Differences

This shows you the differences between two versions of the page.

--- company_policies:it_policy [2019/11/14 15:35] – john
+++ company_policies:it_policy [2019/11/14 15:52] (current) – [Footer] john
@@ Line 1: / Line 1: @@
+{{:impamark_solid_cmyk_with_strap_new_600.png?400x110}}
 ====== Information and Communications Technology Policy ======
@@ Line 4: / Line 6: @@
 Version 1.3
-\\
-Contents\\
-Statement of Intent   4\\
-Scope   4\\
-Ownership   4\\
-Employees’ liabilities   4\\
-Computers and Associated Hardware and Software   5\\
-Home Computers   5\\
-Passwords   5\\
-Password security   5\\
-Password Strength   5\\
-Internet Usage   6\\
-Monitoring and logging   6\\
-For business purposes only   6\\
-A privilege – not a right   6\\
-Discretion   6\\
-Internet access levels   6\\
-Wi-Fi   6\\
-Email   7\\
-Security - viruses   7\\
-Internet Mail Systems   7\\
-Email Software   7\\
-Plain Text and HTML email   7\\
-Encryption and signing   8\\
-Email Addresses   8\\
-User Obligations   8\\
-Email Privacy   8\\
-Email Personal Use   9\\
-Footer   9\\
-Attachments   9\\
-Folders and Filtering   10\\
-Web Browsing   10\\
-Personal Usage   10\\
-Advert Blocking Software    10\\
-Safe Browsing   10\\
-Instant messaging   10\\
-RocketChat   11\\
-Skype   11\\
-Phones   11\\
-Desk Phones   11\\
-Mobile Phones   11\\
-Use during Working hours   12\\
-Charging   12\\
-Software   12\\
-Installation   12\\
-Intellectual Property   12\\
-External Hardware Usage   12\\
-Usage   13\\
-Backups   13\\
-RAID Systems   13\\
-Replication   13\\
-Off-site backups   13\\
-File storage   13\\
-Media Statements   13\\
-Personal Social Media   14\\
-Use of Surveillance Cameras   14\\
-Treatment of Confidential Information   14
 ===== Statement of Intent =====
@@ Line 152: / Line 96: @@
   * General unlimited access – Impamark does not limit access staff have to network. Impamark does not block any websites and staff are trusted to use IT infrastructure appropriately.
-==== Wi-Fi ====
+===== Wi-Fi =====
 Along with wired internet access, Impamark also has wireless internet access available. As with wired internet access, the Wi-Fi should not be used for personal use during work hours.
@@ Line 158: / Line 102: @@
 In the UK office there are two different Wi-Fi connections available, ‘TEST’ and ‘General’. TEST is for internal use only – that is for use by staff. ‘General’, like the name would suggest, is for general use (for example for those external to the company i.e. visitors). While the password for General is more likely to change than the one for TEST, either may be changed at the discretion of the IT department. Please consult the IT department if the password is required.
-==== Email ====
+===== Email =====
 Emails are one of the two primary sources of communication at Impamark. Email has its benefits but can also be a great time waster.
@@ Line 178: / Line 122: @@
 Email accounts are set up and maintained in the company internal systems. Accounts with external Internet Service Providers (ISPs), or stand-alone email providers, should not be set up.
-Email Software
+==== Email Software ====
 Currently Mozilla Thunderbird is used to send and receive emails. Additionally our CRM, vTiger, can be used to send emails.
-Plain Text and HTML email
+==== Plain Text and HTML email ====
 In order to embed images and graphics within the body of an email, many companies use HTML email. Although attractive it can lead to issues with legibility. For most emails Impamark prefers the use of plain text as it can be read easily on any device.
-Encryption and signing
+==== Encryption and signing ====
 A ‘signed’ email verifies that the person purported to have sent the email actually sent it. Encrypting an email ensures that only those meant to read message can.
@@ Line 192: / Line 136: @@
 Impamark currently uses Enigmail for OpenPGP support. This allows emails between members of staff and clients to be signed, encrypted, or both signed and encrypted. The IT department will generate encryption keys where appropriate. They should not be altered in anyway, or used for personal communications.
-Email Addresses
+==== Email Addresses ====
 Email addresses must conform to a company address standard. This means that users’ email addresses conform to username@impamark.co.uk where the username is usually the user’s first name. Some general addresses exist such as info@impamark.co.uk which forwards all emails received to multiple people.
