IT AND ELECTRONIC INFORMATION POLICY Policy Statement Our electronic communications systems and equipment are intended to promote effective communication and working practices within our organisation, and are critical to the success of our business. This policy outlines the standards we require users of these systems to observe, the circumstances in which we will monitor use of these systems and the action we will take in respect of breaches of these standards. Who is covered by the policy? Access to and usage of servers is restricted to Robinson Services Ltd employees, temporary workers, consultants who use Company computers and other IT equipment as part of their work and the IT support service provider as nominated by the Company. This policy covers all individuals working at all levels, including Directors, senior managers, managers, employees, consultants, contractors, trainees, part-time and fixedterm employees, temporary, casual and agency workers (for the purposes of this policy collectively referred to as employees). Third parties who have access to our electronic communication systems and equipment are also required to comply with this policy. The scope and purpose of this policy This policy deals mainly with the use (and misuse) of computer equipment, e-mail, the internet, telephones and other mobile devices, personal digital assistants (PDAs) and voicemail, but it applies equally to the use of fax machines, copiers, scanners, CCTV, and electronic key fobs and cards. All employees are expected to comply with this policy at all times to protect our electronic communications systems and equipment from unauthorised access and harm. Where evidence of misuse is found we may undertake a more detailed investigation in accordance with our Disciplinary Procedure, involving the examination and disclosure of monitoring records to those nominated to undertake the investigation and any witnesses or managers involved in the Disciplinary Procedure. If necessary such information may be handed to the police in connection with a criminal investigation. Personnel responsible for the implementation of this policy The Senior Management Team has overall responsibility for the effective operation of this policy, but has delegated day-to-day responsibility for its operation to the heads of department/division. All managers have a specific responsibility to operate within the boundaries of this policy, ensure that all employees understand the standards of behaviour expected of them and to take action when behaviour falls below its requirements. All employees are responsible for the success of this policy and should ensure that they take the time to read and understand it. Any misuse of our electronic communications systems or equipment should be reported to the HR department. Questions regarding the content or application of this policy should be directed to the HR department. Responsibility for monitoring and reviewing the operation of this policy and making any recommendations for change to minimise risks to our operations lies with the HR department in conjunction with the IT support service provider. This policy will be reviewed and updated as required. This policy does not form part of any employee’s contract of employment and it may be amended at any time. Legislation and misuse All employees are advised that some forms of misuse of IT systems are illegal. The Computer Misuse Act 1990 sets out several offences in the workplace, some examples of which are outlined below and which serve as an indication only: Misuse of information, that is, the use of information derived from a computer system for a purpose other than that for which it was intended. Hacking (seeking to gain access known to be unauthorised to any programme or data held on computer). Aggravated Hacking (gaining access to Company files to cause the system to fail). Unauthorised modification of data (corrupting data). The unauthorised duplication of software is a breach of copyright and is therefore also an offence. It should be noted that the confidentiality clause referred to in the Contract of Employment and/or Employee Handbook applies (but not exclusively) to the use of IT Systems and their associated media, whether privately owned or provided by Robinson Services Ltd. A non-exhaustive list of qualifying media includes email, websites, social networks, web logs (blogs), chat-rooms and forums and applies to any new media not yet in existence. As a responsible user of licensed software, Robinson Services Ltd will not permit or tolerate the making or use of unauthorised software copies within the organisation under any circumstances. Any breach of this policy will be dealt with via the Company’s Disciplinary Procedure. Monitoring The contents of our IT resources and communications systems are our property. Therefore, employees should have no expectation of privacy in any message, files, data, document, facsimile, telephone conversation, social media post conversation or message, or any other kind of information or communications transmitted to, received or printed from, or stored or recorded on our electronic information and communications systems. We reserve the right to monitor, intercept and review, without further notice, employee activities using our IT resources and communications systems, including but not limited to social media postings and activities. This might include, without limitation, the monitoring, interception, accessing, recording, disclosing, inspecting, reviewing, retrieving