Staff Handbook - IT Systems and Equipment

TENET GROUP Ltd

Staff Handbook - IT Systems and Equipment

Version 16

1

Contents Contents.....................................................................................................................................2

Introduction ...............................................................................................................................4

Changes in Version 16................................................................................................................5

Guidelines ..................................................................................................................................6

Definitions / Glossary.............................................................................................................7

1. IT Support...........................................................................................................................9

The people .........................................................................................................................9

The location .......................................................................................................................9

Opening hours....................................................................................................................9

Getting in touch by phone .................................................................................................9

To log a call ......................................................................................................................10

2. Equipment, Damage and Repairs.....................................................................................14

Laptops.............................................................................................................................14

Desktops...........................................................................................................................14

Smartphones and Tablets ................................................................................................14

3. Work Area ........................................................................................................................15

Docking Stations...............................................................................................................15

Security ............................................................................................................................15

4. Good Working Practices...................................................................................................16

Desktop Computers .........................................................................................................16

Desktop Phones ...............................................................................................................16

Microsoft Patches ............................................................................................................16

Endpoint Control..............................................................................................................16

Office Telephone System.................................................................................................17

Smartphones....................................................................................................................24

HOTPin Smartphone App / Key Fob Tokens ....................................................................24

VPN...................................................................................................................................26

Wireless............................................................................................................................27

E-mail ...............................................................................................................................27

X-Drive..............................................................................................................................30

Using Company Equipment for Personal Use..................................................................30

Using Personal Equipment at Work.................................................................................31

Laptops.............................................................................................................................31

IT Acceptable Usage Policy ......................................................................................................33

2

1. Scope................................................................................................................................34

2. Responsibilities ................................................................................................................35

3. Company Network Policy.................................................................................................36

4. E-mail Policy .....................................................................................................................38

5. Internet Usage Policy .......................................................................................................39

6. Password Security Policy..................................................................................................40

7. Software Usage Policy......................................................................................................41

8. Anti-Virus / Malware Policy .............................................................................................42

9. Data Security Policy..........................................................................................................43

10. Data Storage Policy ........................................................................................................44

11. Loss, Damage and Disposal Policy .................................................................................45

12. Software and Hardware Auditing Policy........................................................................46

3

Introduction

Hi,

My name is Luke Ledbrook, I am the Team Leader for the Support Team within the IT Department.

This handbook has been written with the goal of helping you do your job easier and know the rules that you should be adhering to either with equipment we have provided, or your own equipment. This handbook has two sections, the first titled simply ‘Guidelines’ contains information and help on your everyday common questions. It is the consolidation of our FAQ and experiences when dealing with staff on a day to day basis. Its purpose is to help you help yourself, until the point comes when you need to contact us.

The second section titled ‘IT Acceptable Usage Policy (IT AUP) are the rules that you agree to under section 25 (Rules, policies and procedures) of your employment contract.

The Company guidelines and policies change from time to time; therefore you are encouraged to refer to on-line versions to double check you are benefiting from the most up to date information, the version of this document can be found on the front page. My objective when writing this was to have one document that you could reference for assistance whilst working at Tenet, providing a stop gap between helping yourself and contacting IT Support. I hope I have succeeded, and if not please tell me. Point out what could be better, shorter, longer, more detailed or less detailed.

After all, me and my team are here to support you, and this document is the first step towards that.

Thank you

4

Changes in Version 16

1. Changed some staff details 2. Updated Photos 3. Telephone Instructions Updated

5

Guidelines

6

Definitions / Glossary

User This is you, someone who uses equipment either your own or provided by us that you connect to our network, which can be remotely or in the office.

The Company This is Tenet Group Ltd.

IT Information Technology, and the department that looks after this is on the Lower Ground Floor of 5 Lister Hill. We are split into 4 different sub teams; these are Projects, Solution Development, Support and Infrastructure / Security.

More often than not you, as a user will be contacting the Support Department, more information on them can be found in the next section ‘IT Support’.

Desktop A computer base station, also comes with a monitor, keyboard and mouse.

Docking Station A unit that you can plug your laptop into, this is called ‘docking’. The purpose of docking is so that you don’t have to plug all the cables in one by one to your laptop. You simply click the laptop in place and it connects to everything necessary. Smartphone A smartphone is a mobile phone built on a mobile computing platform, with more advanced computing ability and connectivity than a feature phone. Our current model of Smartphone is the HTC Desire S. Good An application that works with a Smartphone or tablet computer which allows you to securely read your company E-mails. Tablet Computer A tablet computer, or a tablet, is a mobile computer, larger than a mobile phone or personal digital assistant, integrated into a flat touch screen and primarily operated by touching the screen rather than using a physical keyboard, such as the Apple IPad or Samsung Galaxy Tab.

