Business Name Ltd
IMSP15 Acceptable Use Policy
Document Ref: IMSP15 Acceptable Use Policy
Date of Version: dd/mm/yyyy
Author: Name 1
Approved By: Name 2
Confidentiality Level: Controlled: Uncontrolled if printed
This document is reviewed periodically, at least annually, and is retained for a period of Number years. Amendments and revisions are distributed to the named holders. The history of amendments and the issue of revisions are recorded below.
Date Amend. No. Page No. New Issue No. Reason for Change Authorised By
dd/mm/yyyy – All 1 Initial release. Name 2
1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9 10 10 11 11 12 12 13 13 14 14 15 15 16 16 17 Copies of this document other than those listed above will not be revised; such copies will be marked as UNCONTROLLED.
Table of Contents
TOC o “1-3” h z u 1.Introduction2.Purpose3.Scope4.Policy Statement5.Breaches of policy6.Document Management
1. IntroductionBusiness Name Ltd provides many essential services and business functions which rely on ICT technology resources. The use of ICT resources must be in line with good professional working practices, procedures and must ensure the security and integrity of all Business Name Ltd information and data.
2.PurposeThe purpose of this policy is to establish how Business Name Ltd’s ICT facilities and resources must be used.
3.ScopeThe scope of this policy extends to all departments, employees, contractors, vendors and partner agencies who use/access Business Name Ltd’s ICT facilities.
4.Policy Statement4.1Computer UseAll users of Business Name Ltd Computers must ensure at all times that:
Authorisation has been provided to use the ICT facilities with a Domain username and password provided by the IT Department.
User and System account logon passwords are kept private and not shared, displayed or communicated to anyone who does not have a legitimate right to that information.
Business Name Ltd information and data is not permanently saved to PC hard drives – in the event of Business Name Ltd network being unavailable, advice should be sought from the IT Department.
Sensitive and personal data is not knowingly saved on the PC’s hard drive under any circumstances.
Data and Information saved to portable devices via a PC is only copied to a Business Name Ltd approved portable device which is encrypted in accordance with the Encryption Policy.
N.B – Mobile computing devices such as digital cameras and digital dictation devices etc., must not be treated as data storage devices – however, Business Name Ltd accepts that photographs/audio files can also be classed as data and recommends that any photographs/audio files taken are removed from the device(s) and stored on Business Name Ltd network as soon as possible.
Screens/computers are locked by users when away from the computer.
Business Name Ltd computer equipment, such as desktops, (with the exception of laptop and mobile devices authorised for use) are not removed from their location without line management and/or approval from the IT Department.
Unauthorised, non-standard equipment is not plugged-in or inserted into the computer.
Software is not installed on Business Name Ltd IT computer equipment by unauthorised staff (authorised access may include specific duties requiring staff to have administrative access in order to carry out certain job functions) – any software installed must be (or going through the process of being) placed on the approved software list.
Business Name Ltd’s ICT equipment must not be used to store Personal data such as wedding photos, CV’s, music files etc.
Computers are not mishandled, wilfully damaged or tampered with in any way – this includes taking off the PC/laptop case cover, or removing of any screws or fixings.
Any suspicious or unknown equipment near or around PC’s/laptops is reported to the IT Department.
Computers are logged off and shut down when not in use for extended periods (i.e. overnight) and monitors are powered off.
4.2Internet and Email UseInternet
Personal use of the Internet is allowed but not during working hours. You can use the Internet before you start work, during your lunchtime, or after work.
You must not use Business Name Ltd’s Internet or email systems for trading or personal business purposes.
If you use the Internet to buy goods or services, Business Name Ltd will not accept liability for default of payment or for security of any personal information you provide.
Goods must not be delivered to a Business Name Ltd address.
Downloading of video, music files, games, software files and other computer programs – for non-work related purposes – is strictly prohibited. These types of files consume large quantities of storage space on the system (and can slow it down considerably) and may violate copyright laws.
