& Internet Policy

Transcription

1 & Internet Policy Use of system and internet services Current Document Status Version V0.2 Approving body Acorn Academy Cornwall Date 11 June 2015 Date of formal approval (if applicable) Responsible officer Executive Principal Review date 01 July 2016 Location Version History Date Version Author/Editor Comments 01 June 2013 V0.1 Emma Tennant Reviewed by Executive Committee 11 June 2015 V0.2 Executive Committee Document retention Document retention period Until superseded

2 & Internet Policy & Internet Policy 2 Introduction 3 Scope 3 Policy statement 3 Policy details Use of and internet facilities 4 Business Use 4 Personal Use 5 Inappropriate use 6 Accidental access to inappropriate material 8 Performance and risk management 8 Communicating this policy 8 Breaches and non-compliance 8 Evaluation and review 8

3 Introduction and the Internet are widely used to help manage and deliver Acorn Academy Trust Cornwall s (the Trust ) services. This and Internet Policy is a sub-policy to the Trust s Information Security Policy and should be read in conjunction with that policy. The Trust has a duty to ensure that information is correctly and professionally managed in the interests of: Confidentiality Integrity Availability Purpose and aim of the policy This Policy explains the correct, appropriate and responsible use of the Trust s system system and the internet. Scope This policy applies to: all employees working at all locations, including those working from home; and employees who connect their personal devices to the Trust s network using approved methods; and other workers (e.g. casual and agency workers, secondees and contractors) who have access to information systems or information used for the Trust s purposes. (together the Users ). This policy shall not apply to schools and users that are not included in the paragraph above. Such Users will need to comply with their own policies on and internet use. Policy statement The Trust encourages Users to make effective use of the system and the internet. Such use must always be lawful and must not compromise the Trust's information and computer systems/networks. Users shall ensure that their use of the system and the internet will not adversely effect the Trust or its business, in particular, damage the Trust or its employees reputations or otherwise violate any of the Trust policies.

4 All Users must read and accept this policy before they use the system and the internet. Policy details Use of and internet facilities Users accept that communications via the Trust s system are not considered secure once they have been externally sent and should therefore not send unencrypted personal or sensitive information externally or over the internet. The Trust s secure system or an approved file sharing site should be used for such purposes. Users accept that communications via the Internet are normally not secure or encrypted and should therefore take particular care when sending potentially sensitive or confidential information over the Internet. Users accept that access to certain websites will be blocked unless a business case has been submitted to and approved by the Trust Board. Users should be vigilant toward fraudulent phishing s which ask them to divulge information such as passwords. Never divulge your password or any other authentication credential no matter who it appears to come from. Do not reply to any such message, please simply delete it. Users should be vigilant toward any unsolicited or unexpected which asks you to click on a web link no matter who it appears to come from. Doing so may introduce a virus or other malicious program into the Trust s network. Always be absolutely sure before clicking any link in an that it is safe and ideally check with the sender. Business Use Use of the Trust s system and internet by Users for Trust business is subject to the following conditions: Users should be aware that messages have the equivalent status in law to written correspondence (e.g. letters and faxes) and will be subject to the same legal implications (e.g. may be required to be disclosed in court). Users must therefore apply the same standards to s as they do to any other written correspondence. Users must never send any credit card or primary account number (PAN) details by any messaging technologies (e.g. , instant messaging, chat etc). If you ever receive any details of this nature they should be deleted. Users must comply with the Data Protection Act 1998 (the Act ) and the Freedom of Information Act 2000 when placing personal data in messages or attachments or newsgroups and on the internet. Users should be aware that copies of s kept for any length of time will almost certainly be personal data within the terms of the Act and as such are retrievable and disclosable documents for the purposes of any

