive. 1. Definition of Information Security 1.1. Information security means safeguarding information from unauthorised access or modification

More information

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy

St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Learn, sparkle & shine St. Peter s C.E. Primary School Farnworth Email, Internet Security and Facsimile Policy Adopted from the LA Policy April 2015 CONTENTS Page No 1. Introduction 1 2. Guiding Principles

More information

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU

HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU HOW TO HANDLE A WHISTLEBLOWER REPORT IN THE EU 10 April 2014 Monica Salgado Advogada registered with the Portuguese Ordem dos Advogados Registered European Lawyer with the SRA Kirsti Laird Solicitor, (qualified

More information

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy Version History Author Approved Committee Version Status date Eddie Jefferson 09/15/2009 Full Governing 1.0 Final Version Body Eddie Jefferson 18/08/2012 Full Governing Body 2.0 Emended due to the change

More information

Kenmore State High School Student Laptop Charter

Kenmore State High School Student Laptop Charter Kenmore State High School Student Laptop Charter 2 Contents Student Laptop Charter... 4 Loan equipment... 4 Equipment ownership... 5 Fee for provision of laptop... 5 Laptop care... 6 Data security... 6

More information

Statement of Business Ethics

Statement of Business Ethics Statement of Business Ethics Standards for Contractors, Their Employees and Business Associates City of Ryde 7 June 2005 Business Associates 7 June 2005 Page i TABLE OF CONTENTS 1. INTRODUCTION...1 2.

More information

33500 POLICY USE OF SOCIAL MEDIA

33500 POLICY USE OF SOCIAL MEDIA Version: 1.2 Last Updated: 15/06/15 Review Date: 25/06/18 ECHR Potential Equality Impact Assessment: Low 1. About This Policy 1.1. This policy describes how Hampshire Constabulary s use of social media

More information

TCO Certified Self-assessment Questionnaire

TCO Certified Self-assessment Questionnaire ! TCO Certified Self-assessment Questionnaire A.7.2 Senior Management Representative, Socially Responsible Manufacturing Introduction: Completion of this Self-assessment Questionnaire is required under

More information

S E R V E R C E N T R E H O S T I N G

S E R V E R C E N T R E H O S T I N G S E R V E R C E N T R E H O S T I N G Managed Hosting Microsoft Lync - Service Level Agreement Server Centre Hosting Limited Master Version - 2.1 Server Centre Hosting Ltd, The Old Public House, 3 Watnall

More information

WHITEPAPER 5 Reasons HR Professionals Are Adopting SaaS Email Image Filtering

WHITEPAPER 5 Reasons HR Professionals Are Adopting SaaS Email Image Filtering WHITEPAPER 5 Reasons HR Professionals Are Adopting SaaS Email Image Filtering Litigation for sexual harassment resulting from inappropriate exposure to pornography can have a massive impact on brands,

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Version: 4 Bodies consulted: Caldicott Guardian, IM&T Directors Approved by: MT Date Approved: 27/10/2015 Lead Manager: Governance Manager Responsible Director: SIRO Date

More information

CP3043 Social, Legal and Professional Aspects of Computing. Mr Graham Brown. Assessment 2

CP3043 Social, Legal and Professional Aspects of Computing. Mr Graham Brown. Assessment 2 CP3043 Social, Legal and Professional Aspects of Computing Mr Graham Brown Assessment 2 Colin Hopson 0482647 Wednesday 16 th April 2008 i Contents 1 Introduction... 1 1.1 The Bridgeway Building Society...

More information

How to Monitor Employee Web Browsing and Email Legally

How to Monitor Employee Web Browsing and Email Legally WHITEPAPER: HOW TO MONITOR EMPLOYEE WEB BROWSING AND EMAIL LEGALLY How to Monitor Employee Web Browsing and Email Legally ABSTRACT The Internet and email are indispensable resources in today s business

More information

BUSINESS CONDUCT POLICY

BUSINESS CONDUCT POLICY BUSINESS CONDUCT POLICY Purpose The Greggs Values state that we will be enthusiastic and supportive in all we do, open, honest and appreciative, treating everyone with fairness, consideration and respect.

