Information Technology Acceptable Use Policy

Similar documents
FRESNO COUNTY EMPLOYEES' RETIREMENT ASSOCIATION INTERNET AND USAGE POLICY

ICT Student Usage Policy

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & POLICY AND CODE

Policies Concerning the use of Computers

How To Protect Your Privacy On The Emm Recipe Cards

Human Resources Policy and Procedure Manual

The City reserves the right to inspect any and all files stored in private areas of the network in order to assure compliance.

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

POLICY: INTERNET AND ELECTRONIC COMMUNICATION # 406. APPROVAL/REVISION EFFECTIVE REVIEW DATE: March 2, 2009 DATE: March 10, 1009 DATE: March 2014

APPROPRIATE USE OF INFORMATION TECHNOLOGY SYSTEMS INFRASTRUCTURE RESOURCES

Information Security and Electronic Communications Acceptable Use Policy (AUP)

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

Delaware State University Policy

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

13. Acceptable Use Policy

Bates Technical College. Information Technology Acceptable Use Policy

ICT POLICY AND PROCEDURE

ACCEPTABLE USE POLICY

Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy

section 15 Computers, , Internet, and Communications

United Tribes Technical College Acceptable Use Policies for United Tribes Computer System

ITU Computer Network, Internet Access & policy ( Network Access Policy )

Forrestville Valley School District #221

Internet Acceptable Use Policy

Medford Public Schools Medford, Massachusetts. Software Policy Approved by School Committee

Acceptable Use of ICT Policy For Staff

B. Privacy. Users have no expectation of privacy in their use of the CPS Network and Computer Resources.

City of Venice Information Technology Usage Policy

Virginia Commonwealth University Police Department

State of Michigan Department of Technology, Management & Budget. Acceptable Use of Information Technology (former Ad Guide 1460.

BROADALBIN-PERTH CENTRAL SCHOOL ADOPTED 1/22/00 3 RD READING AND ADOPTION 5/21/12. Employee Computer Use Agreement. Terms and Conditions

How To Monitor The Internet In Idaho

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

5. Users of ITS are the persons described above under Policy Application of the diocese of Springfield in Illinois.

Pierce County Policy on Computer Use and Information Systems

Human Resources Policies and Procedures

1. Computer and Technology Use, Cell Phones Information Technology Policy

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

UNIVERSITY GUIDEBOOK. Title of Policy: Acceptable Use of University Technology Resources

Acceptable Use Policy

Computer Network & Internet Acceptable Usage Policy. Version 2.0

INTERNET ACCEPTABLE USE POLICY

Acceptable Use Policy

USE OF INFORMATION TECHNOLOGY FACILITIES

ELECTRONIC COMMUNICATION & INFORMATION SYSTEMS POLICY

Internet Use Policy and Code of Conduct

AVON OLD FARMS SCHOOL COMPUTER AND NETWORK ACCEPTABLE USE POLICY

Acceptable Use Policy

INTERNET, USE AND

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure

Acceptable Use Policy

SUBJECT: INFORMATION TECHNOLOGY RESOURCES I. PURPOSE

Data Protection Division Guidance Note Number 10/08

City of Grand Rapids ADMINISTRATIVE POLICY

LINCOLN UNIVERSITY. Approved by President and Active. 1. Purpose of Policy

BRIGHAM AND WOMEN S HOSPITAL

COLLINS CONSULTING, Inc.

Department of Finance and Administration Telephone and Information Technology Resources Policy and Procedures March 2007

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

Odessa College Use of Computer Resources Policy Policy Date: November 2010

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE IT RESOURCES POLICY

DEPARTMENT OF MENTAL HEALTH POLICY/PROCEDURE

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY

Commonwealth Office of Technology

Policy # Related Policies: Computer, Electronic Communications, and Internet Usage Policy

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

CORPORATE. Tab Authority Subject Related Policies POLICY STATEMENT PURPOSE

c. Require or Request Photos of Subscriber f. Allow Subscribers Access to Other Subscriber Information

Ventura Charter School of Arts & Global Education Board Policy for Acceptable Use and Internet Safety

