IT AND ELECTRONIC INFORMATION POLICY

Policy Statement

Our electronic communications systems and equipment are intended to promote effective communication and working practices within our organisation, and are critical to the success of our business. This policy outlines the standards we require users of these systems to observe, the circumstances in which we will monitor use of these systems and the action we will take in respect of breaches of these standards.

Who is covered by the policy?

Access to and usage of servers is restricted to Robinson Services Ltd employees, temporary workers, consultants who use Company computers and other IT equipment as part of their work and the IT support service provider as nominated by the Company.

This policy covers all individuals working at all levels, including Directors, senior managers, managers, employees, consultants, contractors, trainees, part-time and fixed-term employees, temporary, casual and agency workers (for the purposes of this policy collectively referred to as employees). Third parties who have access to our electronic communication systems and equipment are also required to comply with this policy.

The scope and purpose of this policy

This policy deals mainly with the use (and misuse) of computer equipment, e-mail, the internet, telephones and other mobile devices, personal digital assistants (PDAs) and voicemail, but it applies equally to the use of fax machines, copiers, scanners, CCTV, and electronic key fobs and cards.

All employees are expected to comply with this policy at all times to protect our electronic communications systems and equipment from unauthorised access and harm. Where evidence of misuse is found we may undertake a more detailed investigation in accordance with our Disciplinary Procedure, involving the examination and disclosure of monitoring records to those nominated to undertake the investigation and any witnesses or managers involved in the Disciplinary Procedure. If necessary such information may be handed to the police in connection with a criminal investigation.

Personnel responsible for the implementation of this policy

The Senior Management Team has overall responsibility for the effective operation of this policy, but has delegated day-to-day responsibility for its operation to the heads of department/division.

All managers have a specific responsibility to operate within the boundaries of this policy, ensure that all employees understand the standards of behaviour expected of them and to take action when behaviour falls below its requirements.

All employees are responsible for the success of this policy and should ensure that they take the time to read and understand it. Any misuse of our electronic communications systems or equipment should be reported to the HR department. Questions regarding the content or application of this policy should be directed to the HR department.

Responsibility for monitoring and reviewing the operation of this policy and making any recommendations for change to minimise risks to our operations lies with the HR department in conjunction with the IT support service provider. This policy will be reviewed and updated as required. This policy does not form part of any employee’s contract of employment and it may be amended at any time.

Legislation and misuse

All employees are advised that some forms of misuse of IT systems are illegal.

The Computer Misuse Act 1990 sets out several offences in the workplace, some examples of which are outlined below and which serve as an indication only:

  • Misuse of information, that is, the use of information derived from a computer system for a purpose other than that for which it was intended.
  • Hacking (seeking to gain access known to be unauthorised to any programme or data held on computer).
  • Aggravated Hacking (gaining access to Company files to cause the system to fail).
  • Unauthorised modification of data (corrupting data).
  • The unauthorised duplication of software is a breach of copyright and is therefore also an offence.

It should be noted that the confidentiality clause referred to in the Contract of Employment and/or Employee Handbook applies (but not exclusively) to the use of IT Systems and their associated media, whether privately owned or provided by Robinson Services Ltd.

A non-exhaustive list of qualifying media includes email, websites, social networks, web logs (blogs), chat-rooms and forums and applies to any new media not yet in existence.

As a responsible user of licensed software, Robinson Services Ltd will not permit or tolerate the making or use of unauthorised software copies within the organisation under any circumstances. Any breach of this policy will be dealt with via the Company’s Disciplinary Procedure.

Monitoring

The contents of our IT resources and communications systems are our property. Therefore, employees should have no expectation of privacy in any message, files, data, document, facsimile, telephone conversation, social media post conversation or message, or any other kind of information or communications transmitted to, received or printed from, or stored or recorded on our electronic information and communications systems.

We reserve the right to monitor, intercept and review, without further notice, employee activities using our IT resources and communications systems, including but not limited to social media postings and activities. This might include, without limitation, the monitoring, interception, accessing, recording, disclosing, inspecting, reviewing, retrieving and printing of transactions, messages, communications, postings, log-ins, recordings and other uses of the systems as well as keystroke capturing and other network monitoring technologies.

We may store copies of such data or communications for a period of time after they are created, and may delete such copies from time to time without notice.

In addition, emails and voicemails may be checked in your absence from work therefore do not use our IT resources and communications systems for any matter that you wish to be kept private or confidential from the company.

