Employee IT User Acceptance Policy

advertisement
Date of Policy
Author
Date approved by Governors
Review date
July 2015
Helen Bounds / Michael Hilton
December 2015
October 2017
Employee IT User Acceptance Policy
The Academy encourages its employees to use e-mail and the internet at work
where this can save time and expense. However, it requires that employees
follow the rules set out within the policy. It is a term of each employee's contract
that he/she complies with these rules, and any serious breach could lead to
dismissal. Any employee who is unsure about whether something he/she
proposes to do might breach this e-mail and internet policy should seek advice
from the IT Manager.
Although the academy encourages the use of e-mail and the internet where
appropriate, their use entails some risks. For example, employees must take care
not to introduce viruses or malware on to the system and must take proper
account of the security advice below. Employees must also ensure that they do
not send libellous statements in e-mails as the academy could be liable for
damages.
These rules are designed to minimise the legal risks to the academy when its
employees use e-mail at work and access the internet. Where something is not
specifically covered in this policy, employees should seek advice from the IT
Manager.
Technology and the law change regularly and this policy will be updated to
account for changes as and when necessary. Employees will be informed when
the policy has changed but it is their responsibility to read the latest version of
this document. The most recent copy is always available on the academy staffshared area.
Use of e-mail
Contents of e-mails
E-mails that employees intend to send should be checked carefully. E-mail should
be treated like any other form of written communication and, as such, what is
1
normally regarded as unacceptable in a letter is equally unacceptable in an email communication.




Be polite and appreciate that other users might have different views from
your own. E-mail should not be used as an outlet for comments that
employee would be unwilling to vocalise. Always remember e-mail
messages can be forwarded and viewed by unexpected readers.
Please try to limit the sending of global e-mails, there are many distribution
groups such as Teachers, Associate Staff, Curriculum Directors,
departments, LSA’s, CPM’s. Please use the relevant distribution group to
avoid unnecessary e/mails.
If you receive an e-mail containing material of a violent, dangerous, racist,
or inappropriate content, always report such messages to a member of the
HR department. The sending or receiving of an e-mail containing content
likely to be unsuitable for schools is strictly forbidden.
Do not put pupil personal details into the header of an e-mail if this could
be seen by a class member, for example all staff e-mails.
The use of e-mail to send or forward messages which are defamatory, obscene
or otherwise inappropriate will be treated as misconduct under the appropriate
disciplinary procedure. In serious cases this could be regarded as gross
misconduct and lead to dismissal.
Equally, if an employee receives an obscene or defamatory e-mail, whether
unwittingly or otherwise and from whatever source, he/she should not forward it
to any other address.
Statements to avoid in e-mails include those criticising the academy, colleagues,
external bodies or their staff, those stating that there are quality problems with
goods or services of suppliers or customers, and those stating that anyone is
incompetent.
Academy information to be included in e-mails
Employees should ensure that official academy information is given on any emails that they send.
Copying in Others – Carbon Copying (CCing)
Employees should exercise care not to copy e-mails automatically to all those
copied in to the original message to which they are replying. Doing so may result
in disclosure of confidential information to the wrong person.
Think about who has been copied into the e-mail you are sending. You should be
able to justify your decision to include them. This can be viewed as a form of
harassment.
2
Attachments
Employees should not attach any files that may contain a virus to e-mails, as the
Academy could be liable to the recipient for loss suffered. The Academy has
virus-checking in place but, if in doubt, employees should check with the IT
department.
Employees should exercise extreme care when receiving e-mails with
attachments from third parties, particularly unidentified third parties, as these may
contain viruses.
Personal use of e-mail
Although the e-mail system is primarily for business use, the Academy
understands that employees may on occasion need to send or receive personal
e-mails using their work address. When sending personal e-mails, employees
should show the same care as when sending work-related e-mails.
Monitoring of e-mail
The Academy reserves the right to monitor employees' e-mails, but will
endeavour to inform an affected employee when this is to happen and the
reasons for it. The Academy considers the following to be valid reasons for
checking an employee's e-mail:




If the employee is absent for any reason and communications must be
checked for the smooth running of the business to continue.
If the Academy suspects that the employee has been viewing or sending
offensive or illegal material, such as material containing racist terminology
or nudity (although the Academy understands that it is possible for
employees inadvertently to receive such material and they will have the
opportunity to explain if this is the case).
If the Academy suspects that an employee has been using the e-mail
system to send and receive an excessive number of personal
communications.
If the Academy suspects that the employee is sending or receiving e-mails
that are detrimental to the Academy.
The following network activities are monitored by IT Help desk:





