Introduction
This policy outlines the standards which Thebes Group (“the company”) requires all users of its electronic communications systems and equipment to follow. All users are responsible for the success of this policy and must ensure that they have read and understood the policy.
The Company provides access to staff and other users of its electronic communications systems for the primary purpose of enabling the company to operate efficiently. The systems and the data held within the systems is the property of the Company. Any use of the systems for personal use will not be private to the user and will be monitored by the company in accordance with this policy and the relevant legislation.
Compliance with the policy will be monitored on a regular basis by the Company and non-compliance will be dealt with in accordance with the disciplinary procedure. In serious cases non-compliance may be treated as gross misconduct leading to summary dismissal.
- What is covered by the Policy
This policy covers the use of all the electronic communication systems (“the Systems”) belonging to the company including computer equipment, e-mail, internet connection, telephones, Blackberries, personal digital assistants (PSAs), fax machines, copiers, scanners, CCTV, the intranet and electronic key fobs and cards (collectively “the Equipment”).
- Who is Covered by the Policy
This policy covers (referred to collectively as “Users”):
2.1 all individuals working for the Company at all levels and grades (including those on temporary contracts) (“Employees”); and
2.2 third parties who have access to the Company’s electronic communication systems including but not limited to Contractors and sub-contractors.
- Code of Conduct
Email and other forms of direct and/or instant communication
3.1 Users should only use e-mail where it is the appropriate means of communication bearing in mind the content and recipient of the e-mail.
3.2 Users should draft and consider e-mail communication as identical to a letter or fax and address and copy correspondence only to relevant individuals. Hard copies of important e-mails should be kept on the appropriate file.
3.3 Users should assume that e-mail messages will be read by others and messages should not include anything which would offend or embarrass any reader, or themselves, if it found its way into the public domain. E-mail messages may be disclosed in legal proceedings in the same way as paper documents. Deletion from a user’s inbox or archive does not mean that an e-mail is obliterated and all e-mail messages should be treated as potentially retrievable, either from the main server or using specialist software.
3.4 Users should not create, display or transmit e-mails which:
3.4.1 are defamatory, threatening, intimidatory or which could be classed as harassment;
3.4.2 contain obscene, profane or abusive language or material;
3.4.3 contain pornographic material (that is, writings, pictures, films, video clips of a sexually explicit or arousing nature);
3.4.4 contain offensive or derogatory images regarding sex, race, religion, colour, origin, age, physical or mental disability, medical condition or sexual orientation;
3.4.5 contain material which infringe third party’s rights (including intellectual property rights) or are otherwise unlawful or inappropriate;
3.4.6 agree to terms, enter into contractual commitments or make representations by email unless appropriate authority has been obtained;
3.4.7 contain confidential information and other business sensitive information unless authorised to do so and in any event shall ensure all such communication is via a secure and encrypted method of communication
3.4.8 contain multimedia files or large attachments unless necessary and in the normal course of employment.
3.5 Users should not:
3.5.1 send or forward chain mail, junk mail, cartoons, jokes or gossip;
3.5.2 send messages from another User’s computer or under another name other than that of the User unless specifically authorised;
3.6 Any e-mail described in paragraphs 3.4.1 to 3.4.5 above received by a User should not be forwarded and should be reported to a line manager. In all other cases the sender of the e-mail should be referred to this policy and asked to stop sending such material.
3.7 If you feel that you have been harassed or bullied, or are offended by material sent to you by another User, you should inform the line manager.
3.8 Users who receive an e-mail which has been wrongly delivered should notify the sender and on request destroy or return the e-mail. The contents of the e-mail should not be disclosed or used in any way.
Internet Use
3.9 Users should not use the Systems to access any web page or download any files (whether documents, images or other format) which:
3.9.1 are defamatory, threatening or intimidatory or which could be classed as harassment;
3.9.2 contain obscene, profane or abusive language;
3.9.3 contain pornographic material (that is, writings, pictures, films, video clips of a sexually explicit or arousing nature);
3.9.4 contain offensive or derogatory images regarding sex, race, religion, colour, origin, age, physical or mental disability, medical condition or sexual orientation;
3.9.5 infringe third party’s rights (including intellectual property rights) or are otherwise unlawful or inappropriate; or
3.9.6 involve any form of online gambling
3.10 Users should not:
3.10.1 upload to any web-site (whether a personal e-mail account or otherwise) any documents, text, information, images or pictures which belong to the Company unless specifically authorised to do so; or
3.10.2 use the Systems to post messages in an internet chat room, on any internet message board or to set up or log text or information on a blog unless specifically authorised to do so.
3.11 Users are reminded that music, video, text and other content on the internet are copyright works and should not download or e-mail such content to others unless certain that the owner of such works has authorised this.
Personal Use of Systems
3.12 The Company permits the incidental personal use of the Systems provided that:
3.12.1 use must be minimal and take place substantially out of normal working hours (that is, during a worker’s usual lunch hour, before or after standard work hours);
3.12.2 all personal e-mails are labelled “Personal” in the subject header;
3.12.3 it does not interfere in any way with the User carrying out his duties on behalf of the Company;
3.12.4 it does not commit the company to any marginal costs; and
3.12.5 it complies with the Company’s policies including this policy.
