and Internet Policy

Transcription

1 and Internet Policy Responsible Officer Authors Date effective from July 2008 Ben Bennett, Business Planning & Resources Director Policy Development Group Date last amended December 2012 Review date December 2015 DATE: December 2012 FINAL 1

2 Introduction 1. This policy sets out best practice when using NICE and internet services. It sets out the need for confidentiality, integrity and availability of the internet and systems and establishes both NICE and user responsibilities. 2. This policy is designed to promote reasonable, responsible and lawful use of internet and services and to make staff aware of what NICE deems as acceptable and unacceptable use of these systems. If any staff member disregards the rules set out in this policy, they may be subject to disciplinary action by NICE, which may include dismissal. 3. All accounts maintained on the NICE systems are the property of NICE. Scope 4. This policy applies to those working at or for NICE (collectively referred to in this policy as users ) who have access to and internet via the NICE IT network: all employees (including NICE staff on secondment to other organisations) agency workers and contractors secondees (those who are seconded to NICE from other organisations) with authorised access to the IT network. It is the responsibility of those engaging the contractors to ensure they comply with this policy. Other users with ad hoc access to the network Objective 5. The objectives of this policy are to ensure the protection, confidentiality and availability of NICE s and internet systems. To achieve this objective NICE will: ensure that the internet and systems are available for users (with the exception of pre-determined down-time ); preserve integrity and protect the internet and systems from unauthorized or accidental modification; preserve confidentiality and protect NICE s information assets against unauthorised disclosure; raise awareness amongst users to ensure they are aware of policies, protocols, procedures and legal obligations relating to the use of the Internet and ; protect the reputation of NICE from the misuse of and internet systems through the effective implementation and monitoring of this policy. DATE: December 2012 FINAL 2

3 Advise users of the circumstances in which monitoring of and internet use may take place that might otherwise infringe on their privacy. General 6. Desktop and internet access will be made available to all users via NICE s IT network. At all times users should abide by relevant sections of the Information Technology Policy and Procedure dealing with password controls and viruses and ensure that all passwords are kept secure. 7. Sensitive personal data as defined in the Data Protection Policy must never be included in an message that is sent over the internet unless it is password protected. 8. Although may appear to be an informal communication tool, this is not the case and the same laws apply as for other written communications, for example in relation to contracts or copyright (see appendix 1 for definitions). Users should be aware that it is possible to enter into legally binding contracts via . Users should ensure they are aware of the legal risks and take advice from the procurement team when in doubt. 9. External s include the following disclaimer: The information contained in this message and any attachments is intended for the addressee(s) only. If you are not the addressee, you may not disclose, reproduce or distribute this message. If you have received this message in error, please advise the sender and delete it from your system. Any personal data sent in reply to this message will be used in accordance with provisions of the Data Protection Act 1998 and for the purposes of NICE work. All messages sent by NICE are checked for viruses, but we recommend that you carry out your own checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses. 10. All s are potentially disclosable under the Freedom of Information Act and internet usage 11. When using the NICE system and internet, users must not: Create, download or transmit any obscene or indecent images, DATE: December 2012 FINAL 3

4 data or other material, or any data capable of being resolved into obscene or indecent images or material collectively defined as pornography. Staff and/or the Institute can be prosecuted or held liable for transmitting or downloading pornographic material, in the UK.. Create, download or transmit any defamatory, sexist, racist, offensive or otherwise unlawful images, data or other material. Create, download or transmit material that is designed to harass, bully, inconvenience or cause needless anxiety to other people. Create or transmit junk-mail or spam. This means unsolicited commercial webmail, chain letters, advertisements, jokes and executables 1 (i.e. files designed to load software). All such material should be deleted. Use the internet or systems to conduct private or freelance business for the purpose of commercial gain. Create, download or transmit data or material that is created for the purpose of corrupting or destroying NICE or external data systems or hardware. Download videos, video clips or audio for entertainment purposes. Impersonate any other person or organisation when using amend messages inappropriately. Unlawfully send confidential information, for which the sender and NICE could be held liable. Deliberately send an attachment that contains a virus, for which the sender and NICE could be held liable. Engage or sign up to bulletin boards or chat rooms that are not associated directly with their work. Where access is granted for work purposes only, such access should not be used to engage in messaging or blogging not directly associated with NICE work or create or transmit any obscene or indecent images, defamatory, sexist, racist or offensive material or material that is designed to harass, bully or inconvenience or cause needless anxiety to other 1 An executable file is a file that performs a set of actions on a computer, such as a word processor or calculator, the files usually end in.exe.com.cmd.bat.shs.vbs.js.msi DATE: December 2012 FINAL 4