The purpose of such monitoring is to:

• ensure the effective operation of Robinson Services Ltd’s electronic communications systems and to maintain system security;

• investigate and detect unauthorised use of the systems in breach of Robinson Services Ltd policies, such as excessive personal use or distribution of inappropriate material;

• monitor employees’ standards of performance;

• check whether matters need to be dealt with in your absence;

• investigate allegations of misconduct, breach of contract, a criminal offence or fraud by the user or a third party; and

• pursue any other legitimate reason relating to the operation of the business.

This list is not exhaustive.

Systems and data security

  • Employees should not delete, destroy or modify existing systems, programs, information or data which could have the effect of harming our business or exposing it to risk.
  • Employees should avoid downloading or installing software from external sources and if in doubt should consult with the Financial Controller in advance.
  • No device or equipment should be attached to our systems, other than for business use, without the prior approval of the Financial Controller.
  • We monitor all e-mails passing through our system for viruses and content. Employees should exercise caution when opening e-mails from unknown external sources or where, for any reason, an e-mail appears suspicious. The Financial Controller should be informed immediately if a suspected virus is received. We reserve the right to block access to attachments to e-mails for the purpose of effective use of the system and for compliance with this policy. We also reserve the right not to transmit any e-mail message.
  • Employees should not attempt to gain access to restricted areas of the network, or to any password-protected information, unless specifically authorised.
  • Employees using laptops or wi-fi enabled equipment must be particularly vigilant about its use outside the office and take any precautions required by the Financial Controller from time to time against importing viruses or compromising the security of the system. The system contains information which is confidential to our business and/or which is subject to data protection legislation. Such information must be treated with extreme care and in accordance with our Data Protection provisions.

Equipment Security and Passwords

Employees are responsible for the security of the equipment allocated to or used by them, and must not allow it to be used by anyone other than in accordance with this policy.

If given access to the e-mail system or to the internet, employees are responsible for the security of their terminals. If leaving a terminal unattended or on leaving the office they should ensure that they lock their terminal or log off to prevent unauthorised users accessing the system in their absence. Employees without authorisation should only be allowed to use terminals under supervision.

Desktop PCs and cabling for telephones or computer equipment should not be moved or tampered with without first consulting the Financial Controller.

Employees who have been issued with a laptop, Tablet, PDA ,Blackberry (or other mobile devices) must ensure that it is kept secure at all times, especially when travelling.

Employees should also be aware that when using equipment away from the workplace, documents may be read by third parties, for example, passengers on public transport.

Passwords

Company passwords allow individual users access to domain resources. Passwords must not be divulged to any persons either inside or outside the Company (with the exception of Lead personnel where appropriate for problem resolution).

Passwords must be used to secure access to data kept on mobile devises to ensure that confidential data is protected in the event of loss or theft.

For security reasons, passwords should be as obscure as possible, with mixed numbers and letters, upper and lower case.

Users are responsible for data entered under their password and should log off at the end of each session.

For the avoidance of doubt, on the termination of employment (for any reason) employees must provide details of their passwords to their manager and return any equipment, key fobs or cards.

Email

E-mail is a vital business tool, but an informal means of communication, and should be used with great care and discipline.

  • Employees should always consider if e-mail is the appropriate means for a particular communication and correspondence sent by e-mail should be written as professionally as a letter or fax.
  • Messages should be concise and directed only to relevant individuals.
  • The Robinson Service’s name must be included in the signature carried with every message sent. This reflects on the company’s image and reputation. Therefore, e-mail messages must be appropriate and professional. Set out below is the standard company signature that must be used on all external e-mails;

Regards,

Employee Full Name

Job Title/Division

t: 02894 429717 f: 028 9446 3336

Mob No: If Applicable

Email: employee e-mail address

Check out our new website:

Follow us on

(This e-mail is confidential. It is intended for the addressee(s) only. If you are not the intended recipient you are not authorised to and must not disclose, copy, distribute or retain all or part of this e-mail without our authority. If you have received this e-mail in error then please contact us immediately on 02894 429717).