@@ Line 198: / Line 142: @@
 The company has a backup Gmail account, sovereign.insignia@gmail.com. It can be used if staff are having trouble with sending or receiving emails to or from a particular person. If emails are bouncing the IT department should be consulted. Emails sent to this account may be read but the account should not be used to send emails unless authorised.
-User Obligations
+==== User Obligations ====
 Users provided with email have an obligation to read emails received, and if necessary respond in a timely fashion. Not all emails and instant messages may require an immediate response. A balance should be struck between a timely response and limiting the interruption of a staff member’s normal work-flow.
@@ Line 206: / Line 150: @@
 Staff should not subscribe to email services for the purpose of sending or receiving inappropriate material including material which is offensive, pornographic, or creating an unnecessary burden on the network. Users are obligated to not send inappropriate or offensive emails as they reflect on the company and may bring it into disrepute. Users should not represent their opinions as those of the company.
-Email Privacy
+==== Email Privacy ====
 The company is at liberty to read any employee emails at any time without notice.
-Email Personal Use
+==== Email Personal Use ====
 Email is strictly for company use only. Emails should not be used for personal private matters.
-Footer
+==== Footer ====
 Users should have an email signature of a form similar to:
-Person Name - Job Role \\
+<file>
+Person Name - Job Role
 +44 (0)1621 783550
-Please consider the environment before printing this email \\
+Please consider the environment before printing this email
 Only print if necessary, and where appropriate only those pages required
+www.facebook.com/ImpamarkPBM
-www.facebook.com/ImpamarkPBM \\
+www.impamark-promotional-merchandise.co.uk
-www.impamark-promotional-merchandise.co.uk \\
+www.regimentalmerchandise.co.uk
-www.regimentalmerchandise.co.uk \\
+www.impamark-promotional-merchandise.co.uk/blog
-www.impamark-promotional-merchandise.co.uk/blog \\
 www.twitter.com/Impamark
- \\
+Officially Licensed by the MOD and Suppliers to HM Forces
-Officially Licensed by the MOD and Suppliers to HM Forces \\
 Member of the British Promotional Merchandise Association
-Top 25 Winner - Distributor of the year Awards \\
+Celebrating 50 years as a family-run business
-Top 25 Winner - Distributor of the year Awards \\
+Top 25 Winner - Distributor of the year Awards
-James Norman Award for services to the Envoy Group \\
+Top 25 Winner - Distributor of the year Awards
-Celebrated 40 years as a family run business \\
+Top 25 Winner - Distributor of the year Awards
-Finalist of the Essex County Business Awards \\
+James Norman Award for services to the Envoy Group
-  Business to Business Category \\
+Celebrated 40 years as a family run business
-Winner of the Mid Essex Business Awards \\
+Finalist of the Essex County Business Awards
-  Business to Business Category
+         Business to Business Category
+Winner of the Mid Essex Business Awards
+         Business to Business Category
+Sovereign Insignia Limited T/A Impamark
+Dammerwick Farm, Marsh Road, Burnham on Crouch, Essex, CM0 8NB
+Tel 01621 783550 Fax 01621 784548
+</file>
+The IT department will implement this for users and it should not be altered without prior authorisation.
-Sovereign Insignia Limited T/A Impamark \\
+==== Attachments ====
-Dammerwick Farm, Marsh Road, Burnham on Crouch, Essex, CM0 8NB \\
-Tel 01621 783550  Fax 01621 784548
-The IT department will implement this for users and it should not be altered without prior authorisation. \\
-Attachments \\
 Due to the nature of our business we receive many large attachments such as artwork. Note that very large attachments are automatically blocked from being received so it does not impact network performance.
@@ Line 257: / Line 208: @@
 EPS files (used for vector artwork) should not be sent to customers as customers are unlikely to be able to open and view them. Instead please, when sending artwork to customers, export EPS artwork as a PDF. EPS files should only be sent to suppliers.
-Folders and Filtering
+==== Folders and Filtering ====
 Email filtering can be used to automatically move emails to certain folders in Thunderbird. Please consult the IT department if this is desired.
-Impamark however encourages that staff limit the use of folders and sub-folders. With many customers the number of folders can easily become excessive.  Too many folders and sub-folders can make it harder for staff to find emails (especially staff who are looking through another staff-member’s emails).
+Impamark however encourages that staff limit the use of folders and sub-folders. With many customers the number of folders can easily become excessive. Too many folders and sub-folders can make it harder for staff to find emails (especially staff who are looking through another staff-member’s emails).
