U 16 Internet Monitoring Policy & Investigation Protocol



Similar documents
RIPA (Regulations and Investigatory Powers Act)

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

U 09 Remote Access Policy

U06 IT Infrastructure Policy

PS 172 Protective Monitoring Policy

U07 Information Security Incident Policy

TONBRIDGE & MALLING BOROUGH COUNCIL INTERNET & POLICY AND CODE

How To Deal With Social Media At Larks Hill J & I School

INTERNET, USE AND

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

Internet Use Policy and Code of Conduct

Development / Monitoring / Review of this Policy. Schedule for Development / Monitoring / Review

SEN15-P69b 24 June University Ordinances

West Lothian College. and Computer Network Responsible Use Policy. September 2011

Saint Martin s Catholic Academy

Oratory R.C. Primary and Nursery School. Shine as to be a light to others E-SAFETY POLICY

Internet Acceptable Use Policy A council-wide information management policy. Version 1.5 June 2014

E-Safety Policy. The following section outlines the e-safety roles and responsibilities of individuals and group within the school.

Version: 2.0. Effective From: 28/11/2014

PROCEDURE Police Staff Discipline. Number: C 0901 Date Published: 9 May 2013

Caedmon College Whitby

Recommendations. That the Cabinet approve the withdrawal of the existing policy and its replacement with the revised document.

DISCIPLINARY POLICY AND PROCEDURE

Newcastle University disciplinary procedure

South Ayrshire Council. Report by Head of HR and Organisational Development to Leadership Panel of 19 April 2011

The South Yorkshire County Trading Administration Safety Project

INFORMATION SECURITY POLICY

WEST MIDLANDS POLICE Force Policy Document

Information & ICT Security Policy Framework

Corporate Information Security Management Policy

The Wellcome Trust Sanger Institute IT Acceptable Use Policy (AUP) Version 1.8

LOCAL DISCIPLINARY PROCEDURE

Acceptable Use of Information. and Communication Systems Policy

How To Behave At A School

TECHNOLOGY USAGE POLICY

NEWMAN UNIVERSITY DISCIPLINARY POLICY AND PROCEDURE

MUSIC, VIDEO AND SOFTWARE PIRACY POLICY

Disciplinary policy INTRODUCTION

Disciplinary and Dismissals Policy

circumstances where this may interfere with the discharge of your employment duties or the good reputation of Audit Scotland.

RESEARCH COUNCIL DISCIPLINARY POLICY

This procedure applies where formal disciplinary action is commenced on or after 11 December 2013

Information Technology and Communications Policy

Wotton-under-Edge Town Council

Roles and Responsibilities The following section outlines the e-safety roles and responsibilities of individuals and groups within Heath Farm School:

ICT Acceptable use Policy. Coláiste Mhuirlinne/ Merlin College Doughiska, Galway City.

WELB YOUTH SERVICE INTERNET AND ACCEPTABLE COMPUTER USAGE POLICY

2.2 If employees or Board Members wish to use mobile telephones or data devices provided by the Group for personal use they may opt to either:

Staff Investigation Protocol

Disciplinary Policy and Procedure

Forbes Shire Council Internet Access Policy

Software Policy. Software Policy. Policy and Guidance. June 2013

Electronic Communications Monitoring Policy

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY (for Cheshire CCGs)

IT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Dene Community School of Technology Staff Acceptable Use Policy

Students KS2-3 Acceptable Use Policy

Personal use of computers

Information Governance Framework. June 2015

St Bernadette s Catholic Primary School. E-Safety Policy

Information Technology Services

Roskear Primary & Nursery School. E-Safety Policy

Acceptable Use of Information and Communication Systems Policy

BISHOP GROSSETESTE UNIVERSITY. Document Administration

POLICY ON USE OF INTERNET AND

3. MISCONDUCT and GROSS MISCONDUCT The following list provides examples of misconduct which will normally give rise to formal disciplinary action:

PROCEDURE Transaction Monitoring and Audit. Number: G 0811 Date Published: 6 June 2013

Use of the Internet and Policy

Sibford School Student Computer Acceptable Use Policy

How To Use The School Network Safely

SCHOOLS FRAUD RESPONSE PLAN

BARNTON PARISH COUNCIL (BPC)

E-Safety Policy & Procedures

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

DISCIPLINARY PROCEDURE TEACHING STAFF

University of Liverpool

Ulster University Standard Cover Sheet

The Bishop s Stortford High School Internet Use and Data Security Policy

GENERAL REGULATIONS Appendix 10 : Guide to Legislation Relevant to Computer Use. Approval for this regulation given by :

