1 A , Internet & Telephone Policy and Procedure MAYLIM LTD Civil Engineering & Hard Landscaping Contractors Wharf Road, G 04 The Wenlock, Islington, London N1 7EU Tel: +44(0) Fax: +44(0)
2 DOCUMENT CONTROL AND REVISION Rev No: Date: Section: Comment: 1 Jan 2012 All Sections New Document 2 Jan 2013 All Sections Management Review No Change 3 Jan 2014 All Sections Management Review No Change GLOSSARY OF ACRONYMS ML Maylim Ltd ML EITPOL Rev3 JAN 2014 Page 2
3 This policy has been produced for the benefit of all users of computer and telephone equipment as well as employees who have access to mobile equipment provided by ML, which includes mobile data devices such as, but not limited to, mobile phones, Blackberry phones, smart phones, pocket PC s, palm tops, satellite navigation systems, etc. This Policy should also be read in conjunction with the ML s Data Protection Policy and your Written Statement of Terms and Conditions of Employment in relation to various clauses that inter relate with this Policy, i.e. Confidentiality and ML Property. The main aims of this policy are to: Ensure that all computers, telephone systems and mobile equipment are as close to a standard configuration as possible, thereby reducing any disruption if equipment needs to be replaced. Minimise the risk of damage to hardware, software or data. To ensure that computer and other systems do not infringe any copyright or licensing laws. To adhere to the ML s corporate image on computer equipment where possible. 1.1 COMPUTERS, AND INTERNET 1. Use of your Computer General Computers and the ML s IT systems are in general terms for ML business and personal use is a privilege and not a necessity and should be used within reason and not interrupt the daily business in any way. Usage can be easily blocked and any misuse or irresponsible behaviour will result in access being withdrawn permanently. You are authorised only to use facilities made available to you when you log onto the system under your allocated user name. You are not permitted to use, change, or give out yours, or any other person s password or ML systems passwords without the express permission of the System Administrator. Also you must not hack into the ML s website or alter it in any way, unless given authority to do so. If you find that someone has made unauthorised use of your account, you should report this immediately to the System Administrator. All data stored on your PC, the network or any disk should only contain information relating to ML business and should be kept in the strictest of confidence. No copies should be taken of the data, other than for back up purposes. You should take all reasonable precautions to ensure that any disks or printouts of your data are secure from theft or copying. No data of any other description should be present on any of the ML s computer systems, with specific regard to pornographic or obscene material, whether pictorial or descriptive. The computer systems may not be used to acquire, display or distribute any content that may be considered offensive to others, including content of a sexual nature. This content is considered to be any programme, image, document, sound or video clip that can be displayed or heard via the computer. Maintaining logs off our and internet systems is a part of our requirement under legislation to ensure that any third party, such as the Police, who are involved in an investigation, can gain access to our systems. Measures are in place that monitor real time access and individual machines. ML has the right to regularly review the contents of any computer and all use, including internet and traffic. Therefore, all machines will be periodically checked and scanned for unauthorised programs and viruses and may be affected without your knowledge. ML reserves the right to review, audit and disclose all matters contained in all s and attachments to: ML EITPOL Rev3 JAN 2014 Page 3
4 Establishing the existence of facts. Ascertaining compliance with regulatory or self regulatory practices or procedures, rules or codes. Investigating or detecting unauthorised use of the system. Ascertaining and maintaining standards of service and training. Investigating, detecting or preventing crime. Ensuring the effective operation of the system. You should be aware that the deletion of a message or file may not fully eliminate it from the system. Also, you have an obligation under the Data Protection Act (1988) to comply with your responsibilities under this Act and exercise due care when dealing with any personal data. 2. Virus Checking Virus protection and your awareness of virus protection are vital to our day to day ability to operate the ML which is entirely dependent upon its IT structure to operate. A catastrophic failure of the IT structure will potentially render the ML inoperable. Any activity by any individual that contributes to such a potential situation may be subject to disciplinary action. Therefore, all employees are expected to ensure that the anti virus software is up to date and operational at all times to protect the ML s systems. Computer viruses enter network systems by a variety of means, such as: Infected memory sticks Infected CD ROM s Via Internet web browsers Via attachments Attacks from outside if the network has outside connections Attacks from inside ML itself Individual machines can become infected by other machines on the network resulting in particularly virulent strains of a virus eventually infecting the whole system. In severe