Differences

This shows you the differences between two versions of the page.

--- company_policies:it_policy [2019/11/11 11:50] – ↷ Page moved from it_policy to company_policies:it_policy john
+++ company_policies:it_policy [2019/11/14 15:52] (current) – [Footer] john
@@ Line 1: / Line 1: @@
+{{:impamark_solid_cmyk_with_strap_new_600.png?400x110}}
 ====== Information and Communications Technology Policy ======
-Originally translated to wiki format from version 1.1 (Jan 2018) of the document
+Nov 2019
+Version 1.3
 ===== Statement of Intent =====
@@ Line 12: / Line 16: @@
   * minimise legal risks associated with the ICT systems and their use
+===== Scope =====
-====   Scope   ====
 The policies outlined in this document apply to all staff members and to any users of ICT infrastructure used throughout Impamark. Comments and queries regarding this policy document should be given to the IT department or management of the company.
-====   Ownership   ====
+===== Ownership =====
 Information transmitted via the Impamark network is owned by Impamark. Impamark retains rights to the information and has the right to open and view such information at its discretion. Impamark may retain information for a period deemed fit by Impamark. Information can come through multiple sources and include, but is not limited to, such things as:
@@ Line 25: / Line 28: @@
   * email
-====   Employees’ liabilities   ====
+===== Employees’ liabilities =====
 Failure to comply with policies outlined in this document may result in disciplinary action, a removal of system privileges and even dismissal from Impamark.
@@ Line 31: / Line 34: @@
 Some ways of misusing the ICT systems may leave employees liable to legal issues.
-<font 28px/inherit;;#ff0000;;inherit>Please note, you have been warned</font>===== Computers and Associated Hardware and Software =====
+**<font 28px/inherit;;#c0392b;;inherit>Please note, you have been warned</font>**
+===== Computers and Associated Hardware and Software =====
 Impamark provides access to a computer and appropriate software for each employee. Use of email and the internet is for business purposes only. Employees may need to, at some point, use a computer for personal matters. This is only acceptable in an emergency, or when necessary and authorised by your manager.
-====   Home Computers   ====
+===== Home Computers =====
+Computers from home are not under the administrative control of the company and would not generally be supported by the IT department. The connections of home computers to the company network is prohibited unless authorised by the IT department.
-Computers from home are not under the administrative control of the company and would not generally be supported by the IT department. The connections of home computers to the company network is prohibited unless authorised by the IT department. Confidential data from the company should not be stored on home computers.
+Confidential data from the company should not be stored on home computers. Confidential data includes, but is not limited to, financial information and personal information the company handles. Confidential data should be handled in accordance with the General Data Protection Regulation (GDPR) and any other relevant laws and regulations.
 With proper authorisation it may be possible for staff to work from home. This is at the discretion of the company. In cases where a member of staff is working from home, the IT department must be consulted beforehand. Electronic equipment used during the course of work must comply with company standards. Phones can be set up to allow phone calls more easily between external staff and the company. Additionally it would be possible to allow access to the company file-server. The company may choose to supply equipment rather than have staff use their own possessions.
@@ Line 45: / Line 52: @@
 Passwords are mandatory for access to our system to prevent unauthorised access
-====   Password security   ====
+===== Password security =====
 Passwords should be committed to memory and not written down unless put in the safe over night. For security reasons, work passwords should never be used outside of the office. If users need a password for subscription to an external site then the IT department should be contacted for advice.
-====   Password Strength   ====
+===== Password Strength =====
 All passwords provided by the IT department should generally be a minimum of 8 characters containing at least one of each of the following:
@@ Line 66: / Line 73: @@
 ===== Internet Usage =====
-====   Monitoring and logging   ====
+==== Monitoring and logging ====
 Please note that all internet usage is logged and may be monitored at any time. IT staff can see when computers are uploading and downloading data. Additionally the company logs and monitors all data passing through its system. Network logs are made automatically and are used for fault diagnosis and performance troubleshooting.