and printing of transactions, messages, communications, postings, log-ins, recordings and other uses of the systems as well as keystroke capturing and other network monitoring technologies. We may store copies of such data or communications for a period of time after they are created, and may delete such copies from time to time without notice. In addition, emails and voicemails may be checked in your absence from work therefore do not use our IT resources and communications systems for any matter that you wish to be kept private or confidential from the company. The purpose of such monitoring is to: • ensure the effective operation of Robinson Services Ltd’s electronic communications systems and to maintain system security; • investigate and detect unauthorised use of the systems in breach of Robinson Services Ltd policies, such as excessive personal use or distribution of inappropriate material; • monitor employees’ standards of performance; • check whether matters need to be dealt with in your absence; • investigate allegations of misconduct, breach of contract, a criminal offence or fraud by the user or a third party; and • pursue any other legitimate reason relating to the operation of the business. This list is not exhaustive. Systems and data security Employees should not delete, destroy or modify existing systems, programs, information or data which could have the effect of harming our business or exposing it to risk. Employees should avoid downloading or installing software from external sources and if in doubt should consult with the Financial Controller in advance. No device or equipment should be attached to our systems, other than for business use, without the prior approval of the Financial Controller. We monitor all e-mails passing through our system for viruses and content. Employees should exercise caution when opening e-mails from unknown external sources or where, for any reason, an e-mail appears suspicious. The Financial Controller should be informed immediately if a suspected virus is received. We reserve the right to block access to attachments to e-mails for the purpose of effective use of the system and for compliance with this policy. We also reserve the right not to transmit any e-mail message. Employees should not attempt to gain access to restricted areas of the network, or to any password-protected information, unless specifically authorised. Employees using laptops or wi-fi enabled equipment must be particularly vigilant about its use outside the office and take any precautions required by the Financial Controller from time to time against importing viruses or compromising the security of the system. The system contains information which is confidential to our business and/or which is subject to data protection legislation. Such information must be treated with extreme care and in accordance with our Data Protection provisions. Equipment Security and Passwords Employees are responsible for the security of the equipment allocated to or used by them, and must not allow it to be used by anyone other than in accordance with this policy. If given access to the e-mail system or to the internet, employees are responsible for the security of their terminals. If leaving a terminal unattended or on leaving the office they should ensure that they lock their terminal or log off to prevent unauthorised users accessing the system in their absence. Employees without authorisation should only be allowed to use terminals under supervision. Desktop PCs and cabling for telephones or computer equipment should not be moved or tampered with without first consulting the Financial Controller. Employees who have been issued with a laptop, Tablet, PDA ,Blackberry (or other mobile devices) must ensure that it is kept secure at all times, especially when travelling. Employees should also be aware that when using equipment away from the workplace, documents may be read by third parties, for example, passengers on public transport. Passwords Company passwords allow individual users access to domain resources. Passwords must not be divulged to any persons either inside or outside the Company (with the exception of Lead personnel where appropriate for problem resolution). Passwords must be used to secure access to data kept on mobile devises to ensure that confidential data is protected in the event of loss or theft. For security reasons, passwords should be as obscure as possible, with mixed numbers and letters, upper and lower case. Users are responsible for data entered under their password and should log off at the end of each session. For the avoidance of doubt, on the termination of employment (for any reason) employees must provide details of their passwords to their manager and return any equipment, key fobs or cards. Email E-mail is a vital business tool, but an informal means of communication, and should be used with great care and discipline. Employees should always consider if e-mail is the appropriate means for a particular communication and correspondence sent by e-mail should be written as professionally as a letter or fax. Messages should be concise and directed only to relevant individuals. The Robinson Service’s name must be included in the signature carried with every message sent. This reflects on the company’s image and reputation. Therefore, e-mail messages must be appropriate and professional. Set out below is the standard company signature that must be used on