1. Introduction

1.1 – Whilst the use of electronic equipment and communications can greatly enhance the efficient running of the business, there is extensive scope for misuse and abuse which can be extremely damaging.

1.2 – This policy deals mainly with the acceptable and unacceptable use of computer equipment, e-mail, the internet, telephones, mobile devices and voicemail, but it applies equally to the use of fax machines, copiers, scanners, CCTV and any electronic key fobs and cards. It outlines the standards you must observe, the circumstances in which we will monitor use of these systems and the action we will take in respect of breaches of these standards.

1.3 – You are expected to protect our electronic communications systems and equipment from unauthorised access and harm at all times. This Policy sets out what is acceptable practice and any contravention of the rules is likely to result in a disciplinary action, which could result in dismissal or legal action against you.

1.4 – This policy does not form part of any employee’s contract of employment and it may be amended at any time.

1.5 – This policy covers all individuals working at all levels and grades, including directors, managers, employees, consultants, contractors, trainees, homeworkers, part-time and fixed-term employees, casual and agency staff and volunteers (collectively referred to as staff in this policy).

1.6 – Third parties who have access to our IT and communication systems are also required to comply with this policy.

1.7 – You are responsible for the success of this policy and should ensure that you take the time to read and understand it. Any misuse of our electronic communications systems or equipment should be reported to a Company Director. Questions regarding the content or application of this policy should be directed to your manager.

2. Equipment security & passwords

2.1 – You are responsible for the security of the equipment allocated to or used by you and must not allow it to be used by anyone other than in accordance with this policy.

2.2 – If given access to the e-mail system or to the internet, you are responsible for the security of your terminal. If leaving a terminal unattended or on leaving the office you should ensure that you lock your terminal or log off to prevent unauthorised users accessing the system in your absence. Staff without authorisation should only be allowed to use terminals under supervision.

2.3 – Desktop PCs, docking stations and other connections for laptops and cabling for telephones or computer equipment should not be moved or tampered with, without first consulting your manager.

2.4 – The allocation of user passwords is formally controlled. New users are issued with a temporary network password which they are required to change at first logon. User passwords will not expire and will not need to be changed until it is suspected that they have been compromised. The passphrase will be required to be a minimum of 20 characters long and may contain upper and lower-case letters, numbers, special characters and spaces, although there is no requirement to apply all these options. Any default passwords on new IT infrastructure or end-point assets shall be changed to conform with the password policy, before the assets are allocated or commissioned. In order to access any Microsoft account, including Office 365, or any other corporate systems,  when out of the office, every user will authenticate using multi-factor authentication (MFA). Passwords must be kept confidential and must not be shared with anyone else. For the avoidance of doubt, upon termination of employment (for any reason) you must return any electronic equipment, access fobs or cards. 

2.5 – If you have been issued with a laptop, mobile phone or any other equipment, you must ensure that it is kept secure at all times, especially when away from the office or travelling. Passwords or appropriate cryptographic controls must be used to ensure that confidential data is protected in the event of loss or theft. You should also be aware that when using equipment away from the workplace, documents may be read by third parties, for example, passengers on public transport.

3. Systems & Data Security

3.1 – You should not delete, destroy or modify existing systems, programs or applications, information or data which could have the effect of harming our business or exposing it to risk.

3.2 – You should not download or install software from external sources without authorisation from your manager. This includes software programs, instant messaging programs, screensavers, photos, video clips and music files. Incoming files and data should always be virus-checked before they are downloaded. If in doubt, you should seek advice from your manager.

3.3 – You may use your allocated Microsoft Office 365 license in accordance with the standard terms of use on multiple devices, but you should ensure that access to the licensed software is restricted to your own business use only. If your licensed Microsoft Office 365 application is applied to your own device, it should be removed by the Computerworld Technical Team when it is no longer required or prior to the device being disposed of.  In the event that your Microsoft Office 365 application is removed before the device is disposed of, you will still be responsible for the appropriate disposal of the device in question.

3.4 – No device or equipment should be attached to our systems without the initial prior approval of your manager. This includes any USB flash drive, MP3 or similar device, PDA or telephone. It also includes use of the USB port, infra-red connection port or any other port.

3.5 – Where approval is given for the use of USB flash drives or similar devices, encryption or password protection measures should be applied to safeguard the information whilst under your control or in transit.