-====   For business purposes only   ====
+==== For business purposes only ====
- The company provides IT infrastructure for business purposes only. The use of the internet is no different and should only be used for business purposes.
+The company provides IT infrastructure for business purposes only. The use of the internet is no different and should only be used for business purposes.
-====   A privilege – not a right   ====
+==== A privilege – not a right ====
 Whilst the use of internet and email is an integral part of the company’s work-flow, internet access is not a right. This privilege may be removed at the discretion of the company.
-====   Discretion   ====
+==== Discretion ====
 Impamark retains discretion over what constitutes legitimate business use and what is illegitimate and misuse of the IT infrastructure.
-====   Internet access levels   ====
+==== Internet access levels ====
 Use of the internet is divided up into only two access levels, as follows:
@@ Line 89: / Line 96: @@
   * General unlimited access – Impamark does not limit access staff have to network. Impamark does not block any websites and staff are trusted to use IT infrastructure appropriately.
-====   Wi-Fi   ====
+===== Wi-Fi =====
 Along with wired internet access, Impamark also has wireless internet access available. As with wired internet access, the Wi-Fi should not be used for personal use during work hours.
@@ Line 97: / Line 104: @@
 ===== Email =====
- Emails are one of the two primary sources of communication at Impamark. Email has its benefits but can also be a great time waster.
+Emails are one of the two primary sources of communication at Impamark. Email has its benefits but can also be a great time waster.
-====   Security - viruses   ====
+==== Security - viruses ====
 One of the largest threats to the company are viruses and other malware in emails. The best virus checker is actually the user.
@@ Line 109: / Line 116: @@
 Often these attachments use an archive file format (such as zip, 7z, and RAR) or an executable format (such as an exe or deb). Attachments in these formats should be distrusted and, unless authorised, not opened.
-<font 28px/inherit;;#ff0000;;inherit>If in doubt ASK the IT Department for assistance</font>====   Internet Mail Systems   ====
+If in doubt ASK the IT Department for assistance
+==== Internet Mail Systems ====
 Email accounts are set up and maintained in the company internal systems. Accounts with external Internet Service Providers (ISPs), or stand-alone email providers, should not be set up.
-====   Email Software   ====
+==== Email Software ====
 Currently Mozilla Thunderbird is used to send and receive emails. Additionally our CRM, vTiger, can be used to send emails.
-====   Plain Text and HTML email   ====
+==== Plain Text and HTML email ====
 In order to embed images and graphics within the body of an email, many companies use HTML email. Although attractive it can lead to issues with legibility. For most emails Impamark prefers the use of plain text as it can be read easily on any device.
-====   Encryption and signing   ====
+==== Encryption and signing ====
 A ‘signed’ email verifies that the person purported to have sent the email actually sent it. Encrypting an email ensures that only those meant to read message can.
@@ Line 127: / Line 136: @@
 Impamark currently uses Enigmail for OpenPGP support. This allows emails between members of staff and clients to be signed, encrypted, or both signed and encrypted. The IT department will generate encryption keys where appropriate. They should not be altered in anyway, or used for personal communications.
-====   Email Addresses   ====
+==== Email Addresses ====
 Email addresses must conform to a company address standard. This means that users’ email addresses conform to username@impamark.co.uk where the username is usually the user’s first name. Some general addresses exist such as info@impamark.co.uk which forwards all emails received to multiple people.
@@ Line 133: / Line 142: @@
 The company has a backup Gmail account, sovereign.insignia@gmail.com. It can be used if staff are having trouble with sending or receiving emails to or from a particular person. If emails are bouncing the IT department should be consulted. Emails sent to this account may be read but the account should not be used to send emails unless authorised.