all external e-mails; Regards, Employee Full Name Job Title/Division t: 02894 429717 f: 028 9446 3336 Mob No: If Applicable Email: employee e-mail address Check out our new website: www.robinson-services.com Follow us on https://twitter.com/robinsonservfm https://www.facebook.com/Robinsonservicesltd http://tinyurl.com/njljx3f (This e-mail is confidential. It is intended for the addressee(s) only. If you are not the intended recipient you are not authorised to and must not disclose, copy, distribute or retain all or part of this e-mail without our authority. If you have received this e-mail in error then please contact us immediately on 02894 429717). Email facilities are to be used for business-related purposes only. Email privacy is not guaranteed and should not be used for formal or legally binding correspondence. Email systems must not be used for political, business or commercial purposes not related to Robinson Services Ltd and must not be used to send illegal or inappropriate material. Messages sent over the email system can give rise to legal action against the Company. Claims of offence, breach of confidentiality or breach of contract could arise from the misuse of the email system. Employees should not send abusive, obscene, discriminatory, racist, harassing, derogatory or defamatory e-mails. Anyone who feels that they have been harassed or bullied, or are offended by material received from a colleague via e-mail should inform their line manager OR the Human Resources Department. Employees should take care with the content of e-mail messages, as incorrect or improper statements can give rise to claims for discrimination, harassment, defamation, breach of confidentiality or breach of contract. Employees should assume that e-mail messages may be read by others and not include anything which would offend or embarrass any reader, or themselves, if it found its way into the public domain. E-mail messages may be disclosed in legal proceedings in the same way as paper documents. All e-mail messages should be treated as potentially retrievable, either from the main server or using specialist software. Viewing pornography, or sending pornographic jokes or stories via email, is considered sexual harassment and will be addressed according to our sexual harassment policy. E-mail messages can carry computer viruses which are particularly dangerous to the Company’s computer operations generally Great care should also be taken when attaching documents as the ease with which employees can download files from the Internet or “cut and paste” materials from electronic sources increases the risks of infringement of the rights of others particularly the intellectual property and other proprietary rights. Also attaching documents may give rise to the release of information not intended, hence, the importance of vetting attachments. If in doubt please consult your manager. Do not subscribe to electronic services or other contracts on behalf of Robinson Services unless you have express authority to do so. Authority for subscriptions including electronic subscriptions such as these, rest with your manager. You have no authority to enter into any binding commitment on behalf of Robinson Services via the e-mail or the Internet. Any important or potentially contentious communication that you have received through e-mail should be printed and a hard copy kept (e.g. confirmation of an order etc.). Where important, you should obtain confirmation that the recipient has received your e-mail. Information received from a customer should not be released to another customer without prior consent of the original sender. If in doubt consult your Manager. Robinson Services reserves the right to review, audit, intercept, access and disclose all messages created, received or sent over the electronic mail system for any purpose. All computer pass codes must be provided to your manager. No pass codes may be used that is unknown to the company. Notwithstanding the company’s rights to retrieve and read any electronic mail messages, such messages should be treated as confidential by other employees and accessed only by the intended recipient. Employees are not authorised to retrieve or read any e-mail messages that are not sent to them. Any exception to this policy must receive prior approval from the employer. However, the confidentiality of any message should not be assumed. Even when a message is erased it is still possible to retrieve and read the message. If any breach of our e-mail policy is observed then disciplinary action up to and including dismissal may be taken. As a general rule, employees should avoid: sending or forwarding private e-mails at work which they would not want a third party to read; sending or forwarding chain mail, junk mail, cartoons, jokes or gossip; contributing to system congestion by sending trivial messages or unnecessarily copying or forwarding e-mails to those who do not have a real need to receive them; selling or advertising using our communication systems or broadcast messages about lost property; the message board public folder should be used for these purposes; agreeing to terms, enter into contractual commitments or make representations by e-mail unless appropriate authority has been obtained. A name typed at the end of an e-mail is a signature in the same way as a name written at the end of a letter; downloading or e-mailing text, music and other content on the internet subject to copyright protection, unless it