 Thunderbird also includes an alternative to folders, which can be less messy, which is email tags. Emails can be tagged to be under a particular category and colour-coded. This can make searching easier.
-Web Browsing
+===== Web Browsing =====
 Web browsers are one of the primary tools used in the company.
-Personal Usage
+==== Personal Usage ====
 The use of web browsers for personal reasons during work hours is not permitted unless authorised or in an emergency. This includes the accessing of personal email and the use of personal social media accounts.
-Advert Blocking Software
+==== Advert Blocking Software ====
 Impamark uses software to block advertising on web-pages. This software is a web browser extension for both Mozilla Firefox and Google Chrome known as Ublock Origin. While doing little else than blocking advertising there is the potential that it could affect the usability of certain sites. Please consult with the IT department if needed.
-Safe Browsing
+==== Safe Browsing ====
 Staff should be wary of unknown websites. Some websites may cause the downloading of malicious software which could compromise the system. Software from outside the company should not be run without proper authorisation.
@@ Line 283: / Line 234: @@
 Web sites which use HTTPS instead of HTTP are preferred as they are more secure. HTTPS adds a layer of encryption which prevents third parties tampering with the contents of a site in-transit. Both Chrome and Firefox indicate that a website uses HTTPS with a green padlock graphic.
-Instant messaging
+===== Instant messaging =====
 In order to help coordinate the UK and Spanish offices we use both phones and Instant Messaging. Instant Messaging has the benefit of keeping a record of conversations for later reference.
-RocketChat
+==== RocketChat ====
 Rocketchat was introduced to replace the company’s use of Skype. It is used to send messages between individual staff members, to multiple staff members at once, and to make video-calls. Generally it is for employee conversations only but it is possible that customers could be added if required. Please contact the IT Department accordingly.
-The server-side software is controlled by Impamark. In order to use Rocketchat client software can be used or employees can log-in via a web browser via https://chat.impamark.co.uk
+The server-side software is controlled by Impamark. In order to use Rocketchat client software can be used or employees can log-in via a web browser via [[https://chat.impamark.co.uk|https://chat.impamark.co.uk]]
-Skype
+==== Skype ====
 We no longer use Skype for communications. However we do maintain some Skype accounts for customer contact as required. If you require a Skype account for work please contact the IT department. Personal Skype accounts, or adding personal contacts to a work account, are not permitted.
-Phones
+===== Phones =====
 Phones are an important tool and an integral part of Impamark’s working procedure.
-Desk Phones
+==== Desk Phones ====
 Each desk is currently supplied with two phones. One is a Mitel IP phone and the other is a Telrad phone. The Telrad phones will be phased out so only IP phones will be used eventually.
-  • Telrad – 01621 783550 \\
+Telrad – 01621 783550
-  ◦ This is the main phone with four incoming/outgoing lines
-  • Mitel – 01621 834980 \\
+This is the main phone with four incoming/outgoing lines
-  ◦ This is a test SIP system with two incoming/outgoing lines
+Mitel/Grandstream – 01621 834980
+This is a test SIP system with two incoming/outgoing lines
 Every phone is capable of ringing any UK number, ringing anyone within the UK office, and ringing out to Spain to the Spanish office.
@@ Line 317: / Line 270: @@
 The phones are available as a business tool and private calls are not permitted without authorisation.
-Mobile Phones
+==== Mobile Phones ====
 Mobile phones should not be used during working hours, unless the use of mobile phones is a necessary component of a staff member’s job or prior authorisation is obtained.
-Use during Working hours
+==== Use during Working hours ====
 The use of personal mobile phones in the workplace is not allowed during working hours. This includes text messages and all mobile messaging including Facebook, Whatsapp etc. However, you may use your mobile phone during your normal contractual break periods.
@@ Line 329: / Line 282: @@
 Sales staff at an event would be permitted to use their phones to contact the company, at an event for example. Similarly, IT staff would be permitted to use mobile phones in maintenance of company infrastructure.
-Charging
+==== Charging ====
 To prevent the spread of malware to the company networks employees should not use USB cables to connect their phones to computers for charging purposes.
@@ Line 335: / Line 288: @@
 The use of USB cables for charging is not permitted unless an adapter is used so that it draws power using a mains plug. Employees may charge mobile phones using a charger at the wall. Spare USB to mains plug adaptors may be available for use.
-Software
+===== Software =====
 We use a large variety of Open Source software on our systems. N.B. Windows programs will NOT work on Linux desktops. Please do not try and install them.