5 legal action. s may be disclosed under Freedom of Information/Data Protection including business related s sent from a personal account. Users must never download software from an attachment or the internet. Users must comply with relevant copyright terms/conditions when copying or downloading material from the internet or from an . Be aware that the action of unauthorised downloading or sharing of copyrighted materials by any means is unlawful, and violators may be subject to criminal or civil action. The use of any unauthorised peer-topeer/file sharing network or websites is therefore prohibited. Users accept that there can be no guarantee of delivery where external networks such as the internet are involved. Where s are addressed externally there is no guarantee that delivery or read receipts will be returned correctly. Users should not send any information externally via without specific agreement from the data owner. Users may join free newsgroups of professional interest or relevant to their work but any subscription services should be approved in writing by an appropriate manager. Users accept and acknowledge that the information contained on the Internet is provided for information only and that Users will rely on it at their own risk. Whilst the Trust accepts that Users may wish to set up their own personal mobile telephones to enable them to view their work account, Users must accept that if they do so that the mobile device in question must have appropriate security set up in the form of regularly updated password protection. The system is not intended to be used by staff to send out mass communications without express permission being sought from the Business Manager. Users accept that the Trust excludes all liability, in so far as permitted by law, against any losses, claims, demands, damages, costs and expenses incurred by the User as a result of relying on information provided via the Internet. Personal Use and the internet are important tools in the management and delivery of the Trust s services and therefore and the internet should generally only be used by Users for this purpose. Users should not use their Trust address to register with or subscribe to any non business related sites or services.

6 Inappropriate use Users should not use the system or internet to abuse or inflame others, or to harass or threaten anyone. Responding to abuse will not be accepted as an excuse for inappropriate language and/or behaviour. Users must not send s that contain obscene, abusive or profane language. Users should contact their line managers in the first instance if they receive abusive or threatening s. Users must not send, access, display, download, copy or circulate any information including stories, jokes or anecdotes which are of the following nature: pornography (including child sexual abuse images) or sexually orientated images; gambling; gaming (playing computer games) unless it is for the purposes of educational learning; that promotes unlawful discrimination of any kind; that promotes racial or religious hatred or violence; involves threats including promotion of violence; material which is fraudulent or otherwise illegal; promotes illegal and unlawful acts; any other information which may reasonably be considered to be offensive, inappropriate or disrespectful to others; and unauthorised copyrighted material including music. Users must not send, access, display, download, copy or circulate any material that breaches the Terrorism Act 2000 and 2006 (to have or share information that could be useful to terrorists, urges people to commit or help with acts of terrorism, glorify or praise terrorism and instructions on how to make weapons, poisons or bombs). The Trust shall report to the police for investigation all known incidents, in which Users are or appear to intentionally send or receive s that contain potentially illegal content, or use the Internet to access websites, newsgroups and online groups that contain the following type of material: images of child abuse (i.e. images where children are or appear to be under the age of 18 and are involved in sexual activities or posed to be sexually provocative); adult material/pornography that breaches sections of part 5 of the Criminal Justice & Immigration Act 2008 (extreme pornography); and

7 criminally racist material. Users must not use anonymous mailing services to conceal their identity, falsify postings to make them appear to originate from someone else, or provide a false address.

8 Accidental access to inappropriate material If inappropriate material is accessed via or the internet accidentally Users should immediately report this to their line manager, so that this can be taken into account as part of the monitoring procedure (as further referred to below in Breaches and non-compliance). Performance and risk management Potential risks will be regularly monitored and evaluated to ensure this policy is kept up to date. The policy must be reviewed 3 months prior to new legislation taking effect. Communicating this policy Any changes to this policy will be communicated throughout the organisation using appropriate communication channels. Breaches and non-compliance The Trust will monitor and internet use by Users to ensure compliance with this Policy. The Trust will use a computer system to copy and report upon all sent and received , in accordance with the Lawful Business Practice Regulations, to ensure compliance with this and other Trust policies and in support of national security and criminal investigations. In this computer system s will be stored for the current year plus one. Any potential misuse of or the internet identified will be reported to the Trust Board. Serious breaches of this policy by Trust employees will amount to gross misconduct and may result in dismissal. Evaluation and review This Policy will be reviewed annually. Authority is delegated the Business Manager to undertake amendments of an administrative nature as are necessary, or to secure continuing compliance with the law.