Policy Aim

This policy has been developed to provide guidance, assistance and awareness for employees to ensure a standard, consistent compliance to Information security issues.

Policy Summary

The purpose of this policy is to establish acceptable use of the internet and email on machines owned or controlled by our organisation or connected to our network. The policy sets out the responsibility of individuals using the service in order to maximise the benefits of internet and email access whilst minimising the risk.

Introduction

The organisation is legally obliged to ensure that all staff are protected against viewing or accessing inappropriate materials. It is therefore mandatory that employees when communicating by email or using the internet, adhere to this policy. Failure to follow this policy may lead to disciplinary action being taken against the user.

The internet is an available tool and email is a very popular form of communication which can be of great benefit to our organisation when used appropriately. Its use however may also expose our organisation to new risks such as non-compliance with various statutory requirements, threats to IT Security and ineffective communication.

This policy sets out the expectations of our organisation for the proper use of internet and email systems and compliments other information policies.

Email:

a) The organisation allows access to personal email services via our systems network, any use must be in staffs own time i.e. during lunch breaks or before and after your normal working hours.

b) Electronic mail must not be used for any purpose which would contravene any existing UK law, any stated policy within the organisation or which might be considered generally offensive

c) All passwords and login details for email systems must be kept confidential. Sharing passwords or login details will be not accepted.

d) Email users must not forward emails that have obscene, pornographic, sexual or racially offensive, defamatory, harassing or otherwise illegal content. Users must not hold, send or forward emails that contain jokes, or non-work related images, contain statements that are untrue, inaccurate, misleading or offensive about any person or organisation. Users must not send messages from another member of staffs email account, use email for political lobbying, knowingly introduce to the system or send an email or attachment containing malicious software for example viruses.

Monitoring of emails may be undertaken at any time by the company director to ensure the safety of other users, hardware and security purposes.

Unacceptable use of internet and email services includes any action which could bring the organisation into disrepute, interfere with the organisation’s business, its reputation or jeopardise the security of data, networks, equipment or software or cause harm to staff/clients or members of the public.

Downloading or Transmitting Data

The organisation will not accept downloading video or audio for entertainment purposes. The use of personal social networking sites, web logs and blogs is not permitted as these sites can contain vulnerabilities that negate the effectiveness of security software.

All staff must adhere to the policy and comply with applicable UK legislation and any regulatory requirements as specified in this policy. Failure to follow this policy may lead to disciplinary action being taken against the member of staff and could potentially lead to criminal investigation and potential prosecution.