This Acceptable Usage Policy covers the security and use of all V Site Pass information and IT equipment. It also includes the use of email, internet, voice and mobile IT equipment. This policy applies to all V Site Pass employees, contractors and agents (hereafter referred to as ‘individuals’).
This policy applies to all information, in whatever form, relating to V Site Pass business activities worldwide, and to all information handled by V Site Pass relating to other organisations with whom it deals. It also covers all IT and information communications facilities operated by V Site Pass or on its behalf.
Access to the V Site Pass IT systems is controlled using User IDs, passwords and/or tokens. All User IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the V Site Pass IT systems.
Line managers must ensure that individuals are given clear direction on the extent and limits of their authority about IT systems and data.
Use of V Site Pass internet and email is intended for business use. Personal use is permitted where such use does not affect the individual’s business performance, is not detrimental to V Site Pass in any way, not in breach of any term and condition of employment and does not place the individual or V Site Pass in breach of statutory or other legal obligations.
All individuals are accountable for their actions on the internet and email systems.
To reduce the risk of unauthorised access or loss of information, V Site Pass enforces a clear desk and screen policy as follows:
It is accepted that laptops and mobile devices will be taken off-site. The following controls must be applied:
Mobile devices such as memory sticks, CDs, DVDs and removable hard drives must be used only in situations when network connectivity is unavailable or there is no other secure method of transferring data. Only (V Site Pass) authorised mobile storage devices with encryption enabled must be used, when transferring sensitive or confidential data.
Employees must use only software that is authorised by V Site Pass on V Site Pass computers. Authorised software must be used in accordance with the software supplier's licensing agreements. All software on V Site Pass computers must be approved and installed by the V Site Pass IT department.
The IT department has implemented centralised, automated virus detection and virus software updates within the V Site Pass. All PCs have antivirus software installed to detect and remove any virus automatically.
Use of V Site Pass voice equipment is intended for business use. Individuals must not use V Site Pass voice facilities for sending or receiving private communications on personal matters, except in exceptional circumstances. All non-urgent personal communications should be made at an individual’s own expense using alternative means of communications.
All V Site Pass equipment and data, for example laptops and mobile devices including telephones, smartphones, USB memory devices and CDs/DVDs, must be returned to V Site Pass at termination of contract.
All V Site Pass data or intellectual property developed or gained during the period of employment remains the property of V Site Pass and must not be retained beyond termination or reused for any other purpose.
All data that is created and stored on V Site Pass computers is the property of V Site Pass and there is no official provision for individual data privacy, however wherever possible V Site Pass will avoid opening personal emails.
IT system logging will take place where appropriate, and investigations will be commenced where reasonable suspicion exists of a breach of this or any other policy. V Site Pass has the right (under certain conditions) to monitor activity on its systems, including internet and email use, in order to ensure systems security and effective operation, and to protect against misuse.
Any monitoring will be carried out in accordance with audited, controlled internal processes, the UK Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice Interception of Communications) Regulations 2000.
This policy must be read in conjunction with:
It is your responsibility to report suspected breaches of security policy without delay to your line management, the IT department, the information security department or the IT helpdesk.
All breaches of information security policies will be investigated. Where investigations reveal misconduct, disciplinary action may follow in line with V Site Pass disciplinary procedures.