OLAF: Decision on Measures to Combat Fraud

Industrial Accidents - A Review of the Procurement Act, 2005

Disciplinary and dismissal procedures for school staff

Code of Virginia, 1950, as amended, Sections , :1, , , and

E Safety Policy. 6 th March Annually. 26 th February 2014

Compliance Toolkit. Protecting Charities from Harm. Chapter 2: Due Diligence, Monitoring and Verification of End Use of Charitable Funds SUMMARY

Version 1.0. Ratified By

THE UK S ANTI-MONEY LAUNDERING LEGISLATION AND THE DATA PROTECTION ACT 1998 GUIDANCE NOTES FOR THE FINANCIAL SECTOR. April 2002

E-Safety Policy. Please read this policy in conjunction with the policies listed below:

Rules for the use of the IT facilities. Effective August 2015 Present

Using Public Computer Services in Somerset Libraries

ELECTRONIC MAIL ( ) September Version 3.1

Advice leaflet Internet and policies

How to Monitor Employee Web Browsing and Legally

33500 POLICY USE OF SOCIAL MEDIA

Terms & Conditions. In this section you can find: - Website usage terms and conditions 1, 2, 3. - Website disclaimer

Harper Adams University College. Information Security Policy

Guidance on health and character

How To Ensure Information Security In Nhs.Org.Uk

Internet Safety: Acceptable Use Policy

Transcription:

Dartmoor National Park Authority U 16 Internet Monitoring Policy & Investigation Protocol February 2010 This document is copyright to Dartmoor National Park Authority and should not be used or adapted for any purpose without the agreement of the Authority. Target Audience: Everyone

Contents Document Control 2 Document Amendment History 2 1. Introduction 3 2. Procedures 3 3. Definition of Misuse 3 4. Procedures for dealing with suspected misuse 5 Document Control Organisation Dartmoor National Park Authority Title Internet Monitoring Policy & Investigation Protocol Creator Ali Bright Source Approvals Distribution Filename 4-U16-DNPA Internet Monitoring Policy and Investigation Protocol.docx Owner Head of ICT Subject Information Security Protective Marking None Review date September 2010 Document Amendment History Revision Originator of Date of No. change change 1 Ali Bright Feb 2010 Created Change Description Only current as an electronic version on Parknet Page 2 of 6

1. Introduction Private use of the computer facilities is covered by other policies, (Computer Security Policy and Internet Code of Practice). This policy is provided to assist management with its approach to determining what constitutes misuse and provides guidance with investigation procedures and protocols to ensure a consistent approach is taken in dealing with potential misuse. There are a number of pieces of legislation which determine what can and cannot be undertaken when monitoring Internet and email activity. These include: Data Protection Act 1998 Freedom of Information Act 2000 Human Rights Act RIPA (Regulations and Investigatory Powers Act) Law Business Practices Regulations. Computer Misuse Act 1990 Monitoring logs will be retained for a period of 93 days and will be used for the purpose of sample testing user activity on the Internet. 2. Procedures Monitoring of Internet activity will be undertaken by the Head of ICT. It is also the responsibility of managers who suspect their staff of inappropriate use to request the ICT Team to undertake an analysis of the member of staff s activities. Where misuse of the internet is suspected, it should be confirmed and then classified as one of the five levels detailed in this document. Management should then take the following action according to the level of misuse. Steps will be taken in the monitoring process to determine whether activity is as a result of the employee s action of typing a URL address, searching or as a result of automatic updates to web pages where the page is left open in the background. Evidence should be maintained of all issues raised with employees and management at what ever level to provide support in the case of challenge by any employee. As part of the monitoring process any potential misuse should be ratified by reference to the employees working hours and the time recording entries where possible. Where an employee has previously been warned about their use of the Internet additional monitoring will be undertaken on that employees activity. A monthly review of 3 days activity will be evaluated. 3. Definition of Misuse Only current as an electronic version on Parknet Page 3 of 6

