General Statement of Policy

Our policy is to provide and maintain data confidentiality and safe and healthy working conditions, equipment and systems of work, for all our employees, and to provide such information, training and supervision as they need for this purpose.  We also accept our responsibility for the communications with other people who may be affected by our activities.

The allocation of duties for safety matters and the particular arrangements, which we will make to implement the policy, are set out below.

The policy will be kept up to date, particularly as the business changes in nature and size.  To ensure this, the policy and the way in which it has operated will be reviewed annually.


Dated    1st November 2015

General Statement of Policy

The overall and final responsibility for IT, Email, Internet and Computer policy in the company is that of the Managing Director and he is responsible for this policy being carried out at the company's premises.
Other Management will be responsible as his deputies.
The following people are responsible for the policy in particular areas as below.

Each engineer to ensure the policy is carried out with regard to all work carried out by themselves both on and off the premises.

Each administrator in each office is to ensure the policy is carried out with regard to all work carried out in those offices.

Each employee to have the responsibility to co-operate with others to achieve a IT, Email, Internet and Computer compliant workplace.

Whenever an employee notices or is informed of a IT, Email, Internet or Computer issue, which they are not able to put right they must immediately inform their immediate supervisor.

All employees are responsible maintaining and checking the equipment they use and using such equipment according to the manufacturer's recommendations.

This is the Company's policy detailing the rules governing employees' use of the IT, Email, Internet and Computer facilities provided by the Company.  As an employee you must observe the Company's rules as detailed below.  In the event that these rules are breached, you will be liable to action in accordance with the Company's disciplinary procedure.  Action may be taken against you, including dismissal.  Failure to comply with the rules set out in this policy may also result in legal claims against you and the Company.

(1) The Company's IT, Email, Internet and Computer facilities are provided for business purposes and are to be used for the Company's business purposes only.

(2) You must act responsibly when dealing with Data or using communications facilities at work. (Private telephones must be switched off during working hours without explicit permission, for emergencies only, to protect the integrity of our data and network access.)

(3) The Company may monitor employees' use of its IT, Email, Internet and Computer usage and facilities for legitimate business purposes and in order to check compliance with Policies and procedures, maintain security, comply with the law and to ensure that standards are being maintained.

(4) Unless circumstances justify accessing communications, the Company will limit monitoring to traffic data (eg. number of occasions the Internet is used, the subject of e-mails, duration, correct storage, distribution, deletion and protection of data etc.). In addition, unless other action is justified, the Company will undertake audits rather than continuous monitoring.

(5) Targeted content auditing will not occur unless the Company reasonably believes one of the matters referred to at paragraph 3 above is being/has been breached.  Some examples (this is not an exhaustive list) are: suspicions about defamation, copyright infringement and harassment.

(6) In your absence, your mailbox may be checked to ensure the Company responds properly to its suppliers, customers and other contacts.

(7) The Company's IT, internet and e-mail facilities must not be misused.  You must not send any racist, sexist, abusive, defamatory, protected or offensive material.  To do so is a disciplinary offence.

(8) In no circumstances are you permitted to view, download, create, circulate, distribute or store pornography or obscene material or any other material, which a reasonable person would find distasteful or offensive.  The Company is concerned to avoid embarrassment, distress or offence to other staff and customers who could view PC screens when on Company premises.

(9) Should you visit inappropriate websites unwittingly through unintended responses of search engines, unclear hypertext links, misleading banner advertising or miskeying, you must exit the site immediately and inform your manager of the incident.  This will help to ensure that no other employee inadvertently accesses the site.

(10) The Company owns not only the communications, equipment and material but also        e-mails and downloaded Web pages and any developed programmes or systems and intellectual rights. You must take all reasonable precautions to maintain confidentiality of information held by the Company. Given that monitoring of the contents of e-mails may be justified in certain circumstances, you are reminded that e-mail should not be used to communicate personal details about which there might be any sensitivity. You must at all times comply with the Data Protection Act with regard to personal information.

(11) If you have been the subject of an adverse audit the Company will allow you to see any personal electronic data collected through auditing.  You will be given the right to dispute or amend inaccurate information.

(12) Programs must not be introduced to the Company's computer systems without prior authorisation from the Managing Director or one of his deputies. You must not download software onto the Company's system without prior permission from the Managing Director or one of his deputies.

(13) Only CD-ROMs / DVD’s/Portable storage devices provided by the Company may be used in the Company's PC's.

(14) CD's, DVD’s, Portable storage devices and floppy disks must be virus checked before initial use on the Company's system. You must not import any file, including files received as e-mail attachments, onto the system without first checking them for viruses, using the approved software.
The virus protection system installed on all Company PC's must be running at all times and continually updated and will be externally verified every month to ensure all PC's have maximum protection against known viruses or malware..

(15) You must ensure that you log off from the Company's system at the end of each day in order to maintain security of information and data.
Your password must be strong (containing at least 9 characters including 1 uppercase, 1 number and 1 special character) and changed at least once every calendar month. Any changes must be advised to the Managing Director or one of his deputies.

(16) You must keep all passwords secure.

(17) Confirmation of receipt of important e-mails sent must be obtained and copies of important e-mails sent and received should be made and kept.

(18) You must not impersonate any other person when using e-mail and must not amend messages received.

(19) Any written or printouts of personal or company sensitive data must be securely held and shredded immediately after the item is no longer required. No Data carrying devises, documents or printouts should be removed from the premises without permission from Management.

(20) Deletion of data will only be allowed when authorised by the Managing Director or one of his deputies and is considered to be of no further operational value or does not meet with the ongoing needs of customers, clients, Masterfix or the Laws of England.

(21) All data carrying IT must have all data removed/destroyed before it is scrapped.

(22) All equipment is externally audited for safe use however, should any defect be seen it should immediately be reported to the Managing Director or one of his deputies.
IT, Email, Internet & Computer Policy of