More information

Internet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014

Internet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014 Internet Acceptable Use Policy A council-wide information management policy Version 1.5 June 2014 Copyright Notification Copyright London Borough of Islington 20134This document is distributed under the

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

POLICY. Responsible Use of Social Media

POLICY. Responsible Use of Social Media POLICY Responsible Use of Social Media Contact Officer Director of Personnel Director of Communications & Participation Senior Project Manager: Corporate Policies (Policy author) Purpose The primary aims

More information

APPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5

APPROPRIATE USE OF INFORMATION POLICY 3511 TECHNOLOGY RESOURCES ADOPTED: 06/17/08 PAGE 1 of 5 PAGE 1 of 5 PURPOSE Triton College s computer and information network is a continually growing and changing resource supporting thousands of users and systems. These resources are vital for the fulfillment

More information

Networking and Social Media Policy

Networking and Social Media Policy Networking and Social Media Policy 1 Objectives This policy sets out the Millfields Community School policy on social networking. New technologies are an integral part of our lives and are powerful tools

More information

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer 1 Terms & Conditions In this section you can find: - Website usage terms and conditions 1, 2, 3 - Website disclaimer -Acceptable internet use policy 1,2,3,4 - Acceptable email use policy 1, 2 - Copyright

More information

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective.

We then give an overall assurance rating (as described below) indicating the extent to which controls are in place and are effective. Good Practice Audit outcomes analysis Police Forces April 2013 to April 2014 This report is based on the final audit reports the ICO completed in the Criminal Justice sector, specifically of Police forces,

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

Acceptable Use Policy ("AUP")

Acceptable Use Policy (AUP) Acceptable Use Policy ("AUP") Pacificnet Hosting (PacHosting)'s Acceptable Use Policy ("AUP") is provided to give our customers and users a clear understanding of what PacHosting expects of them while

More information

Small businesses: What you need to know about cyber security

Small businesses: What you need to know about cyber security Small businesses: What you need to know about cyber security March 2015 Contents page What you need to know about cyber security... 3 Why you need to know about cyber security... 4 Getting the basics right...

More information

Acceptable Use Policy

Acceptable Use Policy Acceptable Use Policy 1. General Interoute reserves the right to modify the Acceptable Use Policy ( AUP ) from time to time. Changes to this Acceptable Use Policy will be notified to Customer in accordance

More information

Sibford School Student Computer Acceptable Use Policy

Sibford School Student Computer Acceptable Use Policy Introduction Sibford School Student Computer Acceptable Use Policy The use of the latest technology is actively encouraged at Sibford School but with this comes a responsibility to protect both students

More information

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy ATHLONE INSTITUTE OF TECHNOLOGY I.T Acceptable Usage Staff Policy Table of Contents 1. Purpose... 2 2. Terminology... 2 3. Scope... 2 4. Acceptable Usage Policy... 3 5. Policy Acceptance... 6 6. Policy

More information

SENIORS ONLINE SECURITY

SENIORS ONLINE SECURITY SENIORS ONLINE SECURITY Seniors Online Security Five Distinct Areas Computer security Identity crime Social networking Fraudulent emails Internet banking 1 Computer security 2 There are several ways that

More information

Presidency conclusions on establishing a strategy to combat the manipulation of sport results

Presidency conclusions on establishing a strategy to combat the manipulation of sport results COU CIL OF THE EUROPEA U IO EN Presidency conclusions on establishing a strategy to combat the manipulation of sport results 3201st EDUCATIO, YOUTH, CULTURE and SPORT Council meeting Brussels, 26 and 27

More information

The best advice before you decide on what action to take is to seek the advice of one of the specialist Whistleblowing teams.