4G, 3G and HSDPA The high speed mobile network used by Smartphone’s to send and receive data.

GPRS and EDGE The low speed mobile network used by Smartphone’s to send and receive data.

Patching

7

A piece of code added to software in order to fix a bug, commonly as a temporary correction. (e.g. Microsoft Updates, Office Updates)

Newsgroup A discussion group on a specific topic that is maintained on a computer network

Hacking In common usage, a hacker is a person who breaks into computers and attempts to bypass security measures with various tools Phishing Phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication

8

1. IT Support

The people

Sam Brady – Started with us on 16/02/15, is an IT Support Trainee

Ashley Argyle – Started with us on 05/03/2012, is an IT Support Technician and deals with our faults and requests.

Luke Ledbrook – started with us on 02/08/2004 and looks after the IT Support team

The location IT Support is located on the Lower Ground Floor of 5 Lister Hill, in the same area as General Office near the kitchen. Opening hours We are manned from 08:30 in the morning until 17:00. When one of us is out of the office due to sickness or holiday we are manned from 09:00 until 17:00

Getting in touch by phone Our external phone number is 0113 239 5337 and our internal extension is 5566

9

To log a call There are two ways to log a call, you can use OTIS to access the web submission form or send an E-mail which will log the call for you automatically. Here are the instructions for both methods

Via OTIS Head over to OTIS and click the ‘IT Support’ link, then click on the ‘Submit a New Call to the HelpDesk’.

You just need to enter a few details and your call will be logged

10

11

E-mail To log a call with this method please follow the simple steps below:

1. Compose a new E-mail . Please do not include the characters ‘/’ or ‘\’ in the subject as this will cause the call logging to fail 2. Enter the details of your call in the ‘body’ of the E-mail, please include your contact details 3. Send the E-mail to ‘auto@tenetgroup.co.uk’ which will appear as ‘IT Support Call Logging’ in the address book

4. Any attachments to the E-mail will be attached to the call for you 5. You will then receive an automatic reply with your reference number

View closed and open calls Once you have logged the call you can go back to IT Support area on OTIS to view your closed calls and open calls to keep track of what is happening with them

12

Adding notes to calls already logged If you need to update a call that you have logged with more information, you can do this via viewing your open calls, selecting the call you wish to update and using the ‘Add New Note’ option

13

2. Equipment, Damage and Repairs

As a user you are tasked with looking after the IT equipment we give you to do your job, please treat it with respect and care.

Laptops All laptops are covered by a 3 year accidental damage cover from Dell. It covers us for any mishaps that can and will happen. If you damage any part of the laptop please contact support and we will tell you how to contact Dell and arrange an engineer to fix it, or we’ll do it on your behalf.

Batteries on laptops are not covered under the guarantee, if your battery begins to perform poorly and doesn’t hold its charge for at least an hour, we will replace the battery.

Desktops Desktop computers are not covered by an accidental damage policy, we repair them ourselves onsite. If you damage your desktop then please contact Support for us to repair it. The location of your computer base is important and is something that we frequently get asked about. We always put the base on top of the desks, not underneath. For several reasons: • It stops the majority of dust getting into the air vents • It makes them act like a riser stand when the monitor is placed on top of them which in turn brings your monitor to the correct level for your posture • It removes them from being in a convenient ‘kicking’ location when they don’t do what you want them to! Smartphones and Tablets All Smartphones and tablets are provided with a protective case and screen protector. However this does not make them invincible, do not put them in a pocket with keys or other sharp objects as they will scratch. The warranty on Smartphones and tablets lasts for 2 years, but this only covers faults, any damage from accidents will be paid for by you or your department depending on the circumstances.

Smartphones and tablets take up to 2 weeks to repair in the event of a fault or damage, you will be provided a spare to use in the meantime.

14

3. Work Area

Docking Stations If you use your laptop in the office for the majority of the time then you should have a docking station on the desk you work from if your role changes please let us know. Security Laptops, IT equipment, data storage devices must be securely stored when left in the office or taken home. For example, lock laptops away in secure drawers or rooms and when travelling ensure they are out of sight. When travelling by public transport you must be vigilant and ensure IT equipment, devices or removable media are not left unattended or left behind.