DIOCESE OF DALLAS. Computer Internet Policy

BLOOMFIELD COLLEGE ACCEPTABLE USE POLICY

Angard Acceptable Use Policy

Sample Policies for Internet Use, and Computer Screensavers

REVIEWED BY Q&S COMMITTEE ON THE 4 TH JUNE Social Media Policy

ELECTRONIC COMMUNICATIONS: / INTERNET POLICY

Acceptable Use of Information. and Communication Systems Policy

How To Use A College Computer System Safely

Appendix I. The City University of New York Policy on Acceptable Use of Computer Resources

Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:

INFORMATION SYSTEM GENERAL USAGE POLICY

& Internet Policy

MAINE COMMUNITY COLLEGE SYSTEM. SUBJECT: COMPUTER AND NETWORK USE PURPOSE: To promote the responsible use of college and System computers and networks

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

Use of the Internet and Policy

Acceptable Use of Information Systems Standard. Guidance for all staff

'Namgis First Nation. 1.0 Overview. 2.0 Purpose. 3.0 Scope. 4.0 Policy

UNESCO-IHE Code of Conduct regarding Information Technology (IT)

Conditions of Use. Communications and IT Facilities

IM&T POLICY & PROCEDURE (IM&TPP 01) Anti-Virus Policy. Notification of Policy Release: Distribution by Communication Managers

U.S. Chemical Safety and Hazard Investigation Board

Acceptable Use of Information Technology (IT) Resources

Technology Department 1350 Main Street Cambria, CA 93428

THE RICE MARKETING BOARD FOR THE STATE OF NEW SOUTH WALES RESPONSIBLE COMPUTING POLICY

Niagara County Community College

51 JS-R STUDENT USE OF INFORMATION TECHNOLOGY RESOURCES

VICTOR VALLEY COMMUNITY COLLEGE DISTRICT ADMINISTRATIVE PROCEDURE. Computer Use - Computer and Electronic Communication Systems.

Dauphin County Technical School

CT Communications Internet Handbook

REGION 19 HEAD START. Acceptable Use Policy

Transcription:

.......... Information Technology Acceptable Use Policy (IT Resources, Email and Internet) Version 1.2 October, 2002

Contents OVERVIEW 4 IT RESOURCES USAGE POLICY 4 1. Trust Property 4 2. Inappropriate Use 5 3. Identification Codes and /Log-ons 5 EMAIL USAGE POLICY 6 1 Granting of access 6 1.1 New User of Email 6 1.2 External Email 6 1.3 Sensitive Patient Data 7 2 Trust Access to Emails 7 3 Personal Use of Email 8 4 Misuse of Email 8 5 Termination of Email Accounts 9 INTERNET USAGE POLICY 9 1 Overview 9 2 Purpose of the Internet Usage Policy 10 DETAILED INTERNET POLICY PROVISIONS 10 3 General 10 4 Technical 13 5 Security 14 Policy Compliance 14 Glossary of Terms 14 Covered Individuals 15 Related Policies and Legislation 15 Circulation List For approval/amendment Trust Executive IT Technical Services Team Leader Chair Intranet Steering Group Distribution Internet users Email Users All Users of Trust IT Equipment Bill Gordon 01.10.02 Page 2 of 15 Version 5.0

Document Revisions Date Version State Nature of Change 1 st July 2000 2.0 Draft 10 th August 2000 2.1 Draft Amendments 22 nd November 2000 3.0 Final Draft Amendments 13 th November 2001 4.0 Final Release Updates Authors: Chris Allen Customer Services Manager Bill Gordon Assistant Director Bill Gordon 01.10.02 Page 3 of 15 Version 5.0

