Lara Nichols information systems are all the hardware, software, applications and data/communications networks that together provide the capability to generate, process, transmit, receive and store information electronically. These include, for example, the use of communication systems such as social networks, email and Internet. This policy should be read in conjunction with the social networking policy and, if relevant, our bring your own device to work policy.
The information systems and IT facilities are provided for business purposes. Where you are given access to computer information systems and services, it is on the basis that these are essential tools for the job. In using these facilities you must follow such authorisation processes as may be provided elsewhere.
Misuse of our Information Systems or IT facilities, or unauthorised access may lead to disciplinary action which, in serious cases, could result in your dismissal.
We may allow occasional and reasonable use of our information systems and IT facilities for non-business (personal) purposes (including social networking). Such is subject to the usage guidance given below and in the separate Social Networking Guidance and Policy.
Personal data is any data that identifies to a living person, an individual’s email address for example. Such data is protected under the General Data Protection Regulations (or equivalent legislation in Europe). Where such information is held on our information systems you must have a legitimate, work-related, reason for recording or accessing such data. It must be used only for the reason for which it was obtained. In other circumstances you must have explicit consent from the individual to record or use such data. For example, if you wish to contact a colleague for a non-work related purpose then you must have that colleague’s explicit consent (in an email for example) to do so. Breaching this policy is a disciplinary offence and could lead to dismissal.
All information generated, processed, transmitted, received and stored on the company Information Systems may be audited at any time.
Any information held on these systems may be subject to audit and removal without notice. You are therefore advised not to regard any information that you create on information systems, including email, as private.
Monitoring, recording and disclosure
Access to our Information Systems will be monitored as and when required. Monitoring processes generate audit logs that may be used to detect misuse of systems, and other criminal acts or breach of requirements established in this policy.
We may monitor and record communications made using our information systems and IT facilities where they are relevant to the business, for quality control or employee training purposes, for ascertaining compliance with our regulatory practices or procedures, for preventing or detecting crime, for investigating or detecting any unauthorised use of, or ensuring the effective operation of, our data/communications systems (eg monitoring for viruses), and monitoring or determining whether or not such communications comply with this policy.
Confidentiality and security
We recognise that there are risks associated with the use of information systems and technology and will seek to minimise these risks and their impact. Where appropriate, you are required to play your part in protecting the information and information technology assets of the business. Information is an important asset that may be sensitive or commercially valuable.
You must take reasonable precautions to protect the security and confidentiality of information including personal data (see also the Data Protection Policy). Failure to protect the integrity of our systems and information may lead to disciplinary action.
- Don’t open email attachments from unknown sources
- Do not use WiFi outside our premises unless you are certain the connection is safe (passwords pass through routers and can be intercepted)
- Be vigilant; hackers can use plausible information that puts you off you guard
- Follow the password policy below
To ensure that our information is protected, you are held responsible for safeguarding passwords and access identities. Personal passwords and identities must not be shared. You are responsible for all use of information systems and technology, and for any information stored or communicated, using your identity or password.
Unauthorised third party software or hardware
Software or hardware must not be connected copied or downloaded, modified, adapted or loaded by users onto any of our technology or system without prior, written approval from Managing Director.
Email is Business Correspondence
Email should be regarded in the same way as any other type of correspondence or communication and treated as a record of the business.
The content of an email or of any electronically stored or transmitted information can be legally binding; therefore you must avoid making commitments via email or the internet on behalf of our organisation unless you have full authority to do so in any particular instance.
Emails containing personal data must not be retained longer than is needed for the legitimate purpose for which the data was obtained in the first place.
Email and internet usage guidance
Internet access is a standard tool available for anyone provided with a computer that is connected to our network. If email is made available to you it is to enable you to do your job. Access to either is granted subject to compliance with normal standards of behaviour in the office environment, particularly in terms of material viewed or circulated.
Limited personal use
Our information systems and IT facilities are provided for business purposes. Occasional and reasonable personal use is permitted provided that it is outside of working time.
However you are reminded that any information held on our systems may be subject to audit and removal without notice.
Misuse or excessive personal use of our information systems will be investigated and may result in disciplinary action.
Examples of reasonable personal use of information systems and technology are:
- exchanging email, including social networking, with relatives or personal contacts
- personal financial services
- internet shopping for personal consumer items
- making personal travel arrangements
- reading news
- taking part in discussion groups associated with personal interests
- carrying out research for personal interest
As examples, our information systems and technology must not be used:
- to undertake activities (including social networking) detrimental to our reputation or business interests or are libellous of any other person’s or company’s reputation, products or services
- in a way which adversely affects the performance of your job
- to further the interests of any other business enterprise
- to undertake activities of an offensive, sexual or discriminatory nature based on the protected characteristics as set out in the Equality Act 2010. Details of protected characteristics are outlined in the Equal Opportunity Policy.
- to express unauthorised views or make commitments that could appear to be on our behalf
- to copy, distribute or receive copyrighted or confidential materials without the authority of the owner
- to deliberately visit web sites or contribute to News Groups that advocate illegal activity
- to initiate or participate in the sending of chain letters, ‘junk mail’(unsolicited commercial electronic mail), ‘spamming’ (sending unsolicited messages indiscriminately to multiple mailing lists, individuals, or newsgroups) or other similar mailings
- to store personal data other than for legitimate business reasons
- to transmit messages or material that solicit or promote a religious, charitable, political or other non-business related cause, unless authorised by the Managing Director
- to obtain or disseminate unauthorised software that could put our security network at risk
- to undertake illegal trading
- for job searching