If devices are lost or stolen the cost of a replacement will be obtained from you or your department, this will be decided by your manager.

15

4. Good Working Practices

Desktop Computers Please ensure you turn off your computer on a night, this helps save on energy costs and does our bit for the environment.

Always lock your computer when leaving it (press windows key + L) to ensure that on screen data is safe.

Desktop Phones When you are not at your desk ensure your phone is diverted so calls are answered correctly, and if you are a member of a hunt group remove yourself from the group. Microsoft Patches The Windows software is constantly being exploited by hackers and individuals for malicious purposes. To combat this Microsoft regularly releases ‘Patches’ to fix the vulnerabilities in the Windows Operating System. Your computer will apply these updates automatically and will sometimes prompt you to restart, which you can postpone. Endpoint Control Devicelock / Sanctuary is software installed on your computer that prohibits various activities, some of which are:

• Reading / Copying data to any device connected via a USB port • Reading / Copying data to any connected DVD-RW drive

Some people have exceptions to this rule for various areas of their role, if you need an exception to be made please log a call with your request.

16

Office Telephone System

Before you can use your desk phone you will need to login.

(This step can be skipped if your extension number and name are displayed in the top right hand corner of the display)

To do this, press the ‘ Log-in/out ’

Enter your extension number Use the down arrow to select ‘PIN’

The PIN by default is set to ‘ 1234 ’

The Phone

17

Key Descriptions

The following table identifies the keys on the key panel of your phone that you can use for handling calls.

18

Making Calls

Dialling a Number

Firstly; take the phone off-hook by:

Lifting the handset or

o

Pressing or

o

Pressing a line/call appearance key

o

At the dial tone, enter the number you wish to dial.

Note: After dialling the number, the phone has a short delay before sending the call. To send the call immediately, you can press the "Dial" soft key (if the handset is off hook) after dialling the number

Answering Calls When a call is ringing at your extension, the unbound callers extension and name are displayed on the screen. The line/call appearance light flashes quickly for the incoming call.

To answer the call:

o For hands free operation, press or the line/call appearance button for the incoming call

Press

for hands free or headset operation

o

Lift the handset for handset operation.

o

Redial 1. Press , lift the handset, the telephone will automatically dial the last number you called. 2. If you are not on the phone, press to display the most recently dialled number and use the Up & Down arrows to scroll through the list to view the other numbers. 3. Press Down to see the second most recently dialled number, or Up to see the oldest call on your list. 4. To dial the displayed number press , or lift the Handset or press any line keys. 5. Press key to cancel.

Mute you can use the Mute

key to mute the handset, headset, or speakerphone. When you use the mute key on your phone, you cannot be heard on an active call or on a conference. For muted calls, the hands free LED flashes and the Mute key LED is ON . Placing a Call in Hold You can place an active call on hold by pressing the Hold key. When you place a call in hold, only your phone can retrieve the call.

To place a call on hold: 1.

Connect to the call (if not already connected)

2.

Press the Hold key.

To retrieve a held call: 1.

Press the Hold key.

19

2.

You will then be reconnected to the held call.

The line/call appearance light will begin to flash slowly and after a short time the phone beeps softly to remind you that you still have a call on hold. The screen displays “ Call Held ” with the line number the call is held at the phone.

When on Hold To let your caller know that they are still on hold, music plays softly. The call/line appearance light for the line you are on remains solid to indicate that you are still connected

Transferring Calls When you lift the handset on the phone, the “ Xfer” key is displayed on the bottom set of soft keys. Use this key to transfer calls.

To transfer a call to another extension 1.

Answer the call you wish to transfer.

2. Press the Xfer key. You should hear a dial tone as a second line opens up. 3. Press a line/call appearance button followed by the extension number (or outside number) of the person you want to transfer to. 4. To complete the transfer, remain on the line to speak with the person you are transferring to, before pressing the Xfer key again to transfer the call. To cancel the transfer, select Cancel on the display screen.

Conferencing

Use the following procedure to create a conference call. Use the following illustration as a reference.