Overview ACCEPTABLE USE POLICY (Including Information Technology Resources, Internet and Email Use) This policy defines appropriate use of the Trust's IT systems and resources so that: (1) productivity levels are not reduced due to non business-related use of the Trust's systems, equipment and infrastructure; (2) the Trust is not exposed to unnecessary risk by individuals accessing non business-related Internet sites or sending inappropriate communications via electronic mail, or by a breach in security, which could result in unauthorized access to the Trust's business and patient information; and (3) individuals in our workplace are not exposed to inappropriate images or communications. The Trust will monitor use of it s computer resources and, if appropriate, review individual usage patterns. Non-compliance with the Trust's policy may result in disciplinary action, up to and including the termination of an individual's employment, as per the Trust s already established disciplinary procedures. IT RESOURCES USAGE POLICY The Trust's has made considerable investments in Information Technology resources, necessary to operate effectively in today s marketplace. Use of this technology comes with responsibilities that have security, compliance, productivity and ethical implications: The following policy addresses three areas: Trust property, inappropriate use, and identification codes/logons. 1. Trust Property The Trust's Information Technology resources are intended solely for use in conducting Trust business and may not be used for non business-related purposes; including non business-related communications (see email policy personal email). All emails, files and documents that are composed, stored or transmitted, over our internal and external networks, are the property of The Trust and will be monitored at the Trust's discretion. Bill Gordon 01.10.02 Page 4 of 15 Version 5.0

Similarly, the movement of all Trust IT equipment must be done in accordance with the Trust IT procurement and movement policy. (This also gives guidance on the purchase and installation of hardware and software onto Trust PC s including licensing, ownership of software, and registration of all newly purchased IT equipment with the IT Directorate.) 2. Inappropriate Use The Trust's information technology resources should not be used to create documents, transmit messages or access Internet sites that: - disparage individuals on the basis of race, color, religion, gender, national origin, citizenship, age, marital status, disability or sexual orientation; - are not consistent with, or violate the Trust's Staff Support Policies (inc. Equal Employment Opportunity policy) or any other policy contained in the Trust's Code of Conduct; or - are not consistent with or violate any other Trust policies. - The viewing, downloading, transmitting or accessing of sexually oriented material or offensive speech is strictly prohibited. The Trust's IT resources may not be used: - for personal gain or profit; - to establish a personal public presence (i.e., "Web Sites") on the Trust's systems; or - for non business-related purposes. Electronic communications should comply with all applicable laws and regulations, including laws :- - governing the import and export of technology, software and data; - restricting the use of telecommunications technology and encryption; - governing the transmission of private data; - governing the content and supervision of communications with the public; and - relating to the protection of copyrights, trademarks and trade secrets. No employee may knowingly infect the Trust IT facilities to propagate any virus, worm, Trojan horse, or trap-door program code. All due care must be taken to prevent the accidental infection of the aforementioned code. This includes scanning of disks brought into the Trust from elsewhere or disabling the installed Anti-Virus software whether on email or desktop. All PC s connected to the Trust network must have the Trust s approved Anti-Virus software installed and activated. 3. Identification Codes and /Log-ons All individuals who have been allocated network and/or system access are required to: Bill Gordon 01.10.02 Page 5 of 15 Version 5.0

- ensure the integrity and confidentiality of their unique user identification codes and passwords. Any suspected breach or suspected security threat to the Trust's systems should be reported immediately to the Information Systems department or the Trust Security Officer ; - prevent access to unauthorized users when leaving systems unattended, including use of password protected screensavers where appropriate; and - comply with all of the security mechanisms on the Internet, such as logon controls or fire-wall barriers. See also the Trust Security Policy for further details and regulations on System Security 1 Granting of access 1.1 New User of Email EMAIL USAGE POLICY All requests for new Email accounts need to be requested using the appropriate application form (Appendix A.1) This form will need to be authorized by the Users Line Manager. The User will collect the relevant passwords from the IT Customer Services Helpdesk, including copies of this Email policy and training documentation. Upon collection the user will need to sign the User Agreement form to confirm their agreement with this Email Policy. 1.2 External Email With effect from implementation of this policy, the ability to send and receive email, from and to external organizations will, on request, be given to all new email accounts at no extra charge. The user or users manager will complete the application to indicate whether the account is to be for internal email only or to include the external facility. Upon receipt of the request form, the account will be set up within the time frame specified by the relevant Service Level Agreement and the user notified of account details, and referred again to the Trust Email & Acceptable Use Policy. The Information System Department may need to restrict the use of External Email, should there be an increased risk of Virus infections. All users would be notified of Bill Gordon 01.10.02 Page 6 of 15 Version 5.0