Equipment Security
13.13 Users are responsible for the security of the equipment allocated to or used by them, and must not allow it to be used by anyone other than in accordance with this policy.
13.14 If given access to the e-mail system or to the internet, workers are responsible and should ensure they lock their PC (or other access device) terminal or log off to prevent unauthorised users accessing the system in their absence.
13.15 Desktop PCs and cabling for telephones or computer equipment should not be moved or tampered with without first consulting the IT department.
13.16 Passwords are unique to each User and must be changed regularly to ensure confidentiality. Passwords must be kept confidential and must not be made available to anyone else unless otherwise authorised.
13.17 For the avoidance of doubt, on the termination of employment (for any reason) Employees must provide details of their passwords and return any Equipment provided to them.
13.18 Employees who have been issued with a laptop, PDA, Blackberry or mobile phone must ensure that it is kept secure at all times, especially when travelling. Passwords must be used to secure access to data kept on such equipment to ensure that confidential date is protected in the event that the machine is lost or stolen. Mobile equipment should always be locked when not in use so that it cannot be used without entering the user’s log-on ID and/or password.
13.19 Employees should be aware that if using equipment on, for example, public transport, documents can be read by other passengers and should not therefore use equipment in public to display any information which may be confidential or otherwise sensitive.
13.20 Employees should report any item of stolen or lost equipment issued to, or used, by them to their line manager as soon as practically possible who shall report the matter to the police. The incident will be fully investigated, and may be treated as a disciplinary issue.
Systems and Data Security
3.21 Users should not, without the prior approval of the Line manager:
3.31.1 delete, destroy or modify the Systems or any programs, information or data held on them save as necessary in the ordinary course of their employment.
3.31.2 download any file or data received from external sources until virus-checked by the IT department.
3.31.3 access or use online radio, audio and video streaming.
3.21.4 attach a device or item of equipment to the Systems including any USB flash drive, MP3 or similar device, PDA or telephone.
3.21.5 open e-mails from unknown external sources or where, for any reason, an e-mail appears suspicious (for example, if its name ends in. Exe).
3.21.6 attempt to gain access to restricted areas of the network, or to any password-protected information, unless specifically authorised.
3.21.7 use laptops or wi-fi enabled equipment unless on secure encrypted networks.
3.22 All suspicious e-mails should be reported to the IT department as soon as reasonably practicable and no action taken whatsoever (including the deletion of the same) unless specifically authorised by the IT department.
3.23 The Company reserves the right to block access to attachments to e-mails for the purpose of effective use of the Systems and for compliance with this policy.
3.24 Users should be aware at all times that the Systems contains information which is confidential to the Company’s functions, operations and/or which is subject to date protection legislation. Such information must be treated with extreme care.
- Monitoring and Compliance
4.1 The Company reserves the right to monitor the telephone, e-mail, voicemail, web and other communications traffic and to retrieve the contents of email or telephone messages or check searches which have been made on the internet for the following purposes (this list is non-exhaustive):
4.1.1 to monitor whether the use of the Systems is legitimate and in accordance with this policy or other policies of the Company; or
4.1.2 to retrieve messages lost due to computer failure or any other reason; or
4.1.3 to assist in the investigation of any acts which may be in breach of this policy or other policies of the Company; or
4.1.4 to comply with any legal obligation; or
4.1.5 monitoring e-mails and telephone messages during your absences from the Company.
4.2 Monitoring is carried out to ensure compliance with this policy and other policies of the Company and will only be carried out to the extent and as permitted or required by law. Users should be aware that any personal use of the systems may also be monitored and where evidence of misuse is found, as a result of such monitoring or otherwise, the Company may undertake a more detailed investigation in accordance with our disciplinary procedure, involving the examination and disclosure of monitoring records to those nominated to undertake the investigation any witnesses or managers involved in the disciplinary procedure. If necessary such information may be handed to the police in connection with a criminal investigation.
4.3 Misuse or abuse of the Systems in breach of this policy will be dealt with in accordance with our disciplinary procedure. Serious breaches will amount to gross misconduct which can lead to summary dismissal. Misuse can, in certain circumstances, constitute a criminal offense.
4.4 The policy to allow continued personal use is dependent upon its not being abused and the Company reserves the right to withdraw permission from any User, group or Users or all Users or to amend the scope of this policy at any time in its absolute discretion.
4.5 The Company reserves the right to restrict or prevent any User, group or Users or all Users from access to certain telephone numbers or internet sites at any time and in its absolute discretion.
- Enforcement
5.1 The Company’s Managing Director has overall responsibility for this policy.
5.2 The Managing Director, Michael Hall shall have:
5.2.1 day to day responsibility for overseeing and implementing action;
5.2.2 responsibility for monitoring and reviewing the operation of the policy and any recommendations for change.
5.3 The IT department will deal with requests for permission or assistance under any provisions of this policy and may specify certain standards of equipment or procedures to ensure security and compatibility.
5.4 Managers have a specific responsibility to operate within the boundaries of this policy, to facilitate its operation by ensuring that workers understand the standards of behaviour expected of them and to identify and act upon behaviour falling below these standards.
Signed, Michael Hall, Managing Director