1. When you begin a conference, you are the first party in the conference (Party 1). Pick up the handset or press the speakerphone key. A line opens up. 2. Call Party 2 by dialling their number (or answer an incoming call of a Party). 3. Wait for Party 2 to answer. When Party 2 answers, you can consult with them before adding them to the conference. 6. Wait for Party 3 to answer. When Party 3 answers, you can consult with them before adding them to the conference. 7. Press the Conf key again to add Party 3 to the conference. Party 1 (which is yourself), Party 2, and Party 3 are all connected to a single conference. 8. To drop a party from the conference, press the Conf key once more. Note: You can use 2 and 5 to scroll through and see the numbers and names (if available) of the parties in the conference call. When a name is displayed, pressing 4 drops the displayed party from the call. 4. Press the Conf Key. A new line opens 5. Enter the phone number of Party 3.

20

Directory The internal directory can be accessed through the menu on your phone, Follow the instructions below to access this feature. 1. Select “ Menu ” 2. Scroll down to “ Directory Lookup ” 3. Scroll down to “ Dial by name” 4. Type out the name of the individual using the alpha-numeric keyboard. For example, Type “ As” to find “ Ashley Argyle – 2613 ” 5. Scroll through using the arrow keys until the desired number is found, lift the handset or select “Dial”

Call Pickup All users if a member of a call pickup group will have a button programmed on the left hand side entitled “ CPU *Dept. Name*”

To pick up a call, simply press the CPU button and lift the handset.

Voicemail All users if a member of a Hunt Group will have a button programmed on the left hand side entitled “ V/M *Dept. Name*”

An envelope will be shown on all group phones should a voicemail have been left.

To pick up voicemail messages, simply press the V/M button and lift the handset.

The phone will automatically dial into the departmental mailbox.

If you are not a member of a Hunt group, you will not have the “ V/M” button.

To access your voicemail dial “ 8888 ” on the keypad you will automatically be redirected to your own mailbox.

Recording your Voicemail messages All users are required to record their own voicemail messages, to do this please: Press the ‘Voice Mail’ button on the bottom left hand corner of the telephone screen if available, or press ‘Menu’ then ‘Voice Mail’ and ‘More’ (the more menu will only appear if voice messages are present) then ‘Settings’. You will now see three voice mail greetings. 1. In Office 2. Out of Office 3. Holiday To record the message, select the greeting you wish to record and press ‘Record’. Please start to speak when the tone stops. Press ‘Done’ or hang up when complete. Telephone Scripts Below.

21

1. Individual template with group - If you want to receive phone calls to your extension, for example people want to get hold of you directly. And you are a member of a telephone group. Your phone will look similar to fig 4, please note that ‘?’ is a custom option:

2. Group only - If you don’t want to receive phone calls to your extension, and you only want to take calls from the group. Your phone will look similar to fig 5, please note that ‘?’ is a custom option:

3. Individual only - You want to receive phone calls to your extension, for example people try to get hold of you directly. And you aren’t a member of a telephone group. Your phone will look similar to fig 4, please note that ‘?’ is a custom option: If you use configuration 1 or 3 you will have personal voicemail, and you must record the necessary greetings for your individual mailbox. There will be 3:

22

a) A voicemail for when you are unavailable should be similar to – “You have reached ‘full name’ at the Tenet Group, I am currently unavailable. Please leave a message after the tone and I will return your call as soon as possible, thank you”- then the option for the caller to leave a voicemail. b) A voicemail for when you have left for the day, should be similar to – “You have reached ‘full name’ at the Tenet Group, I have now left the office for the day, my working hours are ‘state your working hours’ please could you call back during those hours, thank you” – the call will then terminate c) A voicemail for when you are on annual leave, should be similar to – “You have reached ‘full name’ at the Tenet Group, I am currently on annual leave until ‘date of return to work’ please could you call back then, thank you” – the call will then terminate.

Then simply select the setting on the phone during the correct times, for example if you are away from your desk during lunch, a meeting or making a drink, set button ‘S2’ which is ‘Fwd V/M’ this will select option ‘A’ from the list above, and so

on for when you leave the office for the day, or when you are on annual leave. If you use option 2 – Group only you will not have to set your own voicemails and the manager of your team will record the necessary group voicemails. There will be 3 of these:

d) A voicemail for when the group is unavailable should be similar to – “You have reached ‘ department name ’ at the Tenet Group, we are currently unavailable. Please leave a message after the tone and one of the team will return your call as soon as possible, thank you”- then the option for the caller to leave a voicemail. e) A voicemail for when the office is closed, should be similar to – “You have reached ‘ department name ’ at the Tenet Group, the office is currently closed, our working hours are ‘ state your departments working hours ’ please could you call back during those hours, thank you” – then the call will then terminate