Level 5 1. Viewing or searching for inappropriate images of children and/or paedophile activity, including visiting sites, posting, downloading and saving images. 2. Intentionally visiting web sites containing illegal content, which results in the employee breaking the law 3. Knowingly posting viruses to web pages. 4. Hacking or attempting to hack web sites. 5. Attempting to defraud by use of the Internet or computer system. In all cases above (apart from item 1 which should be reported to the police without delay) police involvement should only be with the agreement of a Director and after consultation with the Head of Legal & Democratic Services / Assistant Solicitor. Level 4 1. Viewing or searching for inappropriate web sites, including visiting sites, downloading and saving images, whether in the employee's own time or business time [for the purposes of this clause "inappropriate" shall include but not be limited to pornography, racism, hate crime etc] 2. Consistently spending more than 3% of their working time each week on nonbusiness related Internet use (for full time employees this equates to 60 minutes). [for the purposes of this clause consistently shall mean for two or more consecutive weeks] 3. Contributing to a web site or social networking site comments which are potentially harmful to the organisation. Level 3 Consistently spending more than a total of 10 minutes a day of working time on nonbusiness related internet use. [for the purposes of this clause consistently shall mean on five or more working days in any 10 day period] Level 2 Spending more than a total of 5 minutes in a day during working time on nonbusiness related internet use Level 1 Spending up to a total of 5 minutes in a day during working time on non-business related internet use. NB for the purposes of this clause, spending a total period of 2 minutes or less on a day shall be disregarded Only current as an electronic version on Parknet Page 4 of 6

For all of the above, the matter may be considered more serious and dealt with at a higher Level if there is repeated activity and action has previously been instigated and recorded on the employee s personnel file. 4. Procedures for dealing with suspected misuse Level 1 Misuse (least serious) The Head of ICT should ask the employee to confirm in writing that their use of specified web sites is for legitimate business reasons. If there is any doubt about the explanation provided, the Head of ICT will inform the employee s line manager. The employee's line manager should check whether the use meets their expectations and if misuse is suspected the matter should be discussed with the employee. If misuse is admitted or established, the employee should be warned in writing as to their future use of the Internet and a copy placed on their personnel file. Level 2 Misuse The Head of ICT will inform the employee s line manager of the suspicions of misuse. They will also be provided with date and times and details of site names visited. The employee's line manager should check whether the use meets their expectations and if misuse is suspected the matter should be discussed with the employee. If misuse is admitted or established, the employee should be warned in writing as to their future use of the Internet and a copy placed on their personnel file. Level 3 Misuse The Head of ICT will inform the employee s line manager and appropriate Director of the suspicions of misuse. They will also be provided with date and times and details of site names visited. The employee's line manager should check whether the use meets their expectations and if misuse is suspected the matter should be discussed with the employee. If misuse is admitted or established, the employee should be warned in writing as to their future use of the Internet and a copy placed on their personnel file. If the misuse has taken place after a previous warning under this policy, consideration should be given as to whether disciplinary action is necessary and this will need to be undertaken in accordance with HR policies. Where Internet access is not required as part of the employee's day to day job, the line manager, in consultation with the Head of ICT and Head of HR, should also consider whether Internet access should be withdrawn for a defined period of time. NB: in any of the above, the Head of ICT must be informed of the outcome of any investigation for future internet monitoring purposes. Level 4 Misuse Only current as an electronic version on Parknet Page 5 of 6

The Head of ICT will inform the employee s line manager of the suspicions of misuse. They will also be provided with date and times and details of site names visited. The relevant Director must also be informed. Consideration should be given to the suspension of the member of staff from Internet access during which time an extended analysis of Internet usage may be undertaken using the three months of data available within the monitoring logs. If necessary computer forensic analysis can be obtained from Devon Audit Partnership to support the evidence identified in Internet log files. This facility ensures that the investigation does not change any data on the hard drive of the user s computer. The line manager or other senior officer designated by the relevant Director shall, in consultation with the Head of ICT, investigate the circumstances of the suspected misuse and establish whether it appears there has been misuse within the meaning of this policy. If misuse is admitted or established, consideration should be given as to whether formal disciplinary action is necessary and this will need to be undertaken in accordance with HR policies. Level 5 Misuse (most severe) If it appears that misuse has occurred which may amount to a criminal offence, a Director shall be informed as a matter of urgency. The Director, in consultation with the Head of Legal & Democratic Services / Assistant Solicitor and the Head of ICT shall make arrangements for the police to be informed without delay. If it is believed that the misuse is so serious that it may amount to gross misconduct, the Director in consultation with the Head of HR shall make arrangements for the suspension of the employee, pending a disciplinary investigation. If a police investigation does not take place, the relevant Director shall appoint a senior office to investigate, in consultation with the Head of ICT, the circumstances of the suspected misuse and establish whether there appears to have been misuse within the meaning of this policy. If misuse is admitted or established, formal disciplinary action shall be undertaken in accordance with HR policies. NB: if any investigation reveals inappropriate images of children and/or possible paedophile activity the investigation must be halted immediately and the matter reported to the Police. If further investigation is undertaken after the discovery of inappropriate images of this nature the person investigating runs the risk of prosecution. Only current as an electronic version on Parknet Page 6 of 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information