-Installation
+==== Installation ====
 Under normal operating procedures, IT staff will be responsible for the installation of software onto desktop and laptop computers. Normally users are trusted to install updates. If software beyond the standard installed applications is required. The standard set of software used by the company may change at any time at the discretion of the company.
@@ Line 345: / Line 298: @@
 Staff should not download or install software from outside sources.
-Intellectual Property
+==== Intellectual Property ====
 Code which is written in-house is to remain the intellectual property of the company, Impamark. The copyright concerning bespoke software written by outside individuals will be worked out on a case-by-case contractual basis.
-External Hardware Usage
+===== External Hardware Usage =====
-External hardware may bring viruses or malware that can contaminate company systems and cost the company time and money to rectify. \\
+External hardware may bring viruses or malware that can contaminate company systems and cost the company time and money to rectify.
-Usage
+==== Usage ====
 For security reasons there shall be limits on the usage of hardware not provided by the company. External devices should not be connected to company computers or equipment. This includes (but is not limited to) external storage devices such as USB flash drives, memory cards (i.e. SD cards and Compact Flash), external hard-drives, optical discs, and media players.
-To facilitate this policy the IT staff may take measures to prevent external USB devices from being mounted  (to mount a device is to connect it and have its files accessible to the computer system).
+To facilitate this policy the IT staff may take measures to prevent external USB devices from being mounted (to mount a device is to connect it and have its files accessible to the computer system).
-Backups
+==== Backups ====
 To protect the company we run a variety of backup systems.
@@ Line 364: / Line 318: @@
 Regular copies of the databases and other data are made. If there is a failure in the IT infrastructure, the IT department will restore data from a previous backup but some data may potentially be lost.
-RAID Systems
+==== RAID Systems ====
 Each server makes use of RAID technology. RAID stands for ‘Redundant Array of Independent Disks’ and is where multiple hard-drives are used to create one fault-tolerant storage system. This is a first layer of protection against hardware failure.
-Replication
+==== Replication ====
 Data stored on the main server is replicated throughout the day to the server in the Spanish office. There is also a dedicated backup server upstairs.
-Off-site backups
+==== Off-site backups ====
 Regular (daily) backups are made to one of two portable hard-drives downstairs. Each day a drive will be taken away from the office in case of a disaster. The next day the drive taken will be swapped with the drive in use.
-File storage
+==== File storage ====
-All data should be stored in the company server and not on local computers. Files stored on computers locally will not be backed up and may be lost in the event that the local machine has a failure. \\
+All data should be stored in the company server and not on local computers. Files stored on computers locally will not be backed up and may be lost in the event that the local machine has a failure.
-Media Statements
+===== Media Statements =====
 Please refer all press or media enquires to Nicola Crisp, the Managing Director. Staff should not organise, hold meetings or make contact with the press or media (traditional or online) individually. If someone from the media makes contact for any reason please refer them to the managing director.
-Personal Social Media
+===== Personal Social Media =====
-While employed by Impamark, staff should not write material on personal social media that may bring the company into disrepute. This may be grounds for dismissal. \\
+While employed by Impamark, staff should not write material on personal social media that may bring the company into disrepute. This may be grounds for dismissal.
-Use of Surveillance Cameras
+===== Use of Surveillance Cameras =====
 The company may use surveillance cameras for safety and security reasons.
-  • The employee should be aware that they may be monitored while working for the company. \\
+  * The employee should be aware that they may be monitored while working for the company
-  • The employee consents to the collection of information in this way.
+  * The employee consents to the collection of information in this way
+The company will abide by the relevant laws including the provisions of the Data Protection Act 1998 and GDPR when collecting and storing such information.
+Webcams may be fitted and used for communication. They are not used to surveil staff.
-The company will abide by the relevant laws including the provisions of the Data Protection Act 1998  and GDPR when collecting and storing such information.
+===== Treatment of Confidential Information =====
-Webcams may be fitted and used for communication. They are not used to surveil staff. \\
-Treatment of Confidential Information \\
 Information about customers is personal data and should be treated with care. Under the Data Protection Act 1998, staff are legally obligated to keep customer’s personal data confidential. The same is true under the GDPR (General Data Protection Regulation).
@@ Line 406: / Line 364: @@
  \\
-Signed by User: __________________________       Signature:  ______________________
+Signed by User: __ Signature: __
-Date:   ____ / ____ / ____
+Date: / /
  \\
-Signed by Manager: ______________________       Signature:  ______________________
+Signed by Manager: __ Signature: __
-Date:   ____ / ____ / ____
+Date: / /