23

Smartphones

1) Calls to numbers beginning with ‘08’ should be limited to a must have and kept as short as possible, always endeavour to use the geographical number (the number that begins with an area code such as ‘01’ or ‘02’) 2) Calls to Directories enquiries should be limited to a must have, and never ask them to connect you. Either make a note of the number, or ask to receive a text with the number, then hang up and dial the number on a separate call. 3) When calling Voicemail and listening to messages, do not select the option to call back the number who has left the message. Either make a note of the number, or if they are already in your contacts, hang up and dial the number on a separate call. Smartphones can act as portable hotspots, which means you can connect to them with a wireless laptop and get internet access, this is called ‘USB Tethering’ or ‘mobile hotspot’. The options to configure this can be found under the settings menu – Wireless and network – Tethering and portable hotspot. Mobile Network Smartphones work through the mobile phone network, signal strength is displayed at the top with a letter to indicate which type of network you are connected to. If a high speed data network is available your phone will display ‘4G’, ‘3G’ or ‘H’. If a high speed data network is not available, the Smartphone will use a low speed network and will display ‘G’ or ‘E’. Data through the mobile network is limited to a maximum of 3Gb per month. Do not download films or music over the mobile network. If you go over your allowance and amass a large fee, you may be asked to reimburse the company. When driving, it is advised to connect your phone to a Bluetooth system to allow you to receive calls, do not operate the phone in any other way whilst driving.

Samsung Smartphones will manage the data with the built in ‘data usage’ setting that can be accessed via the settings menu – data usage.

HOTPin Smartphone App / Key Fob Tokens HOTPin tokencodes are required, along with your username and password, when accessing certain Tenet systems externally over the internet. This provides an extra level of security in the form of a unique one time code which makes it even harder for unauthorised people to hack into accounts by guessing or otherwise discovering user names and passwords. The tokencode is unique to your account and the specific time it is generated and is only valid for 60 seconds before a new one must be generated. The tokencode is created via a smartphone app (installed on your work or personal device) or a physical hardware (key fob) token.

24

How to use the HOTPin key fob

To generate a new tokencode, press the button on the front of the key fob (tip: if the timer bar is nearly empty wait until the code disappears and press for the next code to give yourself more time to enter it when logging in).

When transporting HOTPin key fobs, they must be kept separate from the device being used to access Tenet systems.

25

VPN The VPN provides connectivity to our network in Leeds through the internet, it is not required when you are already in the Leeds office. The VPN should only be used when you want to access specific programs or files that are located physically at Leeds, and only from corporate or Tenet authorised equipment. These are some examples of how the data flow works when you are connected at home:

Computer

Broadband

VPN

X Drive

Internet

CRM

OfficeNet

Webmail

The Web

ARRM

OTIS

Cascade

HOTPin required No HOTPin required

26

Wireless The Leeds office has 3 separate wireless networks that can be used to connect devices to:

Tenet_Internal – This connection is only to be used by Tenet staff with laptops, you will not be prompted for a password when connecting as you will be authenticated against your Windows credentials. Tenet_Phone – This connection is only to be used by Tenet staff with company issued smartphones or tablets. You can connect your device to this network to save on your data roaming allowance. You will be prompted for a password when connecting to this network which is available from IT Support. Tenet_Guest – This connection is only to be used by external visitors, for example if you have a contractor, auditor or other 3 rd party coming to Horsforth who need internet access. Reception will be able to issue temporary user accounts for the guest to use that will expire when they leave site. E-mail We use Microsoft Outlook 2010 as our E-mail software, below are some tips for effective use of Outlook and E-mail: • Try not to E-mail documents around when a copy can be placed on the X Drive and a shortcut sent instead • You can use the task list in Outlook to prioritise E-mails into a workload • You can colour code E-mails and calendar appointments to help prioritise them via the category option • E-mails are automatically archived after 18 months to reduce storage costs, you can still access these by double clicking the original E-mail • Always include a subject in your E-mail to make it easier for Outlook to ‘index’ the E- mail and successfully categorise it. • Authorised staff can read company emails by webmail from any computer with an internet connection by visiting https://webmail.tenetgroup.co.uk/ • Delete any E-mails that are not required to keep storage requirements to a minimum

Outlook Search The search in outlook is operated from the box above your E-mails:

You can type any word in here and it will search your E-mails, you can be more specific with keywords, these can be selected from the ‘More’ menu:

27

For example if you wanted to search all your E-mails for ‘test’ in the subject, select the ‘More’ menu and then ‘subject’ from the drop down box:

Then type ‘test’ in the subject box:

Spam E-mails (was Postini, now Google apps)

What is the Google Apps Email Filtering Service?

