Email Services Policy



Similar documents
Policy and Code of Conduct

Acceptable Use of ICT Policy For Staff

COMPUTER USAGE -

Policy. Version: 1.1. Date ratified: February 2014 Name of originator /author (s): Responsible Committee / individual:

Acceptable Use of Information Systems Standard. Guidance for all staff

St. Peter s C.E. Primary School Farnworth , Internet Security and Facsimile Policy

Online Communication Services - TAFE NSW Code of Expected User Behaviour

ICT POLICY AND PROCEDURE

Human Resources Policy and Procedure Manual

Conditions of Use. Communications and IT Facilities

UNIVERSITY OF ST ANDREWS. POLICY November 2005

LINCOLNSHIRE COUNTY COUNCIL. Information Security Policy Framework. Document No. 8. Policy V1.3

Rules for the use of the IT facilities. Effective August 2015 Present

ICT Student Usage Policy

Delaware State University Policy

ITU Computer Network, Internet Access & policy ( Network Access Policy )

Policy and Procedure for Internet Use Summer Youth Program Johnson County Community College

DATA PROTECTION AND DATA STORAGE POLICY

Assistant Director of Facilities

1. Computer and Technology Use, Cell Phones Information Technology Policy

Internet Use Policy and Code of Conduct

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

IM&T POLICY & PROCEDURE (IM&TPP 02) Policy. Notification of Policy Release: Distribution by Communication Managers

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

Sheridan College Institute of Technology and Advanced Learning Telephone and Computer Information Access Policy

EMPLOYEE COMPUTER NETWORK AND INTERNET ACCEPTABLE USAGE POLICY

Digital Device LOAN CHARTER

SAS TRUSTEE CORPORATION ( STC )

Internet, and SMS Texting Usage Policy Group Policy

USE OF INFORMATION TECHNOLOGY FACILITIES

POLICY ON USE OF INTERNET AND

Service Schedule for Business Lite powered by Microsoft Office 365

Strathfield Girls High School Bring your Own Device User Charter

If you have any questions about any of our policies, please contact the Customer Services Team.

Internet, Social Networking and Telephone Policy

INTERNET, USE AND

Data Protection Policy

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

COMPUTER NETWORK AGREEMENT FORM

Information Services. Regulations for the Use of Information Technology (IT) Facilities at the University of Kent

LOS ANGELES UNIFIED SCHOOL DISTRICT POLICY BULLETIN

Sydney Technical High School

Students are expected to have regard to this policy at all times to protect the ipads from unauthorised access and damage.

INFORMATION SECURITY POLICY

Acceptable Use of ICT Policy. Staff Policy

NHSnet SyOP 9.2 NHSnet Portable Security Policy V1. NHSnet : PORTABLE COMPUTER SECURITY POLICY. 9.2 Introduction

REVIEWED BY Q&S COMMITTEE ON THE 4 TH JUNE Social Media Policy

SOUTHERN SLOPES COUNTY COUNCIL COMPUTER & INFORMATION TECHNOLOGY USE POLICY

Policy For Staff and Students

CARRAMAR PUBLIC SCHOOL

Computer Network & Internet Acceptable Usage Policy. Version 2.0

Dene Community School of Technology Staff Acceptable Use Policy

Dundalk Institute of Technology. Acceptable Usage Policy. Version 1.0.1

DIGITAL TECHNOLOGY POLICY St Example s School

Kenmore State High School Student Laptop Charter

Use Policy. All Staff Policy Reference No: Version Number: 1.0. Target Audience:

Bring Your Own Device Program: 2015 User Agreement

Sibford School Student Computer Acceptable Use Policy

2.1 It is an offence under UK law to transmit, receive or store certain types of files.

Acceptable Use of Information Technology Policy

ELECTRONIC COMMUNICATIONS: / INTERNET POLICY

INTERNET, AND COMPUTER USE POLICY.

ATHLONE INSTITUTE OF TECHNOLOGY. I.T Acceptable Usage Staff Policy

Pasadena Unified School District (PUSD) Acceptable Use Policy (AUP) for Students

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

Transcription:

Email Services Policy

CONTENTS Page 1 Introduction 3 2 Scope 3 3 Review and Evaluation 3 4 General Principles 4 5 Responsibilities 4 6 Business Use and Continuity 4 7 Personal Use 6 8 Managing Email Messages 7 9 Security 7 10 Email Abuse 8 11 Monitoring 8 12 Training 9

