Acceptable Use of IT Systems Policy
ACCEPTABLE USE OF I.T. SYSTEMS POLICY
1 POLICY STATEMENT
This policy is designed to protect CTSW Skills Ltd, our employees, learners, customers and Stakeholders from harm caused by the misuse of our IT systems and our data. Misuse includes both deliberate and inadvertent actions.
The repercussions of misuse of our systems can be severe. Potential damage includes, but is not limited to, malware infection (computer viruses), legal and financial penalties for data leakage and lost productivity resulting from network downtime.
Everyone who works at CTSW Skills Ltd is responsible for the security of our IT systems and the data on them. As such, all employees must ensure they adhere to the guidelines in this policy at all times. Should any employee be unclear on the policy of how it impacts their role they should speak to their manager or the IT Support Technician.
This is a universal policy that applies to all Users and all Systems.
Some aspects of this policy affect areas governed by local legislation in certain countries (employee privacy laws): in such cases the need for local legal compliance has clear precedence over this policy within the bounds of that jurisdiction. In such cases local teams should develop and issue users with a clarification of how the policy applies locally.
Staff members at CTSW Skills Ltd who monitor and enforce compliance with this policy are responsible for ensuring that they remain compliant with relevant local legislation at all times.
3 USE OF IT SYSTEMS
3.1 All data stored on CTSW Skills Ltd systems is the property of CTSW Skills Ltd. Users should be aware that the company cannot guarantee the confidentiality of information stored on any CTSW Skills Ltd system except where required to do so by local laws.
3.2 CTSW Skills Ltd systems exist to support and enable the business. A small amount of personal use is, in most cases, allowed. However, it must not in any way be detrimental to users own or their colleagues productivity and nor should it result in any direct costs being borne by CTSW Skills Ltd , other than trivial amounts.
3.3 CTSW Skills Ltd trust employees to be fair and sensible when judging what constitutes an acceptable level of personal use of the company’s IT systems. If employees are uncertain, they should consult their manager.
3.4 CTSW Skills Ltd can monitor the use of its IT systems and the data on it at any time. This may include, except where precluded by privacy laws, examination of the content stored within the email and data files of any user and the examination of the access history of any user.
3.5 CTSW Skills Ltd reserves the right to regularly audit networks and systems to ensure compliance with this policy.
4 DATA SECURITY
4.1 Users must not send, upload, remove on portable media or otherwise transfer to a non CTSW Skills Ltd system any information that is designated as confidential, or that they should reasonably regard as being confidential to CTSW Skills Ltd except where explicitly authorised to do so in the performance of their regular duties.
4.2 Users must keep passwords secure and not allow others to access their accounts. Users must ensure all passwords comply with CTSW Skills Ltd safe password policy of one random 8 letter word.
4.3 Users who are supplied with computer equipment by CTSW Skills Ltd are responsible for the safety and care of that equipment and the security of software and data stored on it and other CTSW Skills Ltd systems that they can access remotely using it.
4.4 All work stations (desktops and laptops) should be secured with a lock-on-idle policy active after, at most, 10 minutes of inactivity. In addition, the screen and keyboard should be manually locked by the responsible user whenever leaving the machine unattended.
4.5 Users who have been charged with the management of those systems are responsible for ensuring that they are at all times properly protected against known threats and vulnerabilities, as far as is reasonably practicable, and compatible with the designated purpose of those systems.
4.6 Users must at all times guard against the risk of malware (e.g. viruses, spyware, Trojan horses, rootkits, worms, backdoors) being imported into CTSW Skills Ltd systems by whatever means and must report any actual or suspected malware infection immediately.
5 UNNACEPTABLE USE
5.1 CTSW Skills Ltd employs the use of Firewall security to block sites which it deems to be inappropriate, which is regularly reviewed. This includes the use of both staff and learner’s own devices when connected to the main CTSW Skills Ltd internal network
5.2 All employees should use their own judgement regarding what is acceptable use of CTSW Skills Ltd systems. The activities below are provided as examples of unacceptable use, however, it is not exhaustive. Should an employee need to contravene these guidelines in order to perform their role, they should consult with an obtain approval from their manager before proceeding:
• All illegal activities. These include theft, computer hacking, malware distribution, contravening copyrights and patents, and using illegal or unlicensed software or services. These also include activities that contravene data protection legislation.
• All activities detrimental to the success of CTSW Skills Ltd. These include sharing sensitive information outside the company, such as research and development information and customer lists, as well as defamation of the company.
• All activities for personal benefit only that have a negative impact on the day-to-day functioning of the business. These include activities that slow down the computer network (e.g. streaming video, playing networked video games).
• All activities that are inappropriate for CTSW Skills Ltd to be associated with and/or are detrimental to the company’s reputation. This includes pornography, gambling, cyberbullying or harassment, inciting hate, websites and videos showing extremism.
• Circumventing the IT security systems and protocols which CTSW Skills Ltd have put in place.
6.1 CTSW Skills Ltd will not tolerate any misuse of its systems and will discipline anyone found to have contravened the policy, including not exercising reasonable judgement regarding acceptable use.
While each situation will be judged on a case-by-case basis, employees and learners should both be aware that consequences may include the termination of their employment and or training.
6.2 Use of any of CTSW Skills Ltd resources for any illegal activity will usually be grounds for Summery dismissal and CTSW Skills Ltd will not hesitate to cooperate with any criminal investigation and prosecution that may result from such activity.