-====   User Obligations   ====
+==== User Obligations ====
 Users provided with email have an obligation to read emails received, and if necessary respond in a timely fashion. Not all emails and instant messages may require an immediate response. A balance should be struck between a timely response and limiting the interruption of a staff member’s normal work-flow.
@@ Line 141: / Line 150: @@
 Staff should not subscribe to email services for the purpose of sending or receiving inappropriate material including material which is offensive, pornographic, or creating an unnecessary burden on the network. Users are obligated to not send inappropriate or offensive emails as they reflect on the company and may bring it into disrepute. Users should not represent their opinions as those of the company.
-====   Email Privacy   ====
+==== Email Privacy ====
 The company is at liberty to read any employee emails at any time without notice.
-====   Email Personal Use   ====
+==== Email Personal Use ====
 Email is strictly for company use only. Emails should not be used for personal private matters.
-====   Footer   ====
+==== Footer ====
 Users should have an email signature of a form similar to:
-<code>
+<file>
-<font inherit/Courier New,Courier,monospace;;inherit;;inherit>Person Name - Job Role
+Person Name - Job Role
 +44 (0)1621 783550
 Please consider the environment before printing this email
 Only print if necessary, and where appropriate only those pages required
@@ Line 163: / Line 173: @@
 www.impamark-promotional-merchandise.co.uk/blog
 www.twitter.com/Impamark
 Officially Licensed by the MOD and Suppliers to HM Forces
 Member of the British Promotional Merchandise Association
+Celebrating 50 years as a family-run business
+Top 25 Winner - Distributor of the year Awards
 Top 25 Winner - Distributor of the year Awards
 Top 25 Winner - Distributor of the year Awards
@@ Line 170: / Line 184: @@
 Celebrated 40 years as a family run business
 Finalist of the Essex County Business Awards
-Business to Business Category
+         Business to Business Category
 Winner of the Mid Essex Business Awards
-Business to Business Category
+         Business to Business Category
 Sovereign Insignia Limited T/A Impamark
 Dammerwick Farm, Marsh Road, Burnham on Crouch, Essex, CM0 8NB
-Tel 01621 783550     Fax 01621 784548</font></code>
+Tel 01621 783550 Fax 01621 784548
+</file>
 The IT department will implement this for users and it should not be altered without prior authorisation.
-====   Attachments   ====
+==== Attachments ====
 Due to the nature of our business we receive many large attachments such as artwork. Note that very large attachments are automatically blocked from being received so it does not impact network performance.
@@ Line 189: / Line 208: @@
 EPS files (used for vector artwork) should not be sent to customers as customers are unlikely to be able to open and view them. Instead please, when sending artwork to customers, export EPS artwork as a PDF. EPS files should only be sent to suppliers.
-====   Folders and Filtering   ====
+==== Folders and Filtering ====
 Email filtering can be used to automatically move emails to certain folders in Thunderbird. Please consult the IT department if this is desired.
-Impamark however encourages that staff limit the use of folders and sub-folders. With many customers the number of folders can easily become excessive.  Too many folders and sub-folders can make it harder for staff to find emails (especially staff who are looking through another staff-member’s emails).
+Impamark however encourages that staff limit the use of folders and sub-folders. With many customers the number of folders can easily become excessive. Too many folders and sub-folders can make it harder for staff to find emails (especially staff who are looking through another staff-member’s emails).
 Thunderbird also includes an alternative to folders, which can be less messy, which is email tags. Emails can be tagged to be under a particular category and colour-coded. This can make searching easier.
@@ Line 201: / Line 220: @@
 Web browsers are one of the primary tools used in the company.
-====   Personal Usage   ====
+==== Personal Usage ====
 The use of web browsers for personal reasons during work hours is not permitted unless authorised or in an emergency. This includes the accessing of personal email and the use of personal social media accounts.