is clear that the owner of such works allows this; sending messages from another worker’s computer or under an assumed name unless specifically authorised; or sending confidential messages via e-mail or the internet, or by other means of external communication which are known not to be secure. Employees who receive a wrongly-delivered e-mail should return it to the sender. If the email contains confidential information or inappropriate material (as described above) it should not be disclosed or used in any way. As a condition of employment, employees consent to the examination of the use and content of all email processed and/or stored by the employee on Robinson Services Ltd systems as required. All the Robinson Services e-mail addresses (including those directed to persons within the organisation) are Robinson Services Ltd’s property both during and after the termination of that person’s employment with the organisation. Security Considerations Email is a potential source of computer viruses which can impersonate or ‘spoof’ known senders’ email addresses, therefore emails received from both known and unknown sources should be treated with caution. You should not open or run any attachment from an unknown source. If you have doubts about an email from a known source, contact the sender to make sure the mail is legitimate. Email Space Mail should be periodically deleted to keep space within reasonable limits (individual attachments may be deleted from emails, leaving the message itself intact). New data storage and backups All information/data held on Robinson Services Ltd systems is deemed the property of Robinson Services Ltd. As a condition of employment, employees consent to the examination of the use and content of all data/information processed and/or stored by the employee on Robinson Services Ltd systems as required. Data Storage Data should be periodically archived or deleted to keep space within reasonable limits. Backups Data backups of all data stored on network drives are undertaken daily. Data stored locally on users’ PCs and laptops (e.g. C drive or My Documents or the Desktop) is not backed up. It is the users’ responsibility to ensure that all data for backup is moved to a networked drive. IT equipment procurement, removal and relocation Procurement All new equipment requests should be submitted to the Financial Controller by the relevant Director/Manager in good time. All requests will be reviewed for appropriateness for their intended use and approved by the Finance Director. All planning and funding relating to new IT equipment will be approved centrally by the Finance Director. All Purchase Orders for new IT equipment will be raised centrally. Removal All leavers from the Company should be notified to the HR Department and Financial Controller using the Company Leavers Form so accounts can be disabled and equipment removed. This is especially important for security reasons. Relocations All equipment moves or transfers should be submitted to the Financial Controller. Screen Savers, Wallpapers and other Software Screen Savers and Wallpapers should not be personalised. Users are expressly forbidden from installing any type of software on their systems (including software downloaded from the Internet). All new software installation requests should be submitted to the Financial Controller. The use of unapproved memory cards/sticks or other storage devices is expressly forbidden for security reasons. Printers Access to printers is controlled centrally. All new printer access requests should be submitted to the Financial Controller. Abuse of print facilities (such as non-business related printing activity) is not permitted. Disposal of IT Equipment All unwanted IT equipment should be returned to the Financial Controller. Social Networking/Blogs A ‘blog’ is a personal or corporate website in which the author writes, as their reflection on a given subject evolves, their opinions, impressions, etc., so as to make them public and receive reactions and comments about them. ‘Social networking’ is taken to mean the use of sites such as Facebook, LinkedIn, Twitter and MySpace to interact socially with others. Similarly, more traditional internet forums and bulletin boards come within the scope of these standards. The Company does not permit the use of social networking sites/weblogs or other similar electronic two-way communication whilst at work, as confidential information and the reputation of Robinson Services Ltd must be protected. The only exception is if the use is expressly related to the job role (clarity should be sought from the HR Department). The Company does not encourage employees to write about their work in any way and would prefer them not to do so when outside of work. If employees choose to do so then they should follow the guidelines in this policy and ensure that any entries are not deemed to be inappropriate or detrimental to Robinson Services Ltd. Employees should be aware that social networking web-sites are public forums, particularly if they form part of a ‘network’. Therefore, it should not be assumed that entry on any web-sites will remain private. In order to protect personal information, Robinson Services Ltd reserve the right to remove any posts from our social media channels or those of our clients, should we feel that the information contained within the post poses a risk to the users’ privacy or personal information. Compliance with related policies and agreements Social media