this and in exceptional one-off circumstances arrange for alternative methods of email receipt for urgent business purposes. All external Emails are to be suffixed with the following text message, as approved by the Trust s Legal Services Department:- This e-mail is confidential and may well also be legally privileged. If you have received it in error, you are on notice of its status. Please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person: to do so could be a breach of confidence. Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of the Trust. Thank you for your co-operation. Access to Email both Internal and External is at the user s line manager discretion at all times. 1.3 Sensitive Patient Data 1.3.1 Emails containing sensitive Trust data, as defined by existing data security policy e.g. patient data, are deemed to be secure as long as the recipient is also on the NHSnet (i.e. has a nhs.uk suffix on the email address). Any Data such as this should not be sent outside of the NHSnet unless encrypted. Even if a patient authorizes email of data to themselves this also is not acceptable unless encrypted. 1.3.2 These emails should also be marked as confidential via the email security flag, which will ensure that any delegated recipients other that the directly addressed recipient, will not be able to read the email if forwarded. 2 Trust Access to Emails The Trust reserves the right to retrieve the contents of an email for legitimate reasons, such as to find lost messages, to comply with investigations of wrongful acts or misuse, or to recover from system failure. The monitoring of individual communications, is limited to investigations that have been authorized by the Chief Executive, Director of Information Systems or Director of Human Resources, or as may be required to meet requirements of a Court of Law. The Trust has Email content analyzing software, which alerts the IT department to inappropriate language within emails. The author will be promptly notified after the event that Emails have been accessed, and the reasons why this has happened. In the case of investigations of wrongdoing, notification will take place upon completion of the investigation. Users of the email system should also note that deletion of an email from a mailbox does not guarantee that the message has been fully erased. Only the tag that identifies the file is erased and therefore all emails written should be taken to be permanent. Bill Gordon 01.10.02 Page 7 of 15 Version 5.0

3 Personal Use of Email Personal use of E-mail by Trust employees is allowable but should be minimized and not interfere with, or conflict with business use. Employees should exercise good judgment regarding the reasonableness of personal use. Personal notices not relating to Trust business (i.e. "for sale", "for rent", "looking to buy", etc.) should be placed on the Intranet message Board, and not on the email system. Use of E-mail is limited to employees and authorised temporary staff, or contractors. Employees and authorised users are responsible for maintaining the security of their account and their password. 4 Misuse of Email Examples of misuse of email includes the following: the transmission of obscene, profane or offensive material over any Trust communication system. This includes, for example, erotic & pornographic materials and obscene language, which is monitored by the Internet Message Inspector. Messages, jokes, or forms which violate the Trust harassment or discrimination policy or create an intimidating or hostile work environment are prohibited. Use of company communications systems to set up personal businesses or send chain letters is prohibited. Trust confidential messages should be distributed to Trust personnel only. Forwarding to locations outside is prohibited, unless authorized or required within the confines of the NHS. Accessing copyrighted information in a way that violates the copyright is prohibited. Breaking into the Email system or unauthorized use of a password/mailbox is prohibited. Broadcasting unsolicited personal views on social, political, religious or other non-business related matters is prohibited. Solicitation to buy or sell goods or services or using the network for commercial purposes is prohibited. 4.1 Statements of Facts Untrue Statements of facts, which damage the reputation of the person or company, are considered libelous. These need not be insulting but may be that another organization is in financial difficulty), or Bill Gordon 01.10.02 Page 8 of 15 Version 5.0