-====   Advert Blocking Software   ====
+==== Advert Blocking Software ====
 Impamark uses software to block advertising on web-pages. This software is a web browser extension for both Mozilla Firefox and Google Chrome known as Ublock Origin. While doing little else than blocking advertising there is the potential that it could affect the usability of certain sites. Please consult with the IT department if needed.
-====   Safe Browsing   ====
+==== Safe Browsing ====
 Staff should be wary of unknown websites. Some websites may cause the downloading of malicious software which could compromise the system. Software from outside the company should not be run without proper authorisation.
@@ Line 219: / Line 238: @@
 In order to help coordinate the UK and Spanish offices we use both phones and Instant Messaging. Instant Messaging has the benefit of keeping a record of conversations for later reference.
-====   RocketChat   ====
+==== RocketChat ====
 Rocketchat was introduced to replace the company’s use of Skype. It is used to send messages between individual staff members, to multiple staff members at once, and to make video-calls. Generally it is for employee conversations only but it is possible that customers could be added if required. Please contact the IT Department accordingly.
-The server-side software is controlled by Impamark. In order to use Rocketchat client software can be used or employees can log-in via a web browser via https://chat.impamark.co.uk
+The server-side software is controlled by Impamark. In order to use Rocketchat client software can be used or employees can log-in via a web browser via [[https://chat.impamark.co.uk|https://chat.impamark.co.uk]]
-====                            Skype    ====
+==== Skype ====
 We no longer use Skype for communications. However we do maintain some Skype accounts for customer contact as required. If you require a Skype account for work please contact the IT department. Personal Skype accounts, or adding personal contacts to a work account, are not permitted.
@@ Line 233: / Line 252: @@
 Phones are an important tool and an integral part of Impamark’s working procedure.
-====   Desk Phones   ====
+==== Desk Phones ====
 Each desk is currently supplied with two phones. One is a Mitel IP phone and the other is a Telrad phone. The Telrad phones will be phased out so only IP phones will be used eventually.
-  * Telrad – 01621 783550
+Telrad – 01621 783550
-      * This is the main phone with four incoming/outgoing lines
-  * Mitel – 01621 834980
+This is the main phone with four incoming/outgoing lines
-      * This is a test SIP system with two incoming/outgoing lines
+Mitel/Grandstream – 01621 834980
+This is a test SIP system with two incoming/outgoing lines
 Every phone is capable of ringing any UK number, ringing anyone within the UK office, and ringing out to Spain to the Spanish office.
-Certain numbers may have restricted usage e.g. higher rate numbers or inappropriate services. \\
+Certain numbers may have restricted usage e.g. higher rate numbers or inappropriate services.
 The phones are available as a business tool and private calls are not permitted without authorisation.
-====   Mobile Phones   ====
+==== Mobile Phones ====
 Mobile phones should not be used during working hours, unless the use of mobile phones is a necessary component of a staff member’s job or prior authorisation is obtained.
-=== Use during Working hours ===
+==== Use during Working hours ====
 The use of personal mobile phones in the workplace is not allowed during working hours. This includes text messages and all mobile messaging including Facebook, Whatsapp etc. However, you may use your mobile phone during your normal contractual break periods.
@@ Line 259: / Line 282: @@
 Sales staff at an event would be permitted to use their phones to contact the company, at an event for example. Similarly, IT staff would be permitted to use mobile phones in maintenance of company infrastructure.
-=== Charging ===
+==== Charging ====
 To prevent the spread of malware to the company networks employees should not use USB cables to connect their phones to computers for charging purposes.
@@ Line 269: / Line 292: @@
 We use a large variety of Open Source software on our systems. N.B. Windows programs will NOT work on Linux desktops. Please do not try and install them.
-====   Installation   ====
+==== Installation ====
 Under normal operating procedures, IT staff will be responsible for the installation of software onto desktop and laptop computers. Normally users are trusted to install updates. If software beyond the standard installed applications is required. The standard set of software used by the company may change at any time at the discretion of the company.