cases, this can totally destroy the network and cause it to grind to a halt. If you discover a virus at any time you should stop using the computer and notify the System Administrator immediately. You should not save any files that are open, or try to close down your computer as this may cause more damage if a virus is present. a) Memory Sticks Memory sticks are not to be inserted into any drive without first being scanned for viruses. This includes disks with existing data on them and disks that are brought in from home. You may easily have a virus on your machine at home that you don t know about until it is installed on a network. b) CD ROMS As with floppy disks, CD ROMS may easily contain viral material which could be damaging to our network. All CD s must be virus scanned before inserting them into any CD ROM drive on any machine. c) Screen Savers Screen savers are, in fact, executable code the same type of code as a virus. As such, installing a screensaver other than the standard Windows ones can also install a virus along with it. Screensaver ML EITPOL Rev3 JAN 2014 Page 4
5 virus payloads are not around in large numbers at present, but they do exist making them even more dangerous than standard executable code where the user has to physically run the program to execute it. Due to this, screensavers that are not the standard Windows screensavers are not to be installed on any ML machine. It is also possible to install wallpaper to enhance the look of the Windows desktop. This is also dangerous as many virus programs attach themselves to.jpg files. You are asked only to use the standard Windows desktops supplied with the operating system as it is much safer. d) Additional programs Following on from items a) and b), programs are not to be loaded onto any machine by anyone other than by the System Administrator. If a program is deemed to be useful to ML operations, it may be allowed provided it is: Legal Properly license Safe to install This includes any program or routine downloaded from the Internet. Therefore as ML has a defined set of standard software packages that are to be used throughout ML you must only use these standard packages and must not install any non standard software or data, such as games, screen savers, video clips, non work related programmes under any circumstances, unless prior approval by the System Administrator has been given. Any other software additional to the above will be added in agreement with the System Administrator who will ensure the purchase of any necessary software licences. You are also not entitled to make unauthorised copies of any software unless prior approval has been given by the System Administrator. 3. Internet Use You are requested not to download utilities or programs from the Internet as this exposes the relevant machine and subsequent the ML s network to virus attack. Improper use of the internet as listed (although the list is not exhaustive) below is considered Gross Misconduct: Accessing adult/pornographic sites and downloading pornographic or sexually explicit material. Accessing or downloading material that could offend others because of its racist, religious, political, or violent nature, or material deemed to incite hatred, violence or slander towards a specific individual or group. Circulating to other employees or sending externally any of any material as outlined above. Accessing or downloading on line gambling, including games downloading and/or installing unauthorised software. Installing unauthorised software that subsequently destroys part or all of the ML s operating systems. Accessing and using unauthorised internet sites, including chat and social networking sites. Anything that may bring ML or individuals into disrepute. ML EITPOL Rev3 JAN 2014 Page 5
6 4. Whilst ML has a fairly relaxed policy on sending personal , the ML s system is for business purposes and personal s are not to be stored on the ML s system. We also ask that this privilege does not interrupt the daily business in any way. All business s that are sent or copied to individuals outside the ML must be written in a professional manner as they are seen as legal communication and if misused ML can be held liable. Therefore the following list sets out how ML wishes s to be managed professionally (although the list is not exhaustive): You must not send out any personal s that contain any ML information and ensure that s do not compromise ML or any employee in any way. This includes giving details, or the registering, of ML addresses for non business purposes. No s, including attached files, should be sent or forwarded (either externally or internally) which may contain confidential, political, libellous, racist, sexist, defamatory, offensive (which means in the eyes of the person receiving it) obscene, threatening, harassing or otherwise in any other way inappropriate, material. It could mean that you and ML could be held legally responsible. No s, including attached files, should contain information, which is derogatory, defamatory, obscene or inappropriate in nature. Keep language appropriate and professional the test being any can be seen by anyone (including a court or tribunal in the worst case). Always include the name of the recipient as a greeting and an appropriate (standard) signoff. Be reasonably accurate with spelling, grammar and layout, ensuring that you re read it through to ensure accuracy and the spell check is used before sending the out. Check that you are sending the to the right person