INTRODUCTION 1.1 This Policy defines the manner in which Neath Port Talbot Local Health Board (LHB) will manage and facilitate the use of Electronic (E-mail) Services in an effective and corporate manner. 1.2 It defines standards for acceptable use, including requirements of the Data Protection, Freedom of Information Acts and Caldicott Report. 1.3 This policy will be supplemented, where necessary, by local procedures and best practice guidance. 2 SCOPE 2.1 The policy applies to all LHB staff, contracted third parties (including agency staff), students / trainees, secondees, non-lhb staff on placement and staff of other organisations accessing email services from LHB sites. 2.2 This policy should not be read in isolation but should be read in conjunction with the other LHB IM&T policies, which should be adhered to at all times. Where an individual is uncertain of any aspects of either this or other policies then they should contact either their IT Security Officer within the LHB or the BSC Regional Information Governance Manager for clarification. 2.3 Other IM&T Policies include: Data Protection Policy Corporate IM&T Security Policy Corporate Internet Policy Freedom of Information/Environmental Information Regulations Policy Corporate Policy on Records Management Access to Health Records Policy 1.4 This policy applies to the body of all email messages, including personal emails, and any files attached to them. 3 REVIEW AND EVALUATION 3.1 A policy review will usually take place every three years or sooner if any of the following occur:- Major policy breach; Identification of new threats or vulnerabilities; Significant organisational restructuring;

Significant change in organisational infrastructure; Change in legislation. 4 GENERAL PRINCIPLES 4.1 Email messages are corporate records and must be treated with the same level of attention given to drafting and managing of other forms of written communication. 4.1 The LHB will allow limited personal use of email services, and will define in the appropriate section below how members of staff are expected to manage this concession. 5 RESPONSIBILITIES 5.1 Line managers must ensure that they complete an authorised user form for each new member of their staff to use the Email system. 5.2 Members of staff must sign a declaration that they have read, understood and will adhere to this policy before they are given access to the system. 5.3 Line Managers must notify the BSC Service Desk of changes, particularly leaving dates, to ensure the Email User Directory is always up to date. 6 BUSINESS USE AND CONTINUITY 6.1 Members of staff must only use the Email System if it is the best means of communicating information. 6.2 Email messages that form part of the business process are business records and must be captured into the corporate records management system in electronic and/or paper format. 6.3 Members of staff must identify and manage their emails in accordance with the records management retention and destruction schedules and email procedures. 6.4 Contractual commitments must only be made via email by those so authorised and the emails and any attachments must be filed securely along with other documents for later access.

6.5 Members of staff must ensure email inboxes are normally checked at least daily, that messages are dealt with promptly and that they have made arrangements are in place to deal with their mail in their absence. 6.6 Out of office messages must be used for periods of planned leave with an alternative contact being named. 6.7 Other than in exceptional circumstances, such as extended unplanned leave, the use of auto-forward is not permitted and will not be made available to users. Special requests should be made to the BSC Service Desk and authorised by one of the LHB s Executive Directors. 6.8 When appropriate, particularly for external contact, generic addresses such as Personnel@ should be utilised to ensure all messages are processed. 6.9 There may be a legal or business need to access an individual s mailbox when they are unavailable or absent for an extended period. Where it is not possible to ask the permission of the member of staff the access must be authorised in writing by an LHB Executive Director. 6.10 Access must only be made following a request by an Executive Director and a record must be kept of the reason for the access, the persons present, and the use made of the emails. Members of staff should be informed when this type of management action has taken place. 6.11 On receipt of a staff resignation line managers must discuss with the staff member which parts of their email account should be retained for business continuity purposes and arrange with the BSC Service Desk for them to be assigned accordingly. 6.12 There will be limits set on the size of attachments to sent and received messages. The maximum email size allowed for external communication is 10Mb. Staff required to transfer larger documents should contact the BSC Service Desk for advice. 6.13 Mass email groups (where these exist) should only be used to circulate reasonable, business related material. If in doubt, users should seek advice from their line manager. 6.14 A corporate disclaimer will be attached automatically on send and staff should not attach their own. 6.15 Anti-virus software is in place on the email service.