Google Apps offers a complete Email Filtering solution, blocking spam, phishing, viruses, and other email threats before they reach our organization.

What does this mean to me?

As well as being protected from the threats mentioned above, this new service will allow you to manage your own quarantined email and decide which quarantined email you wish to receive.

What is Quarantined Email?

28

Quarantined (or Junk) email is defined as any email sent to you from outside the company, which cannot be categorised as genuine email or spam and requires further review before it is delivered to your mailbox.

At present, there are over 52,000 emails received by Tenet every day;

• 83 ¾% is actual spam, viruses or other blocked content and is deleted immediately, before reaching any mailbox • 16% is genuine email and so delivered without further analysis • ¼% cannot be categorised as any of the above and is quarantined as ‘suspected spam’ in case legitimate

How do I access my quarantined email?

You can login at https://email-quarantine.google.com/messagecenter You will have been sent a Welcome Email, which contains your login, password and the web address for your quarantine. The first time you log in to this you are prompted to change your password to a new one. This password is separate from your network password and must be at least 6 characters in length, contain at least one uppercase, one lowercase and one number, and not contain any of your name or email address.

If you cannot remember your password you can use the link from the login page to reset it, this will appear after you have entered your password wrong at least once.

IT Support must reset your password in the following scenarios;

• You do not log in to your quarantine within 30 days of receiving the Welcome Email • You exceed 5 login attempts

Following a password reset you will be emailed your new temporary password, which must be changed at next login.

How will I be notified of quarantined email?

If there are any emails in your quarantine, you will be emailed a quarantine summary at 4pm every day. From here you can click on the link in the email to log in and manage your quarantine

If you do not receive a quarantine summary, there is no need to log in to your quarantine, as you have no new messages to manage.

How do I manage my quarantined email?

From your quarantine, you can safely open each message to view the sender and content, and perform other message actions, including;

29

• Not Spam (Deliver) one or multiple messages - releases the email(s) from quarantine and forward straight to your inbox • Delete forever one or multiple messages - moves the email(s) to the Trash folder • Search messages • Show different date ranges

To change your password, go to Account in the top-right, and then Security .

Messages are permanently deleted from the quarantine after a certain number of days (see below), therefore it is recommended, if you receive a quarantine summary, you review your quarantine as soon as you can, to ensure you do not lose legitimate email.

• • •

Quarantined (Junk) = 14 days

Delivered = 3 days Trashed = 3 days

What if I need further support?

• In your quarantine, click the Help link under Account or Settings in the top-right for guidance specific to the section you are in. • Alternatively, log a support call.

X-Drive All of our documents should be stored on the X drive under the most relevant departmental folder, the entire X drive is backed up every night to protect us against data loss. If you need any security privileges or access changing, please log a request with us. Many of the field workers store documents locally on laptops for ease of working, please be aware that if the laptop is lost or damaged, you will lose everything. If you have critical documents that need looking after then please ensure you have a backup.

You can create a backup onto an encrypted USB stick, these are provided by IT on request.

Using Company Equipment for Personal Use

Using the company network for incidental personal purposes is fine, just remember the following guidelines when doing so:

• The purposes are of a private nature not for financial gain and do not contravene any other staff policies or actions defined in the ’Inappropriate use’ sections of the IT Acceptable Usage Policy.

• Such use does not cause noticeable or unavoidable cost to the Company.

• Such use does not inappropriately interfere with official business of the Company.

30

• Don’t let other people use your equipment, it is for you alone!

Using Personal Equipment at Work

Using personal equipment for company use, such as Smartphones or Tablets is fine, there are a few golden guidelines to remember when doing so:

• Do not connect personal equipment to the Company’s VPN (see VPN section for more information)

• Do not connect personal equipment to the Companies Internal Wireless Network (see wireless section for more information)

• Do not store information / documents that contain personal data or corporate information relating to the Company on personal equipment.

• Do not record conversations or meetings.

Laptops

Changing your password on a laptop

Your password will expire after 3 months and will have to be changed. If you are a remote worker you will have to do this over the VPN. When you connect to the VPN you will be prompted to change your password with the following box if your password has expired.

Once you have changed your password you will need to lock your computer (press CTRL ALT and DEL, click Lock Computer)

31

Then unlock it with the NEW password you have entered. This will change the password on your laptop as well as on the network.