before sending. No show boating by copying in huge audiences unnecessarily. No expanding of any circulation list other than in exceptional circumstances and where any additions and the reason for their introduction are made clear (i.e. I have copied Mr X in so he can action point xyz). Do not extend the circulation of an internal or trail to external third parties. Do not put anything in an that you would not say to the recipient's face or in an open meeting. Do not forward s with sensitive or private information sent to you personally to others, particularly newsgroup mailing lists, without the permission of the originator. Do not send unnecessary messages such as festive greetings or other non work related items by , particularly to several people, unless required as part of the business. Do not participate in chain or pyramid messages or similar schemes. Do not represent yourself as another person. Do not use any other electronic mail system for ML business. If you receive containing material that is offensive or inappropriate, then you must delete it immediately. Under no circumstances should such be forwarded either internally or externally. Only open s that you know the source of and be very wary of unsolicited s with strange subject headers, as this will avoid the system being infected with a virus that may override the ML s anti virus measures. ML EITPOL Rev3 JAN 2014 Page 6
7 You must also bear in mind that viral payloads are most likely to come from personal sources. Most companies have some form of virus protection so from these sources is generally more secure. However, most home users do not have protection so the probability of receiving viruses from these sources is very much higher. If they have a virus, they may not even realise it and some viruses do not activate immediately. Therefore, be very wary of unsolicited s with strange subject headers, as this will avoid the system being infected with a virus that may override the ML s anti virus measures. Merely knowing someone does not mean that they could not be unwittingly passing you a virus. Security measures are in place to remove suspect executable attachments to messages, but this does not mean that you should be complacent. If you re unsure about an attachment that you have received, do not open it and delete it immediately. 5. Health and Safety with Computers You will be responsible for notifying the System Administrator after the initial 'set up' ensuring your workstation conforms to the Display Screen Equipment Regulations, if you feel that any changes make your workstation non compliant. If you detect any hazard at your workstation, including 'noises' from any equipment, trailing cables and flexes then you should report it immediately to the System Administrator. Also, ML has the duty to ensure that regular appropriate eye and eyesight tests are carried out by a competent person for employees carrying out work using display screen equipment. If you are experiencing visual difficulties you must request an appropriate eye and eyesight test. This test should take account of the nature of your work, including the distance at which the screen is viewed. ML will pay for this test. If special corrective glasses are then prescribed for work with display screens ML will pay up to a maximum cost towards the cost of these glasses provided they are solely to be used for this work. 1.2 TELEPHONES All employees are asked to answer all calls as quickly as possible in a professional and polite manner. ML asks employees to limit incoming and outgoing personal calls to urgent needs only and reserves the right to monitor all personal telephone calls and if it finds that calls are unreasonable may ask you to refund such costs. No calls may be made to premium rate or overseas numbers, without prior authorisation. Please be aware that if you have been provided with a ML mobile and you send a text message that contains racist, sexist, defamatory, offensive (which means in the eyes of the person receiving it), or otherwise inappropriate content, you, and ML could be held legally responsible. If you use your ML or personal mobile to make or receive business related calls, you must not use the mobile phone while driving, and must use voic activated settings, a message service or call diversion and to stop regularly to check messages and return calls. Phones may only be used while driving if you use a hands free device that can be activated and deactivated without holding it in your hand at any time. ML will provide these to all employees who are issued with a company car or van, and you are advised to pull over when the phones rings but only if it is safe to do so. You are prohibited to ever use your phone while driving if the phone has to be held in order to operate it, this is illegal and you will be responsible for any fines received for doing this. ML EITPOL Rev3 JAN 2014 Page 7
Information Security Policy The purpose of this Policy is to describe the procedures and processes in place to ensure the secure and safe use of the federation s network and its resources and to protect
Data Security Policy Member of Staff Responsible ICT Team Author: Sunil Pindoria Dated 03/02/2015 Date of next review 03/02/2016 Page 1 CONTENTS INTRODUCTION... 3 MONITORING... 4 BREACHES... 5 DATA SECURITY...
Poplar Street Primary School ICT Security and Acceptable Use Policy E-Safety policy 2013/14 Working Together Aiming High! 1 Contents 1. Introduction... 3 2. Policy Objectives... 3 3. Application... 3 4.