unprofessional in their conduct can be libelous statements. (e.g. Western Provident Association v Norwich Union 1999, resulted in settlement of over 450k for libelous statements. Users of the email systems must also take great care in what is said in an email message, so that binding contracts are not inadvertently agreed upon, as an email can be used as a legally binding document as in paper correspondence. 4.2 Email Restrictions - The Information Systems Directorate reserve the right to prohibit and block, email attachments of certain types i.e. video, Exe files, as these are commonly game type files and also pose a greater risk to the organization of infection by viruses etc. File sizes may also be limited at the discretion on the Technical Services Department, as large files can impact on the efficient operation of the Trust or NHS network. 5 Termination of Email Accounts 5.1 There is a security risk of staff who leave the trust abusing the Trust s email system. Therefore arrangements have been made with the Human Resource Department to provide list of leavers each month. For each leaver. Email access and their Network log-on will be disabled for a period of 1 month from the notification of their departure. This provides a safeguard against accidental deletion. After one month the account will be permanently deleted. 5.2 Any email account that has not been accessed for 3 months, will be suspended and the user s manager will be given 1 month notice of the deletion of that account. 5.3 When members of staff leave the Trust, his or her personal email account will be deleted and access cannot be granted to that account to anyone. It must not be assumed when an individual leaves the Trust, that their account can continue to be used and accessed by other people. The only exception to this is where an account is set under a department name e.g. legalservices@chelwest.nhs.uk or craniofacial@chelwest.nhs.uk. This account may be accessed by another person in that department under the authorisation of the Department Head. The day-to-day users of that account are to be made aware of this situation, when the access is granted. 1 Overview INTERNET USAGE POLICY The Trust provides access to Internet to help staff perform their job and be well informed. This Internet usage policy is designed to help users understand the Trust s expectations for the proper use of these Internet access facilities. Bill Gordon 01.10.02 Page 9 of 15 Version 5.0

2 Purpose of the Internet Usage Policy 2.1 Appropriate Use - The Internet is a business tool, provided at significant cost and staff should use the Internet only for Business/Trust related purposes, i.e., to communicate with colleagues and suppliers, to research relevant topics and obtain and disseminate useful business & clinical information. 2.2 Conduct Users should conduct themselves professionally on the Internet, and respect the copyrights, software licensing rules, property rights, privacy and prerogatives of others, just as in any other business dealings. All existing Trust policies on staff conduct still apply to conduct on the Internet, especially (but not exclusively) those that deal with intellectual property protection, privacy, misuse of Trust resources, sexual harassment, information and data security, and confidentiality. Unnecessary or unauthorized Internet usage causes network and server congestion. It slows other users, takes away from work time, consumes supplies, and ties up printers and other shared resources. Unlawful Internet usage may also garner negative publicity for the Trust and risk exposure to significant legal liabilities. 2.3 Trust Corporate Image - The newsgroups and e-mail on the Internet give each individual Internet user an immense and unprecedented ability to propagate Trust messages. Because of that power we must take special care to maintain the clarity, consistency and integrity of the Trust s corporate image and posture. Anything that an employee writes in the course of acting for the Trust on the Internet could be taken as representing the Trust s corporate posture. That is why we expect users to forego a measure of their individual freedom when they participate in chats or newsgroups on Trust time, as outlined below. 2.4 Security - While our connection to the Internet brings enormous potential benefits, it can also open the door to some significant risks to our data (clinical & financial) and systems if we do not follow appropriate security discipline. As presented in greater detail below, that may mean preventing machines with sensitive data or applications from connecting to the Internet entirely, or it may mean that certain users must be prevented from using certain Internet features like file transfers. The overriding principle is that security is to be everyone s first concern. Trust employees can be held accountable for breaches of security or confidentiality. DETAILED INTERNET POLICY PROVISIONS 3 General 3.1 The Trust has software and systems in place that monitor and record all Internet usage. Our security systems are capable of recording (for each and every user) each World Wide Web site visit, newsgroup or e-mail message, and each file transfer into and out of our internal networks, and we reserve the right to do so at any time. No employee should have any expectation of complete privacy as to his or her Internet usage. Bill Gordon 01.10.02 Page 10 of 15 Version 5.0