  • Email facilities are to be used for business-related purposes only.
  • Email privacy is not guaranteed and should not be used for formal or legally binding correspondence.
  • Email systems must not be used for political, business or commercial purposes not related to Robinson Services Ltd and must not be used to send illegal or inappropriate material.
  • Messages sent over the email system can give rise to legal action against the Company. Claims of offence, breach of confidentiality or breach of contract could arise from the misuse of the email system.
  • Employees should not send abusive, obscene, discriminatory, racist, harassing, derogatory or defamatory e-mails. Anyone who feels that they have been harassed or bullied, or are offended by material received from a colleague via e-mail should inform their line manager OR the Human Resources Department.
  • Employees should take care with the content of e-mail messages, as incorrect or improper statements can give rise to claims for discrimination, harassment, defamation, breach of confidentiality or breach of contract.
  • Employees should assume that e-mail messages may be read by others and not include anything which would offend or embarrass any reader, or themselves, if it found its way into the public domain.
  • E-mail messages may be disclosed in legal proceedings in the same way as paper documents. All e-mail messages should be treated as potentially retrievable, either from the main server or using specialist software.
  • Viewing pornography, or sending pornographic jokes or stories via email, is considered sexual harassment and will be addressed according to our sexual harassment policy.
  • E-mail messages can carry computer viruses which are particularly dangerous to the Company’s computer operations generally
  • Great care should also be taken when attaching documents as the ease with which employees can download files from the Internet or “cut and paste” materials from electronic sources increases the risks of infringement of the rights of others particularly the intellectual property and other proprietary rights. Also attaching documents may give rise to the release of information not intended, hence, the importance of vetting attachments. If in doubt please consult your manager.
  • Do not subscribe to electronic services or other contracts on behalf of Robinson Services unless you have express authority to do so. Authority for subscriptions including electronic subscriptions such as these, rest with your manager. You have no authority to enter into any binding commitment on behalf of Robinson Services via the e-mail or the Internet.
  • Any important or potentially contentious communication that you have received through e-mail should be printed and a hard copy kept (e.g. confirmation of an order etc.). Where important, you should obtain confirmation that the recipient has received your e-mail.
  • Information received from a customer should not be released to another customer without prior consent of the original sender. If in doubt consult your Manager.
  • Robinson Services reserves the right to review, audit, intercept, access and disclose all messages created, received or sent over the electronic mail system for any purpose. All computer pass codes must be provided to your manager. No pass codes may be used that is unknown to the company.
  • Notwithstanding the company’s rights to retrieve and read any electronic mail messages, such messages should be treated as confidential by other employees and accessed only by the intended recipient. Employees are not authorised to retrieve or read any e-mail messages that are not sent to them. Any exception to this policy must receive prior approval from the employer. However, the confidentiality of any message should not be assumed. Even when a message is erased it is still possible to retrieve and read the message. If any breach of our e-mail policy is observed then disciplinary action up to and including dismissal may be taken.

As a general rule, employees should avoid:

  • sending or forwarding private e-mails at work which they would not want a third party to read;
  • sending or forwarding chain mail, junk mail, cartoons, jokes or gossip;
  • contributing to system congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to those who do not have a real need to receive them;
  • selling or advertising using our communication systems or broadcast messages about lost property; the message board public folder should be used for these purposes;
  • agreeing to terms, enter into contractual commitments or make representations by e-mail unless appropriate authority has been obtained. A name typed at the end of an e-mail is a signature in the same way as a name written at the end of a letter;
  • downloading or e-mailing text, music and other content on the internet subject to copyright protection, unless it is clear that the owner of such works allows this;
  • sending messages from another worker’s computer or under an assumed name unless specifically authorised; or
  • sending confidential messages via e-mail or the internet, or by other means of external communication which are known not to be secure.
  • Employees who receive a wrongly-delivered e-mail should return it to the sender. If the e-mail contains confidential information or inappropriate material (as described above) it should not be disclosed or used in any way.

As a condition of employment, employees consent to the examination of the use and content of all email processed and/or stored by the employee on Robinson Services Ltd systems as required.

All the Robinson Services e-mail addresses (including those directed to persons within the organisation) are Robinson Services Ltd’s property both during and after the termination of that person’s employment with the organisation.

Security Considerations

Email is a potential source of computer viruses which can impersonate or ‘spoof’ known senders’ email addresses, therefore emails received from both known and unknown sources should be treated with caution. You should not open or run any attachment from an unknown source.

If you have doubts about an email from a known source, contact the sender to make sure the mail is legitimate.

Email Space

Mail should be periodically deleted to keep space within reasonable limits(individual attachments may be deleted from emails, leaving the message itself intact).

New data storage and backups

All information/data held on Robinson Services Ltd systems is deemed the property of Robinson Services Ltd.

As a condition of employment, employees consent to the examination of the use and content of all data/information processed and/or stored by the employee on Robinson Services Ltd systems as required.

Data Storage

Data should be periodically archived or deleted to keep space within reasonable limits.