should never be used in a way that breaches any of our other policies. If an internet post would breach any of our policies in another forum, it will also breach them in an online forum. Employees are prohibited from using social media to: breach any other of the Company policies or procedures, e.g. employee handbook, core principles, etc. comment on any aspect of Robinson Services Ltd; i.e. do not reveal confidential or commercially sensitive information/ information from internal meetings, etc (If you are unclear as to what the Company class as commercially sensitive information please contact the HR department). post or display the company logos, brand names, slogans or other trademarks. breach any obligations they and/or we may have relating to confidentiality. defame or disparage the organisation or its employees, business partners, suppliers, customers, or any of their customers, employees or any other member of the public using their services whom you have came into contact with as a result of your work. circulate chain letters or other spam through Social Media to your colleagues. circulate or post commercial, personal, religious or political solicitations or promotions of outside organisations unrelated to the company’s business. provide a person with unauthorised access to the Company any confidential information. record any confidential information regarding the Company on any website. harass or bully employees, colleagues, customers, or any other stakeholder in any way. breach our Equal Opportunities and Dignity at Work Policy for example by posting unacceptable content including (but not limited to) sexual comments or images, racial slurs, gender-specific comments, or other comments or images that could reasonably offend someone on the basis of race, age, sex, religious or political beliefs, national origin, disability, sexual orientation, or any other characteristic protected by law. disclose personal data that may breach the Data Protection Act 1998 (for example, never disclose personal information about a colleague online). upload photos of colleagues unless you have their permission to do so. breach any other laws or ethical standards (for example, never use social media in a false or misleading way, such as by claiming to be someone other than yourself or by making misleading statements). provide references for other individuals on social or professional networking sites, as such references, positive and negative, can be attributed to the company and create legal liability for both the author of the reference and the company. breach copyright. When using social networking websites or weblogs outside of the workplace we are asking employees to: Take care not to allow interaction on these websites to damage working relationships between employees, business partners and clients of Robinson Services Ltd Disengage from any dialogue in a polite manner and seek advice of the HR department if you find/encounter a situation while using social media, that threatens to become antagonistic. Use Disclaimers - You should make it clear in social media postings that you are speaking on your own behalf. If you disclose your affiliation as an employee of our company, you must also state that your views do not represent those of your employer. For example, you could state, "the views in this posting do not represent the views of my employer". You should also ensure that your profile and any content you post are consistent with the professional image you present to business partners and colleagues. Refer any enquiries from press, other media or legal personnel generated as a result of social media networks, blogs or other types of online content to the HR department. Report immediately to your manager, any content you see in social media that disparages or reflects poorly on our company, customers or any other of our stakeholders. All employees are responsible for protecting our business reputation. Be security conscious. Take steps to protect yourself from identity theft, i.e. by restricting the amount of personal information given out. Use of a social networking site/weblog which is deemed to be detrimental to Robinson Services Ltd will be addressed using the disciplinary procedure. Remember that you are legally liable for anything you write or present online. Employees can be disciplined by the company for commentary, content, or images that are defamatory, pornographic, harassing, libellous, that can create a hostile work environment or that may bring the company into disrepute. You could also be sued by colleagues, competitors, and any individual or company that views your commentary, content, or images as defamatory, pornographic, harassing, libellous or creating a hostile work environment. Internet Usage The use of the internet is an important business tool, however careless or inappropriate use of the company’s internet system can have serious consequences. Internet use also brings the possibility of breaches to the security of confidential Company information. Internet use also creates the possibility of contamination to our system via viruses. Internet use, on Company time, is authorised where such use supports the goals and objectives of the business. However, access to the Internet through Robinson Services Ltd is a privilege and all employees must adhere to the rules around internet usage by: complying with current legislation using the internet in an acceptable way not creating unnecessary business risk