The Information Systems Directorate will review Internet activity and analyze usage patterns, and may choose to disclose this data to assure that Trust Internet resources are devoted to maintaining the highest levels of productivity. The Trust has installed Internet Content Analysing Software. This software has several useful functions, to assist in managing the usage of the Internet within the Trust. i) Prohibit undesirable sites - Key words e.g. those of an adult or frivolous nature (nude, xxx, games etc) can be defined within the software and thus sites containing these words are blocked. ii) iii) Surf Time statistics Reports will be run routinely detailing the usage time of each user or workstation. Excessive time spent on line by a particular user can be identified and corrective measures taken. This will also identify potential misuse of the password, where an ID may be shared with other members of staff to use the World Wide Web. Sites Visited reports will be run of sites visited by users, and the most frequently visited sites. A list of web links will be provided on the NHSweb access page of the most frequent or most relevant sites to the Trust personnel e.g. Medline or Cochrane. 3.2. We reserve the right to inspect files stored on PC s or servers connected to the Trust network in order to assure compliance with policy. 3.3 The display of any kind of sexually explicit graphical image or text document on any Trust system is a violation of the Trust policy on sexual harassment. In addition, sexually explicit material may not be archived, stored, distributed, edited or recorded using any device connected to the Trust s network. 3.4 The Trust uses independently supplied software to identify inappropriate or sexually explicit Internet sites. Access will be blocked from within our networks to all such sites that we know of (see i above). If you find yourself inadvertently connected to a site that contains sexually explicit or offensive material, you must disconnect from that site immediately, regardless of whether that site had been previously deemed acceptable by any screening or rating program and report the incident to the ISSD Helpdesk. 3.5. The Trust s Internet facilities and computing resources must not be used to violate any laws of the EU or UK. Use of any Trust resources for illegal activity is deemed to be gross misconduct in accordance with Trust Human Resources policy and thus may be grounds for immediate dismissal. The Trust will cooperate with a Court of Law with regard to compliance to this policy. 3.6. Any software or files downloaded via the Internet into the Trust network become the property of the Trust. Any such files or software may be used only in ways that are consistent with their licenses or copyrights and with Trust business 3.7. No employee may use Trust facilities to download or distribute pirated software or data. Bill Gordon 01.10.02 Page 11 of 15 Version 5.0

3.8. No employee may use the Trust s Internet facilities to knowingly expose the Trust to risk of any virus, worm, Trojan horse, or trap-door program code. 3.9. No employee may use the Trust s Internet facilities to disable or overload any computer system or network, or to circumvent any system intended to protect the privacy or security of another user. 3.10. Each employee using the Internet facilities of the Trust shall identify himself or herself honestly, accurately and completely (including one s Trust affiliation and function where requested) when participating in business related chats or newsgroups, or when setting up accounts on outside computer systems. 3.11 No Employee should set up a personal or departmental web presence, which pertains to be officially sanctioned by the Trust, or representing the Trust in a official capacity, without consultation of the Trust Website Editorial committee. Likewise use of the Trust or NHS logo should not be used without approval of the Trust Corporate Communication department. 3.12. Only those employees or officials who are authorized to speak to the media, to news analysts or at public gatherings on behalf of the Trust may speak/write in the name of the Trust to any newsgroup or chat room. Other employees may participate in newsgroups or chats in the course of business when relevant to their duties, but they do so as individuals speaking only for themselves. Where an individual participant is identified as an employee or agent of the Trust, the employee must refrain from any political advocacy and must refrain from the unauthorized endorsement or appearance of endorsement by the Trust of any commercial product or service not provided by the Trust. Only those managers and Trust officials who are authorized to speak to the media, to news analysts or in public gatherings on behalf of the Trust may grant such authority to news-groups or chat room participants. 3.13. The Trust retains the copyright to any material posted to any forum, newsgroup, chat or World Wide Web page by any employee in the course of his or her duties. 3.14. Employees are reminded that chats and newsgroups are public forums where it is inappropriate to reveal confidential Trust information, identifiable patient data, trade secrets, and any other material covered by Trust confidentiality policies and procedures. Employees releasing such confidential information via a newsgroup or chat whether or not the release is inadvertent will be subject to the sanctions provided in Trust policies and procedures. 3.15. Use of Trust Internet access facilities to commit infractions such as misuse of Trust assets or resources, sexual harassment, unauthorized public speaking and misappropriation of intellectual property are prohibited and will be sanctioned under the relevant provisions of the Human Resources Policies. 3.16. Because a wide variety of materials may be considered offensive by colleagues, customers or suppliers, it is a violation of Trust policy to store, view, print or redistribute any document or graphic file that is not directly related to the user s job or the Trust s business activities. Bill Gordon 01.10.02 Page 12 of 15 Version 5.0