5 people. Use the or internet to engage in gambling. 12. Definitions of the categories where problems with the use of and the Internet may occur are given in appendix The NICE internet system is available to staff to enable them to do their job. Staff may use the internet for personal use during non-core hours to access appropriate websites not otherwise restricted. 14. NICE uses software to prevent staff visiting sites that are deemed to be inappropriate (including social networking sites). If there is a good business reason why a staff member needs permanent or temporary access to a specific blocked site or category of sites, this can be granted once approval from their director is obtained. Monitoring 15. traffic to and from NICE addresses are logged automatically by the IT department. The content of s is routinely monitored to identify potential pornographic content, but not for other purposes. NICE reserves the right to view message content where there are reasonable grounds to do so and to retain message content as required to meet legal and statutory obligations. This also applies to Office Communicator messages where they have been saved in Outlook by the user. 16. All internet traffic is logged automatically. Each internet site a user visits is included in the log, with the time visited and duration of the visit. Pages viewed by the user may also be logged. These logs are audited periodically including details of time spent and websites visited by individuals. Inappropriate patterns of web access (for example browsing holiday websites during core working hours) may be identified by the IT Department. If this raises concerns these may be discussed with the individual and/or their line manager to ensure internet usage complies with this policy. 17. Access to web sites hosting systems is logged but the content is not viewed or monitored by NICE. 18. Monitoring may take place at any time and without prior notice and is carried out in accordance with the Data Protection Act 1998, the Human Rights Act 1998 and the Regulation of Investigatory Powers Act DATE: December 2012 FINAL 5

6 19. Any suspected breaches of this policy will be investigated and may result in disciplinary action in accordance with the NICE Disciplinary Policy and Procedure. Breaches may also result in referral to the Local Counter Fraud Specialist for their investigation and action. Privacy 20. NICE respects the privacy of users in the use of and internet systems in accordance with NICE policies and relevant legislation. The Data Protection Act 1998 gives a code of practice for employers on monitoring of s and Human Rights Act 1998 provides details about privacy rights including the right to respect for private and family life, home and correspondence Reasonable use of NICE and internet access for personal use during non-core working time is permitted where this does not interfere with the performance of staff duties. 21. Notwithstanding this, users of NICE and internet systems should be aware that these systems are operated by NICE and any NICE box can be accessed by NICE without the user s consent where there are reasonable grounds for doing so, for example to prevent or detect fraud or misuse of NICE systems. 22. All staff leaving NICE employment should review the information they hold in their U drives or personal mailboxes. In particular, any private or personal information should be deleted from the IT network. 23. Any information remaining in U drives or personal folders after the user has left NICE, including personal data, may be viewed by other members of NICE staff prior to its review or deletion in accordance with NICE policies. Appendix The following section outlines the definitions of the categories where problems with the use of and the Internet may occur. 25. Defamation - A published (spoken or written) statement or series or statements that affects the reputation of a person (a person can be a human being or an organisation) and exposes them to hatred, ridicule or contempt, being shunned or avoided, discredited in their trade, business, office or profession, or pecuniary loss. If the statement is not true, then it is considered slanderous or libelous and the person towards whom it is made has redress in law. messages, both internal and external, constitute publication in libel cases and particular care should be DATE: December 2012 FINAL 6

7 taken not to include any libellous or defamatory content in s. 26. Harassment - unwanted conduct which is intended to, or which creates the effect of violating a person's dignity or creates an intimidating, hostile, degrading, humiliating or offensive environment for that person. 27. Pornography - for the purposes of this policy, pornography is regarded as obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material. This includes the description or depiction of sexual acts, naked people or any other act or image which is designed to be sexually exciting. NICE will not tolerate its facilities being used for this type of material and considers such behaviour to constitute a serious disciplinary offence. 28. Copyright is a term used to describe the rights under law that people have to protect original work they have created. The original work can be a computer program, document, graphic, film or sound recording, for example. Copyright protects the work to ensure no-one else can copy, alter or use the work without the express permission of the owner. Copyright is sometimes indicated in a piece of work by this symbol However, it does not have to be displayed under British law. So a lack of symbol does not indicate a lack of copyright. 29. All material generated as part of your work at NICE under your contract of employment is deemed to be NICE copyright material unless there is an explicit agreement to the contrary. 30. NICE is covered by the Copyright Licensing Agency s photocopy licence which authorises ad hoc and systematic photocopying from published material to be carried out by NHS personnel for their own use and for use by colleagues and peers. Guidance is provided to all staff on the limitations of this licence Contracts A contract is a legally enforceable agreement in which two or more people or organisations commit to certain obligations in return for certain rights. Contracts do not necessarily need to be signed to be enforced and they can be inadvertently entered into via . 2 A summary of the photocopying licensing terms for the NHS, published by the Copyright Licensing Agency, is posted above each of the Institute s photocopiers. DATE: December 2012 FINAL 7

8 Related policies Data Protection Policy Freedom of Information Policy Disciplinary Policy and Procedure Equality and Diversity Policy Bullying, Harassment and Victimisation Policy and Procedure Information Technology Policy Review This policy will be reviewed every three years. This policy has been developed in conjunction with NICE s Policy Development Group DATE: December 2012 FINAL 8

9 Appendix A - Version Control Sheet Version Date Author Replaces Comment 2 29 Sept 2011 Julian Lewis and Internet Policy 2005 Barney Wilkinson DATE: December 2012 FINAL 9