7 PERSONAL USE 7.1 The LHB will allow members of staff to use the email system for limited personal use and will endeavour to respect the privacy of personal emails. However there may be some instances where this cannot be guaranteed. 7.2 The subject line must identify the status of personal messages (internal and outgoing) e.g. private-union related or personal non-work related. 7.3 All users will have a folder named PERSONAL where non-work related emails can be kept. The content of the PERSONAL folder will not transfer to the corporate email archive (see Section 8). The folder must not be used to keep any corporate material. Users will be required to keep the size of their PERSONAL folder to the bare minimum, deleting personal emails as soon as possible. 7.4 The email system must not be used for advertising, personal financial gain or operation of personal commercial enterprises. 7.5 Users must not forward chain letters of any sort either internally or externally under any circumstances. Any such mail claiming to be Virus warnings must be referred unopened to the IT Department at the BSC. 7.6 Members of staff must obtain written authority from their Director to use the Email System to undertake work on behalf of another organisation. 7.7 Designated folders must be created that clearly identify the information as being owned by the other organisation and outside Neath Port Talbot LHB s responsibility. Content of non-lhb folders will not be transferred to the corporate email archive. 7.8 The user will be responsible for providing details of a nominated person in the third party organisation who is authorised to gain access in their absence. 7.9 Examples of acceptable personnel use would be: Mailing home/partner to notify them you are working late Mailing colleagues about work related social events Brief emails to colleagues arranging weekend/evening activities Brief keeping in touch emails 7.10 Examples of personnel use that would not be acceptable: Emails circulating a joke, whether to individuals or LHB wide Sending or storing personal photographs to colleagues Any personal email that could cause harm or embarrassment to the LHB or individual staff members Any email that takes the employee away from their work for more than a few minutes

8 MANAGING EMAIL MESSAGES 8.1 Software is in place to provide a corporate email archive, and search facility. 8.2 With the exception of emails filed in the Personal, Non-LHB and Deleted folders all incoming and outgoing messages and their attachments will be automatically transferred to the corporate archive after a period of 60 days. Archived messages will be retained for six years. 8.3 Prior to the 60 day trigger point users are required to consider the value of each message, and either delete it, move it to an appropriate folder within the email structure or transfer it to the corporate electronic or manual record keeping system. 8.4 Users will not be able to delete messages once they have transferred to the corporate archive. They will only be able to search the archive for their own inbound or outbound messages. 8.5 Searches of the corporate archive and backup facility for the purpose of retrieving information under Freedom of Information and other legislation will be limited to designated users for documented, authorised reasons. 9 SECURITY 9.1 Email is not a secure method of communication and must not be used if the content is personal, sensitive or critical such that, if it were received, disclosed or modified by an unauthorised person, could cause damage, distress, embarrassment or financial loss. 9.2 Patient identifiable data should only be sent using internal email where the sole patient identifier is the hospital or NHS Number; internal mail includes addresses containing.nhs.uk. 9.3 Patient based or other personal data should only be sent using internal mail where the sole identifier is the hospital, NHS Number or staff number. If it is unavoidable that named personal data is included the information must be transmitted in an attached file that is password protected. For security the password should be communicated verbally to the recipient of the email. Internal mail includes addresses containing.nhs.uk (the NHSnet). 9.4 No sensitive or confidential patient data, personal/staff data or business information should be sent via external email. 9.5 To protect the confidentiality and integrity of the system user activity will be logged against individual user accounts. Each user is responsible for ensuring that computer terminals are not left open for use by unauthorised persons and those passwords are not shared or compromised.

10 EMAIL ABUSE 10.1 No member of staff will send or forward emails that in any way may be interpreted as insulting, disruptive or offensive by any other person or which may be disruptive to staff morale. 10.2 Misuse of the email system will be treated as a disciplinary offence under the LHB s disciplinary procedure. 10.3 If the misuse is unlawful e.g. under Sex Discrimination Act 1975, Race Relations Act 1976, Data Protection Act 1998, the Board will take the necessary action. 10.4 Misuse includes:- Sending abusive, rude, obscene, pornographic, illegal or defamatory messages or material; Sending a message that could constitute bullying or harassment; Compiling or distributing chain letters either internally or externally; Sending confidential information without authorisation; Misuse of email or the computer system which results in a claim being made against the LHB; Unauthorised copying or modifying of copyright material; Excessive personal use of email. 11 MONITORING 11.1 The LHB reserves the right to take reasonable actions to ensure the system is functioning properly, to trace lost messages or retrieve messages lost due to a computer failure, and to monitor whether usage of the system is legitimate. 11.2 The LHB may need to allow access to the system to assist in the investigation of wrongful acts, or to comply with legal obligations or to defend any legal action brought against it. 11.3 Other forms of monitoring will not be carried out without prior notice 11.4 The LHB, in conjunction with the BSC, will agree a set of procedures identifying the respective roles and responsibilities of managers and IT staff in monitoring the use of the email service.

12 TRAINING 12.1 This policy and associated responsibilities must be brought to the attention of new members of staff in the Induction Programme. 12.2 Directors must identify training needs and ensure appropriate training is received as soon as possible, particularly for new starters who are unfamiliar with the corporate system.

Please sign below and return to Melanie Jones, Office Manager, Neath Port Talbot LHB ----------------------------------------------------------------------------------- I have read and understood Neath Port Talbot Local Health Board s E-Mail policy and I agree to abide by the stated guidelines. Full Name (print) Signature. Directorate... Date././200

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information