@@ Line 275: / Line 298: @@
 Staff should not download or install software from outside sources.
-====   Intellectual Property   ====
+==== Intellectual Property ====
 Code which is written in-house is to remain the intellectual property of the company, Impamark. The copyright concerning bespoke software written by outside individuals will be worked out on a case-by-case contractual basis.
@@ Line 283: / Line 306: @@
 External hardware may bring viruses or malware that can contaminate company systems and cost the company time and money to rectify.
-====   Usage   ====
+==== Usage ====
 For security reasons there shall be limits on the usage of hardware not provided by the company. External devices should not be connected to company computers or equipment. This includes (but is not limited to) external storage devices such as USB flash drives, memory cards (i.e. SD cards and Compact Flash), external hard-drives, optical discs, and media players.
-To facilitate this policy the IT staff may take measures to prevent external USB devices from being mounted  (to mount a device is to connect it and have its files accessible to the computer system).
+To facilitate this policy the IT staff may take measures to prevent external USB devices from being mounted (to mount a device is to connect it and have its files accessible to the computer system).
-===== Backups =====
+==== Backups ====
 To protect the company we run a variety of backup systems.
@@ Line 295: / Line 318: @@
 Regular copies of the databases and other data are made. If there is a failure in the IT infrastructure, the IT department will restore data from a previous backup but some data may potentially be lost.
-====   RAID Systems   ====
+==== RAID Systems ====
 Each server makes use of RAID technology. RAID stands for ‘Redundant Array of Independent Disks’ and is where multiple hard-drives are used to create one fault-tolerant storage system. This is a first layer of protection against hardware failure.
-====   Replication   ====
+==== Replication ====
 Data stored on the main server is replicated throughout the day to the server in the Spanish office. There is also a dedicated backup server upstairs.
-====   Off-site backups   ====
+==== Off-site backups ====
 Regular (daily) backups are made to one of two portable hard-drives downstairs. Each day a drive will be taken away from the office in case of a disaster. The next day the drive taken will be swapped with the drive in use.
-====   File storage   ====
+==== File storage ====
 All data should be stored in the company server and not on local computers. Files stored on computers locally will not be backed up and may be lost in the event that the local machine has a failure.
@@ Line 323: / Line 346: @@
 The company may use surveillance cameras for safety and security reasons.
-  * The employee should be aware that they may be monitored while working for the company.
+  * The employee should be aware that they may be monitored while working for the company
-  * The employee consents to the collection of information in this way.
+  * The employee consents to the collection of information in this way
-The company will abide by the provisions of the Data Protection Act 1998 when collecting and storing such information.
+The company will abide by the relevant laws including the provisions of the Data Protection Act 1998 and GDPR when collecting and storing such information.
 Webcams may be fitted and used for communication. They are not used to surveil staff.
@@ Line 332: / Line 355: @@
 ===== Treatment of Confidential Information =====
-Information about customers is personal data and should be treated with care. Under the Data Protection Act 1998, staff are legally obligated to keep customer’s personal data confidential. Data should not be transferred outside of the European Economic Area. Personal data as defined by the act is “data which relate to a living individual who can be identified” from the data or data likely to be in possession of who is in control of the data.
+Information about customers is personal data and should be treated with care. Under the Data Protection Act 1998, staff are legally obligated to keep customer’s personal data confidential. The same is true under the GDPR (General Data Protection Regulation).
+Data should not be transferred outside of the European Economic Area. Personal data is defined legally as “data which relate to a living individual who can be identified” from the data or data likely to be in possession of who is in control of the data.
 Customer information should not be transferred outside of the company. It should not be distributed, disclosed or disseminated in any manner. Employees should not use customer information except for purposes for which they have been authorised.
 Financial information should also be treated as confidential and may not be disseminated freely.
+ \\
+Signed by User: __ Signature: __
+Date: / /
+ \\
+Signed by Manager: __ Signature: __
+Date: / /