3.17. In the interest of keeping employees well informed, use of news briefing or Email discussion groups or mailing lists services like Topica are acceptable, within limits that may be set by each directorate s management team, or as advised by the information systems department. 3.18. Employees with Internet access may download only software with direct business use, and must arrange to have such software properly licensed and registered. Downloaded software must be used only under the terms of its license and installation of this software on Trust equipment must be authorised by the IT department. 3.19. Employees with Internet access may not use Trust Internet facilities to download entertainment software or games, or to play games against other opponent. 3.20. Employees with Internet access may not use Trust Internet facilities to download images, music or videos unless there is an express business-related use for the material. 3.21. Employees with Internet access may not upload any software licensed to the Trust or data owned or licensed by the Trust without the express written authorization of the software supplier or manager responsible for the software or data. 4 Technical 4.1. Network User IDs and passwords help maintain individual accountability for Internet resource usage. As always, users must keep that password confidential. Trust policy prohibits the sharing of user IDs or passwords assigned for access to Internet sites. After use Users must log out of the PC s or Internet Browser where they have been accessing the Internet. Users will be held responsible for misuse of the Internet facilities undertaken with their user ID and password. 4.2. Employees should schedule communications-intensive operations such as large files transfers, video downloads, mass e-mailings and the like for off-peak times. 4.3. Any file that is downloaded must be scanned for viruses before it is run or accessed. 5 Security 5.1.As part of the Trust connection to NHSnet, the Trust has installed an Internet firewall to assure the safety and security of the Trust s networks. Any employee who attempts to disable, defeat or circumvent any Trust security facility will be subject to misconduct proceedings under the Trust Human Resources disciplinary policies. Bill Gordon 01.10.02 Page 13 of 15 Version 5.0

5.2. Files containing sensitive Trust data, as defined by existing corporate data security policy e.g. patient identifiable data, that are transferred in any way across the Internet, outside of the NHSnet must be encrypted. 5.3. Only those Internet services and functions with documented business purposes for the Trust will be enabled at the Internet firewall. Policy Compliance The Trust's equipment, email and Internet access facilities by the Information Systems Directorate s to determine whether their use is in accordance with this policy, and to investigate claims of wrongdoing and inappropriate use. All employees are responsible for ensuring adherence to these policies and for taking appropriate steps, including notifying their manager or their business unit Human Resources Department, if they believe that a violation of this policy has occurred. Violations of this Policy on Appropriate Use of the Trust's Information Technology may result in disciplinary action, up to and including the possible termination of an individual's employment as per the Trust s Disciplinary Policy and Procedures. Glossary of Terms Certain terms in this policy should be understood expansively to include related concepts:- Trust includes our affiliates and subsidiaries, Document covers any kind of file that can be read on a computer screen as if it were a printed page, including HTML files read in an Internet browser, any file meant to be accessed by a word processing or desk-top publishing program or its viewer, (including Microsoft Office Documents) or the files prepared for the Adobe Acrobat reader and other electronic publishing tools. Graphics includes photographs, pictures, animations, movies, or drawings. Display includes monitors, flat-panel active or passive matrix displays, monochrome LCDs, projectors, televisions and virtual-reality tools. Technology - includes, but is not limited to, all of the Trust s processing hardware (mainframe, servers and desk top computers), software (applications that support business processes, operating Systems, utility software), networks and networking applications, PDAs, phone systems, voice mail, electronic mail, facsimile machines), and data systems. Bill Gordon 01.10.02 Page 14 of 15 Version 5.0

Covered Individuals This policy applies to all users of Chelsea and Westminster Healthcare IT services and systems, whether the users are Trust employees, agents, individuals working through temporary agencies or consultants, regardless of whether the user is utilizing the Trust s technology at the office or from a remote location. Related Policies and Legislation Computer Misuse Act (1990) Data Protection Act (1984) Human Rights Act (1998) Chelsea and Westminster IM&T Security Policy Chelsea and Westminster Human Resource Policies General Policies and Staff Code of Conduct Staff Support Policies Employee Relations Procedures Chelsea and Westminster IT Equipment Procurement & Removal Policy. Legal Guidance Notes #29 Use of Email National Computing Centre This policy is intended as an addition to the above mentioned policies and Acts and does not supercede or intend to conflict with them. Bill Gordon 01.10.02 Page 15 of 15 Version 5.0

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information