Information and ICT Security Policy Care Excellence Partnership Updated May 2011 Due for review July 2012 Senior Information Risk Owner (SIRO) P. Tilson I:drive/Policies/Information and ICT Security Status
Policy Document Information and Communication Technology and E-Safety Acceptable Use Policy Mission Statement The school is committed to the use of ICT across the curriculum and to providing all students
Information Technology Policies and Procedures Wakulla County School District March 2014 Table of contents TABLE OF CONTENTS... 1 1.0 OVERVIEW... 2 2.0 PURPOSE... 2 3.0 SCOPE... 2 4.0 ACCEPTABLE USE POLICY...
Tameside Metropolitan Borough Council ICT Security Policy for Schools Adopted by: 1. Introduction 1.1. The purpose of the Policy is to protect the institution s information assets from all threats, whether
Internet Acceptance Use and Data Security Policy Last Updated: 08/10/2012 Date of Next Review: 08/10/2015 Approved by GB: 10/10/2012 Responsible Committee: Student Welfare and Development Internet Acceptable
Jefferson County School District Information Technology Policies and Procedures 575 S. Water Street Monticello, FL 32344 (850) 342-0100 www.jeffersonschooldistrict.org June 2014 Table of Contents 1.0 Overview...
The Archbishop s Seminary Information Security Policy 1 Contents PURPOSE... 4 SCOPE... 4 POLICY STATEMENTS... 5 INFORMATION SECURITY POLICY... 5 THE SCHOOL S RIGHT TO ACCESS ITS PROPERTY... 5 THE SCHOOL
THE LONG EATON SCHOOL ICT Security Policy Rules, expectations and advice for students APPROVED BY GOVERNORS: Student ICT Policy Introduction Educational establishments are using computer facilities more
HIPAA Security Risk Analysis Toolkit In January of 2013, the Department of Health and Human Services Office for Civil Rights (OCR) released a final rule implementing a wide range of HIPAA privacy and security
Version 2.0 This policy maybe updated at anytime (without notice) to ensure changes to the HSE s organisation structure and/or business practices are properly reflected in the policy. Please ensure you
Internet & Cell Phone Usage Policy The Internet usage Policy applies to all Internet & Cell phone users (individuals working for the company, including permanent full-time and part-time employees, contract
Pay Monthly Terms Terms and conditions for the supply of Orange Network Services 1. Definitions The following words and expressions shall have the following meanings: Accessories: Account: Products approved
Redland Christian Migrant Association (RCMA) Internet Security and Safety Policy I. Overview RCMA supports instruction through the use of educational and administrative computers. The responsible use of
Bringing Your Acceptable Use Policy Up to 2013 Standards Bringing Your Acceptable Use Policy Up to 2013 Standards Organizations of all sizes rely on their employees to be good stewards of company time,
Policy Overview Dene Community School of Technology The school provides computers for use by staff as an important tool for teaching, learning, and administration of the school. Use of school computers,
E Safety Policy This e safety policy was approved by the Governing Body on: The implementation of this e safety policy will be monitored by: Monitoring will take place at regular intervals: Reporting to
Delgado Community College Information Technology Security Policy Approved: *November 5, 2010 ) Delgado Community College IT Security Policy Page 2 *November 5, 2010 Table of Contents Title Page 1.0 Introduction
Business Acceptable Use Policy Policy Introduction The following are policies ( these Policies ) for use of Internet access service that is provided by Mediacom to or through any customer under a contract,
Marion County School District Computer Acceptable Use Policy The Marion County School District (MCSD) offers currently enrolled students, faculty and staff access to the school computer network through
Location: The Juilliard School Irene Diamond Building Main Office Room: 248 Phone: 212-799-5000 ext. 7121 Email: firstname.lastname@example.org Website: Information Technology Computer Labs There are two computer
OPEN INTERNET REFERENCE SHEET Table of Contents I. In General... 4 II. Payment Terms... 4 A. In General... 4 B. Payment Method... 6 C. Payment Default... 7 II. Prohibited Uses of the Services; Acceptable
Business Internet Banking Terms and Conditions INTRODUCTION The Customer wishes to use the HSBC s Business Internet Banking Service (the Services as herein defined) provided by the Bank and the Bank is
Computer security guidelines A self assessment guide and checklist for general practice 3rd edition istockphoto.com/marcela Barsse Computer security guidelines A self assessment guide and checklist for