Disk space (including user home folders)
File types (the storing of executable files in home folders is forbidden in
most circumstances)
E-mail messages are scanned for inappropriate content and attachments
scanned for viruses
Website activity and downloads are logged.
All user network logon and logoff activity is logged.
3
When monitoring e-mails, the Academy will, save in exceptional
circumstances, confine itself to looking at the address and heading of the emails. Employees should mark any personal e-mails as such and encourage
those who send them to do the same. The Academy will avoid, where
possible, opening e-mails clearly marked as private or personal.
The Academy reserves the right to retain information that it has gathered on
employees' use of e-mail for a period of one year.
Mobile Phones and Camera Usage
Mobile phones may be used in academy, as long as their use is appropriate. The
use of a mobile phone must not detract from the quality of supervision and care
of children.
We recognise the importance of mobile phones in academy for communication
purposes, but are aware that casual or inappropriate use of mobile phones in the
Academy could pose a risk to children.
This policy applies to all staff and volunteers, and covers both indoor and outdoor
areas. Failure to adhere to this policy may result in disciplinary action.
If staff have a break time during their working hours, they may use their mobile
phones during these times, in an agreed area not used by children e.g. in the
office / staff room.
Classroom based staff must give the academy telephone number to their next of
kin, in case it is necessary for the staff member to be contacted, in an emergency,
during teaching hours.
Use of internet
Authorised internet users
Where an employee has been provided with a computer with internet access at
his/her desk, he/she may use the internet at work.
Not everyone in the Academy needs access to the internet at work. Anyone who
does not have access but believes that he/she requires it should contact his/her
manager and make a written request, setting out the reasons why access should
be allowed.
Sensible internet use
Where employees are allowed access to the internet at work they are expected
to use it sensibly and in such a manner that it does not interfere with the efficient
running of the Academy. For example, where it would be quicker to make a
4
telephone call than to engage in an internet search for the required information,
then the telephone call should be made.
Employees may be called upon to justify the amount of time they have spent on
the internet or the sites that they have visited.
The Academy encourages employees to become familiar with the internet and
does not currently impose any time limitation on work-related internet use. It trusts
employees not to abuse the latitude given to them, but if this trust is abused it
reserves the right to alter the policy in this respect.
Removing internet access
The Academy reserves the right to deny internet access to any employee at work,
although in such a case it will endeavour to give reasons for doing so.
Registering on websites
Many sites that could be useful for the Academy require registration. Employees
wishing to register as a user of a website for work purposes are encouraged to
do so. However, they should ask their manager before doing this.
Licences and contracts
Some websites require the Academy to enter into licence or contract terms. The
terms should be printed off and sent for approval in advance or e-mailed to the
Finance Department before an employee agrees to them on the Academy's
behalf. In most cases, there will be no objection to the terms and it is recognised
that the free information provided by the website in question may save the
Academy money. Employees should, however, always consider whether the
information is from a reputable source and is likely to be accurate and kept up to
date, as most such contract terms will exclude liability for accuracy of free
information.
Downloading files and software
Any software must be purchased through the IT department. No attempt must
be made to install software onto academy computers as this could create a
security risk.
Using other software and hardware at work
The Academy does not allow employees to bring software or hardware into the
classroom without the IT department's consent and nothing in the e-mail and
internet policy modifies the Academy's general view on this.
5
Personal use of the internet
Although the e-mail system is primarily for business use, the Academy
understands that employees may on occasion need to use the internet for
personal purposes. Employees may access the internet at work for personal
purposes provided that:




such use is limited to a reasonable amount in any day;
the internet is not used to access offensive or illegal material, such as
material containing racist terminology or nudity;
the internet is not used for on-line gaming or on-line gambling;
they do not enter into any contracts or commitments in the name of or on
behalf of the Academy;
Monitoring of Internet Access at Work
The Academy reserves the right to monitor employees' internet usage, The
Academy considers the following to be valid reasons for checking an employee's
internet usage:


If the Academy suspects that the employee has been viewing offensive or
illegal material, such as material containing racist terminology or nudity
(although the Academy understands that it is possible for employees
inadvertently to view such material and they will have the opportunity to
explain if this is the case).
If the Academy suspects that the employee has been spending an
excessive amount of time viewing websites that are not work related.
The Academy reserves the right to retain information that it has gathered on
employees' use of the internet for a period of one year.
Social Networking Sites
Staff must adhere to the following Guidelines for Employee using Social
Networking sites.
As educators we have a professional image to uphold and how we conduct
ourselves online helps determine this image. As reported by the media, there
have been instances of those working in education demonstrating professional
misconduct while engaging in inappropriate dialogue about their academy and/or
students or posting pictures and videos of themselves engaged in inappropriate
activity. Some educators feel that being online shields them from having their
personal lives examined. But increasingly, how educators’ online identities are
too often public and can cause serious repercussions.
6
One of the hallmarks of social networks is the ability to “friend” others – creating
a group of others that share interests and personal news. Do not accept
invitations to friend students within these social networking sites. When students
gain access to a teacher’s or other staff member’s network of friends and
acquaintances and are able to view personal photos, the student-staff dynamic
is altered. It is important to maintain a professional relationship with students to
avoid relationships that could cause bias in the classroom.
For the protection of your professional reputation:
Friends and Friending
 Do not under any circumstances accept current students as friends on





personal social networking sites.
Do not under any circumstances accept current students with siblings still
at the academy as friends on personal social networking sites
Consider your own family members. Do they have pupils/ex-pupils as their
friends?
Decline any student-initiated friend requests.
Do not initiate friendships with students
Remember that people classified as “friends” have the ability to download
and share your information with others.
Content