Many Internet sites that contain unacceptable content are blocked automatically by Business Name Ltd’s systems. However, it is not possible to block all “unacceptable” sites electronically. You must not therefore deliberately view, copy or circulate any material that:
Is sexually explicit or obscene.
Is racist, sexist, homophobic, harassing or in any other way discriminatory or offensive.
Contains material the possession of which would constitute a criminal offence.
Promotes any form of criminal activity.
Contains images, cartoons or jokes that will cause offence.
Business Name Ltd records the details of all Internet traffic. This is to protect Business Name Ltd and its employee’s from security breaches, including hacking, and to ensure that ‘unacceptable’ sites are not being visited.
Where possible, personal use of email should be in your own time; limited personal use of email during the working day is allowed, but should be restricted to a total of no more than a few minutes to respond to urgent incoming personal email.
Personal use must not, in any way, distract staff from the effective performance of their duties.
Excessive use is not allowed and may result in disciplinary action including loss of your Internet and email access.
You must not use the email system in any way that is insulting or offensive. You must not deliberately view, copy or circulate any material that:
Is a sexually explicit or obscene
Is racist, sexist, homophobic, harassing or in any other way discriminatory or offensive
Contains material the possession of which would constitute a criminal offence
Promotes any form of criminal activity
Contains unwelcome propositions
Contains images, cartoons or jokes that will cause offence
Appears to be a chain letter
More information is available in the Internet and Email Acceptable Use Policy.
Business Name Ltd routinely produces monitoring information which summarises email use and may lead to further investigation being undertaken.
4.3SecurityBusiness Name Ltd’s computer systems are under continuous threat from hackers, virus/malware infections, data and equipment theft. Business Name Ltd must remain vigilant at all times in order to safeguard information and data and to protect the security and integrity of all ICT systems.
Users of all Business Name Ltd computers and devices must ensure that:
Computers/devices are not given to any unauthorised persons for safe keeping
Computers/devices are not left discarded or unattended in public places.
All portable mobile computing devices and other IT equipment should not be left unattended in any vehicle at any time.
Computers/devices must be adequately protected from physical damage.
Computers/devices are not hired, lent or given out without authorisation from the IT Department.
All Computers/devices which are no longer required or which have reached the end of useful life must be returned via the line manager to the IT Department to be disposed of in accordance with the Disposal of ICT Equipment.
4.4AntivirusAny warnings visible on screen from Business Name Ltd’s Antivirus/Antimalware software about identified/detected threats from viruses/malware should be reported to the IT Department immediately.
4.5Personal DevicesPersonal devices which are not the property of Business Name Ltd, including mobile phones, PDAs, digital pens etc., must not be used to record or capture information relating to Business Name Ltd and its services.
5.Breaches of policyBreaches of this policy and/or security incidents can be defined as events which could have, or have resulted in, loss or damage to Business Name Ltd assets, or an event which is in breach of Business Name Ltd’s security procedures and policies.
All Business Name Ltd employees, partner agencies, contractors and vendors have a responsibility to report security incidents and breaches of this policy as quickly as possible through Business Name Ltd’s Incident Reporting Procedure. This obligation also extends to any external organisation contracted to support or access the Information Systems of Business Name Ltd.
Business Name Ltd will take appropriate measures to remedy any breach of the policy and its associated procedures and guidelines through the relevant frameworks in place. In the case of an individual then the matter may be dealt with under the disciplinary process.
For more information, see the Security Incident Management Policy.
All users of Business Name Ltd’s ICT facilities must comply with this policy and be aware of the ICT Security Policy.
This document forms part of Business Name Ltd’s ISMS Policy and as such, must be fully complied with.
6.Document ManagementThis document is valid as of dd/mm/yyyy.
This document is reviewed periodically and at least annually to ensure compliance with the following prescribed criteria.
Conformance to the requirements of ISO 9001:2015 ; ISO 27001:2013
Legislative requirements defined by law, where appropriate