Laptop Bags When storing laptops in bags, ensure that they are turned off, leaving them on will cause them to overheat.

32

IT Acceptable Usage Policy

33

1. Scope

Purpose

This Policy has been established to:

• Provide guidelines for the conditions of acceptance and the appropriate use of the computing and networking resources provided for use by staff of the Company.

• Protect the privacy and integrity of data stored on the Company network.

• Mitigate the risks and losses from security threats to computer and network resources such as virus attacks and compromises of network systems.

• Reduce interruptions and ensure the high availability of an efficient network, essential for sustaining the business of the Company.

• Enable users to understand their own responsibility for protecting the Company network and information held in IT systems.

• Provide a framework within which new issues can be resolved, as one policy cannot anticipate all the new issues that might arise in electronic communications.

Audience

These policies apply to:

• All IT equipment connected (locally or remotely) to the Company network regardless of ownership.

• All IT systems owned by and/or administered by the Company.

• Staff across all sites, including remote / home users and 3 rd party employees.

Ownership

The electronic resources of the Company are to be used for business purposes in serving the interests of the Company, and its staff, clients and in the course of normal operations.

Electronic communications records pertaining to the business of the Company are considered the Company records, whether or not the Company owns the electronic communications facilities, systems or services used to create, send, forward, reply to, transmit, store, hold, copy, download, display, view, read, print or otherwise record them.

34

2. Responsibilities

The Holder of a computer account or user of a computer device connected to the Company is responsible for the actions associated with the computer account or computing device.

Users must ensure that they use all reasonable means to protect their equipment and their account details and passwords.

Engaging in any activities referred to in the inappropriate use sections of policies is prohibited and may result in a temporary revocation of access to all electronic resources and disciplinary action being taken.

Users are expected to assist IT support staff with investigations into suspected violations or breaches of security.

Users must adhere to this IT Acceptable Usage Policy and make best efforts to utilise the Guidelines section of this document.

Any infringement of these policies may be subject to penalties under civil or criminal law, and such law may be invoked by the Company. Any infringement of these policies, constitutes a disciplinary offence under the Company’s procedures, and may be treated as such regardless of legal proceedings. Abuse of the policies may result in the user’s account(s) being suspended and / or disciplinary action being taken.

Immediately notify your manager or where appropriate the Group Data Protection Officer should you discover a violation of this policy.

35

3. Company Network Policy

Objective

Provide appropriate guidelines for productively using the Company's network and protect the employees and Company whilst benefiting our business aims.

Key Guidelines

• The Companies network is provided for approved equipment only, this equipment will be issued by the IT Department.

Inappropriate Use

• The creation, dissemination, storage and display of obscene or pornographic material.

• The creation, dissemination, storage and display of defamatory materials or materials likely to cause offence to others.

• The creation, dissemination, storage and display of any data that is illegal, or any activities which do not conform to other Company guidelines and policies, regarding the protection of intellectual property and data. • The downloading, storage and disseminating of copyrighted materials including software and all forms of electronic data without the permission of the holder of the copyright or under the terms of the licences held by the Company. • The deliberate interference with or gaining illegal access to user accounts and data including viewing, modifying, destroying or corrupting the data belonging to other users.

• Attempts to falsify your identity, or to the pretending to have a different affiliation with the Company when sending E-mail from a Company computer.

• Attempts to crack, capture passwords, or decode encrypted data.

• Any other use that may bring the name of the Company into disrepute or expose the Company to the risk of civil action.

• Attempts to penetrate security measures (hacking) whether or not this results in a corruption or loss of data.

• Purposefully scanning internal or external machines in an attempt to discover or exploit known computer software or network vulnerabilities.

36

• Engaging in commercial activities that are not under the auspices of the Company.

• Using computing resources in such a way that it causes excessive strain on the computer systems or disrupts, denies or create problems for other users.

• Connecting any computer device to the Company network not issued or authorised by the Company IT Department.

37

4. E-mail Policy

Objective

Provide appropriate guidelines for productively using the Company's E-mail system which protects the employee and Company whilst benefiting our business aims.

Key Guidelines

• E-mails are not private and the Company has the right to inspect all E-mails operated by a user.

• In general, the Company cannot and does not wish to be the arbiter of the contents of electronic communications. Neither can the Company, in general, protect users from receiving electronic communications they might find offensive. • Contract and consultant staff engaged in Company business shall be issued with a Company E-mail address, which will be used for all Company business E-mail communications to allow a full audit trail to be retained.

