Acceptable Use Policy
This policy summarises what is considered acceptable use of hardware and software at Convivio. We need to implement rules and controls to protect employees and to control the risks around loss of confidentiality, digital attacks, network and system compromises and legal issues. This document and all supporting document forms our alignment with the ISO 27001 Information Security Management System.
It's the responsibility of all Convivio employees and contractors to exercise good judgement when using company assets for personal use. Any and all Information Technology (I.T.) equipment, software and associated services are provided to staff for business use though an amount of personal use is expected and accepted.
Passwords must be kept secure and only shared using acceptable methods. Employees and contractors are responsible for the security of their passwords and accounts. Sharing of passwords does not include individual login credentials allocated to an individual.
Laptops, tablets, handheld devices and workstations must be secured by a password protected screensaver with automatic activation of 15 minutes or less. A guide to acceptable password security is available on our Security page.
Because information contained on portable computers and handheld devices is especially vulnerable, special care should be exercised in protecting it.
Employ extreme caution when opening e-mail attachments received from unknown senders, they may contain viruses, e-mail bombs, or malware.
Confidential emails must only be sent via authorised routes.
All breaches (including suspected or otherwise) of Information Security must be reported to the management.
Account details should not be divulged to others including usernames or passwords, this includes members of family when work is being undertaken from home.
Users shall not install or use unlicensed software or introduce malicious programs deliberately or carelessly to any Convivio, client or supplier server (e.g. viruses, worms, etc).
There should be no unauthorised copying of copyrighted materials.
Staff should be aware of effecting security breaches including, but not limited to, accessing data of which the employee is not the intended recipient or logging into a server or account that you are not expressly authorised access to unless these duties are within the scope of regular duties.
Users should not send unsolicited email messages, these include:
- “junk mail” or other advertising material to individuals who did not specifically request such material (email spam)
- Any form of harassment or bullying via email
- Email for any other email address, other than the poster’s account, with the intent to harass or to collect replies
- Creating or forwarding of “chain letters”
No member of staff is permitted to access, display or download from Internet sites that hold offensive material.
Due to the insecure nature of Internet mail, users must consider Internet email to be public information. Unencrypted customer identifiable Information, confidential material or government classified information must not be transmitted over the Internet.
Convivio staff and its contractors must not attempt or by their actions or deliberate inaction assist others to attempt:
- Unauthorised access to hardware platforms;
- Unauthorised introduction of software or hardware components to the network;
- Unauthorised modification of network components;
- Unauthorised attempts to access networks from other networks;
- Unauthorised attempts to access other networks from within networks;
- Unauthorised circumvention of security features such as firewalls, passwords, etc.;
- Unauthorised copying or distribution of software, documentation or media associated with trust systems;
- Unauthorised removal of hardware, software, documentation or media associated with trust systems;
All Convivio staff and its contractors are subject to the provisions of the Data Protection Act and the Computer Misuse Act. Copies of these Acts are available upon request from the Management.
Convivio staff shall respect the confidentiality and privacy of individuals whose records they access; to observe any restrictions that apply to sensitive data; and to abide by legislation, policies, procedures, and guidelines with respect to access, use or disclosure of information.
The unauthorised disclosure of customer data in any medium, except as required by an employee’s job responsibilities is expressly forbidden, as is the access or use of any customer data for one’s own personal gain, or profit, or to satisfy one’s personal curiosity or that of others.
It is the responsibility of the Line Manager and/or Project Director to ensure this policy is deployed within their area of responsibility.