Policy: IT Security Policy

Author: Hayley Faulkner (Quality Director)

Review date: 20/11/2020

Next review date: 20/11/2021


Policy

Swift wishes to encourage the use of electronic and technological media in the conduct of its business. It expects employees to use these facilities responsibly and to act professionally. Recent legislation and case law confirm the Company’s exposure to legal risk from casual or formal correspondence (however unintentional).

It can sometimes be difficult to be sure of the boundaries between what is acceptable and unacceptable behaviour, and the rest of this policy is devoted to establishing guidelines to be followed by all employees. Abuse or misuse of the system will lead to disciplinary action.


Who is covered by the policy?

This policy covers all individuals working at all levels and grades, including senior managers, officers, directors, employees, consultants, contractors, apprentices employed by SWIFT, homeworkers, part-time and fixed-term employees, casual and agency staff , volunteers and apprentices trained by SWIFT (collectively referred to as staff in this policy).


Practice

Employees must not engage in any activity which is illegal, offensive or likely to have a negative impact on the Company. Uploading/downloading, use, retention, distribution or dissemination of any images, text, materials or software is prohibited which:

❖ Are or might be considered indecent or obscene; or

❖ Are or might be offensive or abusive in that its content may be considered to be a personal attack, rude, personally critical, sexist, racist or generally distasteful; or

❖ Make unproductive use of your time; or

❖ Might affect the performance of the Company’s system; or

❖ Might be defamatory or incur liability on the part of the Company.


Staying Safe Online

Everyone has a right to feel safe when they are online, and it is your responsibility to behave responsibly and ensure you are doing all you can to avoid being a victim of cyber-crime.

• Do not use any electronic system (SWIFT owned or otherwise) to bully, harass or intimidate others.

• Do not use any electronic system (SWIFT owned or otherwise) to promote intolerance or recruit others to violent or extreme ways.

• When using public social networking tools, even those built into SWIFT systems such as CAD and Office suite; do not share your personal information.

• If you are a victim of any inappropriate behaviour or witness it happening to others you must inform your trainer/assessor immediately


IT Usage and the PREVENT Duty
At SWIFT we are fully aware that learners of all ages can be exposed to extremist influences or prejudiced views during their learning, this can come from a range of sources to include the media, internet or from other learners or contacts.
We aim to highlight through relevant training, policies and procedures the potential risks that learners of all ages may be faced with in relation to “on-line” radicalisation and encourage all learners to promptly report any concerns they may have for themselves or any other learners regarding extremism or radicalisation.
All prejudice, discrimination and/or extremist views, including derogatory or offensive language displayed by learners will always be appropriately challenged in line with our prevention of extremism and radicalisation policy.


E-mail
Care should be taken when using e-mail as these are perceived to be less formal than paper based communication. This is not the case and the sender is accountable for any e-mail content. It is retrievable and admissible in the courts.


Internet
The internet may be accessed for business use. Employees must bear in mind that when visiting an Internet site their identity is linked to the Company’s and any activity may impact upon it. Access to news companies/chat lines/bulletin boards is prohibited. Except for the proper performance of duties, software or files should not be downloaded. All material must be checked for viruses.


Confidentiality
All information relating to our customers and the business operation is confidential and as such must be kept secure and used only for the purpose intended. Passwords must be kept safe and should be changed regularly.


Intellectual Property
Broadly speaking, intellectual property refers to copyright material, designs patents, trademarks, inventions, ideas, know-how, business information and lists. Most images, text and materials are protected by copyright or trademarks. The downloading or uploading, possession, distribution or copying of a copyright work is an infringement unless authorisation has been obtained.
All intellectual property created in the course of employment belongs to the Company. All computer equipment, software, and facilities are also proprietary to the Company, including all documents, materials and e-mail created. Accordingly use of this property and intellectual property should be limited to benefit the Company.
The Company reserves the right to monitor, access, retrieve, review and delete the following without notifying the individual concerned:
❖ All e-mail sent received or in the course of composition, mailboxes and private directories
❖ All use of the internet and all other communication techniques deployed by the user
❖ Any third party screen savers, software, materials etc. on the system

Data Protection
All employees have a duty to assist the Company to meet its responsibilities under the Data Protection Act 1998 by exercising due care when holding, processing or disclosing any personal data.


Personal use
We appreciate employees may occasionally want to use the system and/or the facilities for personal use and we expect you to use it responsibly. Normally employees would be expected to use the facilities in their own time, however, if this is not possible the Company will allow reasonable use in Company time, subject to it being authorised by the employee’s manager.
If at all possible, employees should make it clear that they are representing themselves in a personal capacity. The rules set out within this policy apply equally to personal use and any personal use must ensure it:
❖ Does not take priority over work duties
❖ Does not incur any unwarranted or excessive expense on the Company
❖ Does not have a negative impact on the Company in any way