to the company by misuse Employees are expected to use the Internet responsibly and productively. Internet access is limited to job-related activities only and personal use is not permitted. Job-related activities include research and tasks that may be completed via the Internet that would help in an employee's role. All Internet data that is composed, transmitted and/or received by Robinson Services Ltd is considered to belong to Robinson Services Ltd and is recognised as part of its official data. It is therefore subject to disclosure for legal reasons or to other appropriate third parties. When a website is visited, devices such as cookies, tags or web beacons may be employed to enable the site owner to identify and monitor visitors. If the website is of an inappropriate nature, such a marker could be a source of embarrassment to the visitor and the Company, especially if inappropriate material has been accessed, downloaded, stored or forwarded from the website. Such actions may also, in certain circumstances, amount to a criminal offence if, for example, the material is pornographic in nature. Employees should therefore not access any web page or any files (whether documents, images or other) downloaded from the internet which could, in any way, be regarded as illegal, offensive, in bad taste or immoral. While content may be legal in the UK, it may be in sufficient bad taste to fall within this prohibition. As a general rule, if any person (whether intended to view the page or not) might be offended by the contents of a page, or if the fact that our software has accessed the page or file might be a source of embarrassment if made public, then viewing it will be a breach of this policy. The equipment, services and technology used to access the Internet are the property of Robinson Services Ltd and the company reserves the right to monitor Internet traffic and monitor and access data that is composed, sent or received through its online connections All sites and downloads may be monitored and/or blocked by Robinson Services Ltd if they are deemed to be harmful and/or not productive to business. Inappropriate Use Employees must not under any circumstances access inappropriate or offensive websites or distribute or obtain similar material through the internet or email when using the organisation’s equipment, even in their own time. Unacceptable use of the internet by employees includes, but is not limited to: Access to sites that contain offensive, obscene, hateful, pornographic (that is, writing, pictures, films and video clips of a sexually explicit or arousing nature), unlawful, violent or otherwise illegal material Sending or posting discriminatory, harassing, or threatening messages or images on the Internet or via Robinson Services Ltd email service Using the organisation's time and resources for personal gain Using computers to perpetrate any form of fraud, and/or software, film or music piracy Undertaking deliberate activities that waste employee effort or networked resources Stealing, using, or disclosing someone else's password without authorisation Downloading, copying or pirating software and electronic files that are copyrighted or without authorisation revealing confidential information about Robinson Services Ltd in a personal online posting, upload or transmission - including financial information and information relating to our customers, business plans, policies, employees and/or internal discussions Hacking into unauthorised websites, or those of other organisations or people Sending or posting information that is defamatory to the company, its products/services, colleagues and/or customers Introducing malicious software onto the company network and/or jeopardizing the security of the organization's electronic communications systems Sending or posting chain letters, solicitations, or advertisements not related to business purposes or activities Passing off personal views as representing those of the organization Engaging in unauthorised transactions that may incur a cost to the organisation or initiate unwanted internet services and transmissions Using the internet for political causes or activities, religious activities, or any sort of gambling Sending anonymous email messages Engaging in any other illegal activities Robinson Services Ltd has the final decision as to whether it considers particular material to be inappropriate under this policy. If you are unsure whether particular material would be considered appropriate by Robinson Services Ltd you should seek clarification from the HR Manager before accessing or distributing such material. If you receive material which contains or you suspect contains inappropriate material or you access such material on the internet inadvertently, you must immediately report this to your immediate manager who will tell you what to do and not under any circumstances forward, show to anyone else or otherwise distribute the material. Recruitment We do not permit the use of internet searches for recruitment purposes. However we may advertise opportunities for work at Robinson Services via online forums. Company-owned information held on third-party websites If you produce, collect and/or process business-related information in the course of your work, the information remains the property of Robinson Services Ltd. This includes such information stored on third-party websites such as webmail service providers and social networking sites, such as Facebook and LinkedIn.