• Use the ‘private’ function when booking meetings with the meeting room resource, controlling who can see the title of the meeting

Inappropriate Use

• Giving the impression that you are representing, giving opinions, or otherwise making statements on behalf of the Company or any unit of the Company unless appropriately authorised (explicitly or implicitly) to do so.

• Sending unsolicited, unauthorised mass communications, spamming from the companies E-mail system.

• Emailing Company documents containing personal information to yourself at home to work on outside of the Company premises or on non-Company equipment without appropriate written justification from your line manager.

• E-mailing Company documents to 3 rd parties without appropriate written justification and authorisation from your line manager.

• Sending obscene, pornographic or offensive E-mails.

• The creation, dissemination, storage and display of any data that is illegal

• Adding attachments containing personal information to meeting requests booked with a meeting room resource, allowing other people to view the attached document.

38

5. Internet Usage Policy

Objective

Provide appropriate guidelines for productively using the Internet through the Companies which protect the employee and Company whilst benefiting our business aims.

Key Guidelines

• Employees are granted access only as a means of providing support in fulfilling their job responsibility.

• The Company has no control over the information or content contained on the Internet and cannot be held responsible for the content.

• Any software or files downloaded via the Internet into the Company network become the property of the Company. Any such files or software may be used only in ways that are consistent with their licenses or copyrights.

• The Company reserves the right to block websites it deems unfit for viewing, to protect users, and assist in safe web browsing.

• The Company reserves the right to monitor users internet traffic; this information will be reported to HR on request.

• Not to expect guaranteed access to personal services (e.g. Online banking, Personal E-mail) as these could be restricted at anytime without notice.

Inappropriate Use

• The use of social networking websites (e.g. Facebook, My Space).

• The use of newsgroups.

• Downloading and copying of files (e.g. music or video files) using peer-to-peer file sharing utilities (e.g. Kazaa, Morpheus, Gnutella).

• The use of messaging programs (e.g. MSN Messenger, Yahoo Messenger) or chat websites.

• Attempting to access obscene, offensive, illegal or pornographic material.

• Using external E-mail or file handling programs (Hotmail, Yahoo Mail, FTP, etc) to send Company communications or information.

39

6. Password Security Policy

Objective

Provide guidelines in appropriate management of business passwords to maintain adequate security and integrity of all of the Company's business systems.

Key Guidelines

• Maintain security of the Company's business applications, software tools, E-mail systems and network facilities are critical to providing data integrity and stability of our systems. Passwords are provided to restrict access to these Company assets on an as needed basis. • Passwords must not be disclosed to anyone even if the recipient is a member of IT Services support staff. Temporary passwords provided by IT Services support staff to users must be changed immediately following a successful login.

• Protect and keep private any and all passwords issued to you by the Company.

• Adhere to the confidentiality rules governing the use of passwords and accounts, the details of which must not be shared.

Inappropriate Use

• Trying to observe or obtain other peoples passwords.

• Letting anyone observe you entering your password or communicating your password to anyone.

• Displaying your password in your work area, or any other highly visible place.

40

7. Software Usage Policy

Objective

Provide guidelines on appropriate use of software products using Company equipment.

Key Guidelines

• Legitimate software will be provided to all users who need it, users will not make unauthorised copies of software under any circumstances.

• Once installed, the original installation media should be kept in a safe storage area designated by the IT Department.

• IT will conduct periodic audits of all Company owned PCs, including Laptops, to ensure the Company is in compliance with all software licensing. Software for which there is no supporting registration or license, will be removed immediately from the user's computer. • Use the IT Support call system to request additional business software after your manager’s approval. All requests of this nature must be logged on the IT Support call system, with your manager’s approval attached in the form of an E-mail. • Internet Explorer will prompt for automatic installations of various ‘add-ons’ to increase the functionality of web browsing and ensure the correct display of website content. The following is a list of various pieces of software that users are allowed to install without consulting IT Support:

• Adobe Reader • Java • Shockwave Player • Adobe Air • Adobe Flash Player

• All other third party software (including installation prompts) must not be installed without prior consultation with IT Support.

Inappropriate Use

• Loading third party software onto Company owned computer systems without the knowledge and approval of the IT Department.

• Patching or updating any software installed on your computer without the knowledge and approval of the IT Department. (see glossary)

• Loading games onto Company computers.

41

Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36 Page 37 Page 38 Page 39 Page 40 Page 41 Page 42 Page 43 Page 44 Page 45 Page 46

Made with FlippingBook HTML5