Do not use commentary deemed to be defamatory, obscene, proprietary,

or libellous. Exercise caution with regards to exaggeration, colourful
language, guesswork, obscenity, copyrighted materials, legal conclusions,
and derogatory remarks or characterisations.
Consider whether a particular posting puts your effectiveness as a teacher
or other professional at risk.
Post only what you want the world to see. Imagine your students, their
parents, your manager, visiting your site. It is not like posting something to



your web site or blog and then realising that a story or photo should be
taken down. On a social networking site, basically once you post
something it may be available, even after it is removed from the site.
Do not discuss students or colleagues or publicly criticise academy
policies or colleagues.
Do not post images that include students.
7
Security




Due to security risks, be cautious when installing the external applications
that work with the social networking site. Examples of these sites are
calendar programs and games.
Run updated malware protection to avoid infections of spyware and
adware that social networking sites might place on your computer.
Be careful not to fall for phishing scams that arrive via email or on your
wall, providing a link for you to click, leading to a fake login page.
Visit your profile’s security and privacy settings. At a minimum, educators
should have all privacy settings set to “only friends”. “Friends of friends”
and “Networks and Friends” open your content to a large group of
unknown people. Your privacy and that of your family may be a risk.
People you do not know may be looking at you, your home, your children,
your grandchildren, - your lives!
Please stay informed and be cautious in the use of all new networking
technologies of employees using the internet to access social networking
websites.
Personal use of the internet
The Academy does not allow access to social networking websites from its
computers at any time.
Personal conduct
The Academy respects an employee's right to a private life. However, the
Academy must also ensure that confidentiality and its reputation are protected.
Security and identity theft
Employees should be aware that social networking websites are a public forum,
particularly if the employee is part of a "network". Employees should not assume
that their entries on any website will remain private. Employees should never
send abusive or defamatory messages.
Employees must also be security conscious and should take steps to protect
themselves from identity theft, for example by restricting the amount of personal
information that they give out. Social networking websites allow people to post
detailed personal information such as date of birth, place of birth and favourite
football team, which can form the basis of security questions and passwords. In
addition, employees should:
8


ensure that no information is made available that could provide a person
with unauthorised access to the Academy and/or any confidential
information; and
refrain from recording any confidential information regarding the Academy
on any social networking website.
Network Security
The computers are provided and maintained for the benefit of all employees. You
are encouraged to use and enjoy these resources and help to ensure they remain
available to all. Remember that access is a privilege, not a right and inappropriate
use will result in that privilege being withdrawn.
Equipment
 Always check computer equipment, particularly laptops, before and after
lessons and report any faults or damage to the IT Help desk via the
helpdesk webpage, by phone or in person.
 Pen drives and external hard drives are not permitted on the academy
network.
 Should an external visitor need to use a pen drive this must be taken to
the ICT helpdesk so they can scan them.
 Always check mobile equipment (e.g. laptops, tablets, smart phones etc.)
are virus free before connecting to the wireless guest network. Nonacademy computers and laptops are not permitted on the curriculum
network.
 Protect the computers from spillages by eating or drinking well away from
the ICT equipment.
 Food and drink is forbidden in the ICT suites.
Security and Privacy






Always lock your door when you leave your office.
Always lock your computer desktop if you are away from your desk for any
period of time.
Always turn off or freeze the projector screen in a classroom environment
before viewing sensitive information.
Protect yourself and the systems, you should respect the security on the
computers; attempting to bypass or alter the settings may put you or your
work at risk.
Ensure that personal data (such as data on e/portal) is kept secure and is
used appropriately, whether in academy, taken off the premises or
accessed remotely.
Computer storage areas are for educational resources these storage
areas are periodically checked for inappropriate or non-educational
content.
9






Regularly review your files in order to save disk space and do not save
personal photographs or music files or executable files in your home
folder.
Ensure that all entries on E-portal are anonymous and do not contain
inappropriate language, errors, acronyms etc. Please be sensitive as
parents will be able to view all entries.
The academy’s Microsoft Agreement entitles employees to install
Microsoft Office onto their home computer, however this must be removed
once employment ends.
When employees leave the academy they must check with the IT
Helpdesk before copying their data (My Documents) to a removable
storage device. Many network shares (e.g. department folders) will contain
sensitive data (such as pupil information) and items which are the
copyright of the academy. The copying of department information and
resources is not permitted. The account will be disabled the day after the
official leaving date. Personal data will be retained for one month.
The use of cloud storage such as Microsoft’s One Drive and Drop box is
permitted but staff should adhere to data protection and security
guidelines.
Password Complexity - Protect your work by keeping your password to
yourself; never use someone else’s logon name or password. The use of
complex passwords is essential by using a mixture of alphanumeric, upper
and lowercases and symbols.
I have read the User Acceptance policy above and will adhere to the guidance
outlined in accordance with the policy.
Signed………………………………… (print name)
Date…………………………………..
10
……………………………
Download