3.6 – We monitor all e-mails passing through our system for viruses. You should exercise caution when opening e-mails from unknown external sources or where, for any reason, an e-mail appears suspicious (for example, if its name ends in .exe). The Service Desk Manager, Helpdesk team or Servicedesk team should be informed immediately if a suspected virus is received. We reserve the right to block access to attachments in e-mails for the purpose of effective use of the system and for compliance with this policy. We also reserve the right not to transmit any e-mail message.

3.7 – You should not attempt to gain access to restricted areas of the network, or to any password-protected information, unless specifically authorised to do so.

3.8 – If you use a laptop or wi-fi enabled equipment, you must be particularly vigilant when using it outside the office, only connecting to unsecured public wi-fi networks as a last resort. You should take all necessary precautions to prevent the importing of viruses and malware or compromising the security of the corporate system. The corporate system contains information which is confidential to Computerworld Systems Ltd and/or which is subject to existing EU and UK Data Protection legislation.  This information must be treated in accordance with our identified legal obligations.

3.9 – When working off site, including at a client site or in a public place, users must be alert to the increased risk of information being seen or accessed by others.  Users must make sure that no-one is ‘shoulder-surfing’ i.e. looking at their screen, especially when inputting passwords and that they always lock machines when not being used.

3.10 – When using the telephone or talking face-to-face out of the office, users must make sure they are not being overheard when discussing information which is classified as ‘Proprietary/Internal’ or ‘Confidential’.

4. Use of Email

4.1 – E-mail is a vital business tool, but an informal means of communication, and should be used with great care and discipline. We encourage you to use email for work but you should always consider if e-mail is the appropriate method for a particular communication. If it is likely that an e-mail could be misinterpreted, is of a sensitive / dissatisfied nature, or is a response to such an e-mail, please respond by telephone rather than e-mail. Things can often be resolved much more satisfactorily and positively this way and misunderstandings are less likely to occur.

4.2 – Correspondence with third parties by e-mail should be written as professionally as a letter. Messages should be concise and directed only to relevant individuals. Company email signatures should always be attached to business emails.

4.3 – You must not send abusive, obscene, discriminatory, racist, harassing, derogatory, defamatory, or otherwise inappropriate e-mails. Anyone who feels that they have been harassed or bullied or are offended by material received from a colleague via e-mail should inform their line manager.

4.4 – You should take care with the content of e-mail messages, as incorrect or improper statements can give rise to claims for discrimination, harassment, defamation, breach of confidentiality or breach of contract. Staff should assume that e-mail messages may be read by others and not include anything which would offend or embarrass any reader, or themselves, if it found its way into the public domain.

4.5 – E-mail messages may be disclosed in legal proceedings in the same way as paper documents. Deletion from a user’s inbox or archives does not mean that an e-mail cannot be recovered for the purposes of disclosure. All e-mail messages should be treated as potentially retrievable, either from the main server or using specialist software.

4.6 – In general, you should not:

  • send or forward chain mail, junk mail, cartoons, jokes or gossip.
  • contribute to system congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to those who do not have a real need to receive them.
  • agree to terms, enter into contractual commitments or make representations by e-mail unless appropriate authority has been obtained. A name typed at the end of an e-mail is a signature in the same way as a name written at the end of a letter.
  • download or e-mail text, music and other content on the internet subject to copyright protection, unless it is clear that the owner of such works allows this.
  • send messages from another worker’s computer or under an assumed name unless specifically authorised; or
  • send confidential messages via e-mail or the internet, or by other means of external communication which are known not to be secure.

4.7 – If you receive a wrongly delivered e-mail you should return it to the sender.

4.8 – Do not attach anything to an email which may contain a virus. Our company could be liable to the recipient for loss suffered, so ensure that virus checking is completed. Also be very careful when forwarding attachments from third parties as these may carry viruses and may not have been cleared for copyright issues.

5. Use of Internet

5.1 – A computer with internet access will be provided to you if you have been authorised to use the internet whilst at work. If you do not have internet access but believe that it is appropriate or necessary, a request can be made to your manager. Internet access may be removed from you.

5.2 – Please remember that use of your personal electronic equipment should be made during your rest break only. You are expected to make sensible use of the internet so that it does not interfere with efficient working for the company. You may be called upon to justify the amount of time spent on the internet or the sites visited.

