====== Acceptable Use Policy 2023 Version 2.00 ====== ===== 1. Purpose ===== This Acceptable Use Policy is intended to provide a framework governing the use of all IT resources across all platforms which the company operates. It should be interpreted such that it has the widest application and so as to include new and developing technologies and uses, which may not be explicitly referred to. ===== 2. Scope ===== This policy applies to ALL Users of the IT systems provided by the company, are bound by the provisions of its policies in addition to this Acceptable Use Policy. You agree to be bound by this policy every time you login to our systems, and a record of that is stored with your employee record. Inherent within this policy are the inclusion of the companies [[privacy_policy]], [[new_employee_introduction|Data Protection Introduction - Training TR1]], [[training:basic_training|Basic System Training]], and those defined within your contract of employment. ===== 3. Policy ===== This Acceptable Use Policy is taken to include Data Protection Policies. ===== 4. Definitions of Unacceptable Use ===== The company network is defined as all computing, telecommunication, and networking facilities provided by the company, with particular reference to all computing devices, either personal, cloud or company owned, connected to systems and services supplied on-premises or remotely. The conduct of all Users when using the companies IT systems should always be in line with the provided training and scripting, including the use of online and social networking platforms. ==== Unacceptable use includes ==== * Creation or transmission, or causing the transmission, of any offensive, obscene or indecent images, data or other material, or any data capable of being resolved into obscene or indecent images or material. * Creation or transmission of material which is subsequently used to facilitate harassment, bullying and/or victimisation of a employee (past or present) or a third party or which promotes discrimination on the basis of race, gender, religion or belief, disability, age or sexual orientation. * Creation or transmission of material with the intent to defraud or which is likely to deceive a third party or which advocates or promotes any unlawful act. * Unlawful material, or material that is defamatory, threatening, discriminatory, extremist or which has the potential to radicalise themselves or others. * Unsolicited or bulk email (spam), forge addresses, or use mailing lists other than for legitimate purposes related to official companies activities. * Material that infringes the intellectual property rights or privacy rights of a third party, or that is in breach of a legal duty owed to another party. * Material that brings the company into disrepute. * Deliberate unauthorised access to networked systems or services or attempts to circumvent security systems. * Use of any kind of VPN or Proxy that hides your public IP Address. Deliberate activities having, with reasonable likelihood, any of the following characteristics: * Wasting staff effort or time unnecessarily on IT management. * Corrupting or destroying data. * Violating the privacy of other staff, clients or customers. * Distributing or Reproducing documents or data provided to you in commercial confidence. * Continuing to use services after a request that use should cease because it is causing disruption to the correct functioning of the network. * Other misuse of network resources, such as the introduction of computer viruses, malware, or other harmful software. * Any breach of industry good practice that is likely to damage the reputation of the company will also be regarded as unacceptable use of the network. * Introduce data-interception, password-detecting or similar software or devices to ANY device included in the operation of company work. ===== 5. Monitoring ===== The company records and monitors the use of its IT networks and systems, for the purposes of: * The effective and efficient planning and operation of the IT services * Comprehensive Auditing of user behaviour for the purposes of Systems Security and Development * Complying with our obligations to our clients to justify our work product * Investigation, detection and prevention of infringement of the law, this policy or other company policies * Investigation of alleged misconduct by anyone The company will comply with lawful requests for information from government and law enforcement agencies providing sufficient justification or legal instrument is provided. Users must not attempt to monitor the use of the IT systems without explicit authority to do so. Where there is a requirement to access the account of another employee, authorisation must be obtained from the IT or HR departments and this must be in writing. ===== 6. Consequences of Breach ===== In the event of any failure to comply with the conditions of this Acceptable Use Policy, the company may in its sole discretion * Restrict or terminate an employee's access to the systems/services * Withdraw or remove any material uploaded in contravention of this Policy * Where appropriate, disclose information to law enforcement agencies and take any legal action against an employee (past or present) for breach of this Policy, including but not limited to claiming all costs, fees and disbursements (including but not limited to legal fees) connected therewith * Any disciplinary action, arising from breach of this policy, shall be taken in accordance with the companies [[disciplinary_policy|Disciplinary Policy]]. Disciplinary action may ultimately lead to dismissal ===== 7. Deviations from Policy ===== Unless specifically approved, any deviation from this policy is strictly prohibited. Any deviation from or non-compliance with this policy shall be reported to the Head of IT. ===== 8. Legal Frameworks included by law into this Policy ===== The use of systems and resources are subject to the following statutes and regulations: * The Copyright, Designs and Patents Act 1988 * Computer, Copyright Software Amendment Act 1985 * The Computer Misuse Act 1990 * The Data Protection Act 1998/2018 * General Data Protection Regulation (GDPR) (EU) 2016/679 * The Electronic Communications Act 2000 * The Freedom of Information Act 2002 * The Regulation of Investigatory Powers Act 2000 * Trade Marks Act 1994 * Criminal Justice and Public Order Act 1994