Computer Security Policy
The company regards the integrity of its computer system as central to the success of the organisation. Its policy is to take any measures it considers necessary to ensure that all aspects of the system are fully protected.
- Overall computer security is the responsibility of the managing director. Line managers are responsible for security within their own departments.
- Job applicants will be questioned on their computer experience. The implications of their software knowledge will be discussed as appropriate before a job offer is made. All references will be checked.
- On induction employees will be required to read all the companies policies.
- The credentials of all temporary, freelance and consultancy staff will be checked in as much detail as possible before they are allowed access to the computer system. Managers are responsible for ensuring that all such workers receive the information referred to in point 3.
- Computer training at every level will emphasise the importance of security.
- Supervisors are responsible for ensuring that basic procedures are followed. Procedures may be bypassed only with the combined consent of the line manager, and a written record must be kept.
- Employees of all grades are permitted access only to those parts of the computer system which they need to enter in order to carry out their normal duties. Levels of access will be decided by the managing director.
- Employees may access the internet but access to certain sites will be blocked.
- All incoming emails will be monitored and scanned for viruses before being released to the recipient.
- Employees with access to personal data are in a particularly sensitive position and must bear in mind at all times the provisions of the Data Protection Act.
- Passwords must be used at all times and changed regularly. Employees should not select obvious passwords. All passwords must be kept confidential. Employees must not give their passwords to other members of staff or to any person outside the organisation. Password protected sites should be closed when finished with and computers switched off. Computers should not be left open and unattended.
- When an employee with access to personal data leaves the organisation all passwords in that department will be changed.
- Regular checks will be made for viruses by the IT department.
- No external software may be used without authorisation by the managing director.
- No private work or computer game playing is permitted.
- The safekeeping of CDs and DVDs sent from external sources is the responsibility of the person to whom it was sent. All such CDs and DVDs must be checked for viruses by the IT department before use. CDs and DVDs generated internally must be kept in a secure place.
- Misuse of computers is a serious disciplinary offence. The following are examples of misuse:
- fraud and theft
- system sabotage
- introduction of viruses, etc
- using unauthorised software
- obtaining unauthorised access
- using the system for private work or game playing
- breaches of the Data Protection Act
- sending abusive, rude or defamatory messages or statements about people or organisations, or posting such messages or statements on any websites or via email
- attempting to access prohibited sites on the internet
- breach of the organisation’s security procedures.
This list is not exhaustive. Depending on the circumstances of each case, misuse of the computer system may be considered gross misconduct. Please refer to the disciplinary rules and procedures. Misuse amounting to criminal conduct may be reported to the police.
- Management, in consultation with specialist auditors, may institute confidential control techniques and safeguards. Financial systems are subject to special reconciliation processes.
- Senior managers will meet regularly to review computer security.
- All breaches of computer security must be referred to the relevant director or to the general manager. Where a criminal offence may have been committed the board will decide whether to involve the police.
- Any member of staff who suspects that a fellow employee is abusing the computer system may speak in confidence to the general manager.