The best advice before you decide on what action to take is to seek the advice of one of the specialist Whistleblowing teams. Whistleblowing Policy (HR Schools) 1.0 Introduction Wainscott school is committed to tackling unlawful acts including fraud, corruption, unethical conduct and malpractice regardless of who commits them,

More information

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8 Introduction The IT systems must be used in a reasonable manner and in such a way that does not affect their efficient operation,

More information

Acceptable Use of ICT Policy. Learner School Policy

Acceptable Use of ICT Policy. Learner School Policy Acceptable Use of ICT Policy Learner School Policy Contents INTRODUCTION 3 1. ACCESS 3 2. E-SAFETY 3 3. COMPUTER SECURITY 4 4. INAPPROPRIATE BEHAVIOUR 4 5. MONITORING 5 6. SOCIAL NETWORKING 5 7. LEGAL

More information

Guide to Penetration Testing

Guide to Penetration Testing What to consider when testing your network HALKYN CONSULTING 06 May 11 T Wake CEH CISSP CISM CEH CISSP CISM Introduction Security breaches are frequently in the news. Rarely does a week go by without a

More information

Use of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013

Use of Social Networking Websites Policy. Joint Management Trade Union Committee. ENDORSED BY: Consultative Committee DATE: 14 February 2013 Use of Social Networking Websites Policy START DATE: March, 2013 NEXT REVIEW: March 2015 COMMITTEE APPROVAL: Joint Management Trade Union Committee CHAIR S SIGNATURE: STAFF SIDE CHAIR S SIGNATURE: DATE:

More information

SKY S WAYS OF WORKING. Believe in better

SKY S WAYS OF WORKING. Believe in better Believe in better Sky s Ways of Working - OUR COMMITMENT TO DOING THE RIGHT THING Sky is a valued part of everyday life in over 10 million homes. We entertain, excite and inspire customers with a great

More information

Liberty s Briefing: Forced Marriage (Civil Protection) Bill

Liberty s Briefing: Forced Marriage (Civil Protection) Bill Liberty s Briefing: Forced Marriage (Civil Protection) Bill January 2007 1 About Liberty Liberty (The National Council for Civil Liberties) is one of the UK s leading civil liberties and human rights organisations.

More information

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent Scope Information Services Regulations for the Use of Information Technology (IT) Facilities at the University of Kent 1. These regulations apply to The Law All students registered at the University, all

More information

2.1 It is an offence under UK law to transmit, receive or store certain types of files.

2.1 It is an offence under UK law to transmit, receive or store certain types of files. Website Hosting Acceptable Use Policy 1. Introduction 1.1 Jarrett & Lam Consulting s Acceptable Use Policy for hosting customers to protect our resources, the resources of our customers and to ensure that

More information

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK

INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK INFORMATION GOVERNANCE OPERATING POLICY & FRAMEWORK Log / Control Sheet Responsible Officer: Chief Finance Officer Clinical Lead: Dr J Parker, Caldicott Guardian Author: Associate IG Specialist, Yorkshire

More information

Online Research and Investigation

Online Research and Investigation Online Research and Investigation This document is intended to provide guidance to police officers or staff engaged in research and investigation across the internet. This guidance is not a source of law

More information

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future.

itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your business onwards and upwards into the future. Web Filtering Email Filtering Mail Archiving Cloud Backup Disaster Recovery Virtual Machines Private Cloud itg CloudBase is a suite of fully managed Hybrid & Private Cloud Services ready to support your

More information

1.4 To overcome this biasness, this Policy is in place to ensure all Maxis customers have a good experience.

1.4 To overcome this biasness, this Policy is in place to ensure all Maxis customers have a good experience. MAXIS FAIR USAGE POLICY 1. Introduction 1.1 This Fair Usage Policy ("Policy") sets out an acceptable level of conduct between Maxis Broadband Sdn Bhd or Maxis Mobile Services Sdn Bhd (both shall be referred

More information

Acceptable Usage Policy

Acceptable Usage Policy Contents 1. INTRODUCTION... 2 2. PURPOSE... 2 3. APPLICATION... 2 4. YOUR OBLIGATIONS AND PROHIBITED USE... 2 5. SPAM... 3 6. EXCESSIVE USE... 3 7. SECURITY... 4 8. COPYRIGHT... 4 9. CONTENT... 4 10. REGULARTORY

More information

How To Protect Decd Information From Harm

How To Protect Decd Information From Harm Policy ICT Security Please note this policy is mandatory and staff are required to adhere to the content Summary DECD is committed to ensuring its information is appropriately managed according to the

More information