5.3 – You should not access any web page or any files (whether documents, images or other) downloaded from the internet which could, in any way, be regarded as illegal, offensive, in bad taste or immoral. While content may be legal in the UK, it may be in sufficient bad taste to fall within this prohibition. As a general rule, if any person (whether intended to view the page or not) might be offended by the contents of a page, or if the fact that our software has accessed the page or file might be a source of embarrassment if made public, then viewing it will be a breach of this policy.

5.4 – Many websites are useful for the Company but a large number require registration. If registration is required you should seek management approval and ensure that the Company data is not used for other marketing purposes.

5.5 – Some sites through which you can access free, work related information and documents will require the Company to enter into a licence or contract terms. These terms must be checked by your manager in the normal way.

5.6 – You should only download files onto PCs with virus checking software and should check how long the download will take and how compatible it is, or get confirmation from a manager or IT specialist if uncertain. Software must never be brought into the office from home without specific authority from your manager.

5.7 – You should not under any circumstances use our systems to participate in any personal internet chat room, post messages on any personal internet message board or set up or log text or information on a personal blog or wiki, even in your rest breaks or own time.

6. Personal use of systems

6.1 – You are permitted to use the Company’s electronic systems or computers to send or receive personal emails in order to deal with any urgent personal situations. Any personal use must be kept to an absolute minimum and email activity will be monitored.

6.2 – If you have been authorised to use your own laptop, smart phone or electronic equipment to send or receive private emails or for internet access, it must be kept to an absolute minimum and you must not use the company name or affiliations in any way.

6.3 – You may make calls or text from your personal mobile phone to respond to any urgent personal situations but this must be kept to a minimum and preferably in your lunch time wherever possible.

6.4 – Your line manager will monitor personal use of systems and if excessive use causes a disruption to your productivity, the company reserves the right to amend or withdraw clause 6 on an individual basis.

7. Monitoring of use of systems

7.1 – Our systems enable us to monitor telephone, e-mail, voicemail, internet and other communications. Monitoring is only carried out to the extent permitted or as required by law and as necessary and justifiable for business purposes.

7.2 – We reserve the right to retrieve the contents of messages or check searches which have been made on the internet for the following purposes (this list is not exhaustive):

  • to monitor whether the use of the e-mail system or the internet is legitimate and in accordance with this policy.
  • to find lost messages or to retrieve messages lost due to computer failure.
  • to assist in the investigation of wrongful acts; or
  • to comply with any legal obligation.

8. Inappropriate use of equipment & systems

8.1 – Access is granted to the internet, telephones and other electronic systems, programs and applications for legitimate business purposes only. Personal use is not permitted, other than during official lunch or rest breaks.

8.2 – Excessive or inappropriate use or abuse of our telephone or e-mail systems, or the internet in breach of this policy may be dealt with under our Disciplinary and Capability Policy. Any misuse of the internet can, in certain circumstances, constitute a criminal offence. In particular, misuse of the e-mail system or inappropriate use of the internet by participating in online gambling or chain letters or by creating, viewing, accessing, transmitting or downloading any of the following material will amount to gross misconduct (this list is not exhaustive):

  • pornographic material, which includes but is not limited to writing, pictures, films and video clips of a sexually explicit or arousing nature.
  • offensive, obscene, or criminal material or material which is liable to cause embarrassment to us or to our clients.
  • a false and defamatory statement about any person or organisation.
  • materials which are discriminatory, offensive, derogatory or may cause embarrassment to others.
  • confidential information about us or any of our staff or clients, which you do not have authority to access.
  • any other statement which is likely to create any liability (whether criminal or civil, and whether for you or us); or
  • material in breach of copyright.
  • any such action will be treated very seriously and is likely to result in summary dismissal.

8.3 – Where evidence of misuse is found we may undertake a more detailed investigation in accordance with our Disciplinary and Capability Policy, involving the examination and disclosure of monitoring records to those nominated to undertake the investigation and any witnesses or managers involved in the Disciplinary and Capability Policy. If necessary, such information may be handed to the police in connection with a criminal investigation.

9. Monitoring & review of this policy

9.1 – The aim of these rules is to be helpful. We encourage the use of the internet and email. It is a major opportunity for our business.

9.2 – This policy will be reviewed regularly to ensure that it meets legal requirements and reflects best practice.