Convivio Cookbook
  • Introduction
  • Our Business
    • The Convivio brand
    • What do we do?
    • Our work for clients
    • Our Purpose
    • Our Pulse
      • Big Rocks
      • Problems
    • Company Policies
      • Environmental Policy
      • Anti-Bribery Policy
      • Fair Tax Policy
        • Dividends policy
        • 2020 Results and Tax
        • 2019 Results and Tax
        • 2018 Results and Tax
        • 2017 Results and Tax
  • Our Team
    • Help! I'm new. How do I get started?
    • Starting at Convivio
    • Staff Benefits
    • Being a buddy
    • Having a buddy
    • Free-Range Working
    • Convivio Fridays
    • Notes: give & receive feedback
    • Security Screening
    • Submit Expenses
    • Purchases
    • Your home working environment
    • People Analytics
    • Recruitment
      • Help Card: Writing a Person Profile
      • Help Card: Writing a Job Description and Advert
      • Help Card: Publishing a Job Advert
      • Help Card: Reviewing CVs
      • Help Card: Preparing and Conducting Structured Interviews
      • Help Card: Preparing and Conducting Remote Working Interviews
    • Team Policies
      • Security Policy
        • Acceptable Use Policy
        • Business Continuity Management
        • Data Usage Policy
        • Document Access Policy
        • Mobile Equipment Policy
        • Two-Factor Authentication (2FA)
        • VPN Guide
      • Equal Opportunities
      • Grievance Procedure
      • Disciplinary Procedure
    • Taking time off work
      • Holiday
      • Sickness
    • Peer reviews
    • Mental Health
      • Mental Health Training
      • Mental Health First Aid
      • Returning to work
      • Resources
    • Continuing Professional Development
      • CPD Annual Planning
      • CPD Sprints & Scrums
      • CPD Annual Review
      • CPD Annual Retrospective
  • Our Clients
    • Principles For Building New Client Relationships
    • Researching
    • Connecting
    • Nurturing
    • Assessing
    • Learning and Thinking
    • Pre-qualification questionnaires
    • Proposing
    • Agreeing
    • Beginning
    • Inspiration
  • Our Marketing
    • Content Publishing
      • Git Repository Conventions
      • Help Card: Writing a Case Study
    • Brand Guidelines
      • Content Guidelines
      • Branded Documents and Reports
  • Our Tools
    • Infrastructure
      • External Firewalls
  • Internal Projects
    • How we improve our business
  • Client Projects
    • Delivery Launch
    • Delivery Team
      • Convivio People
      • The Coach
      • User Researcher
      • Other Team Members
    • Digital Strategy
    • Discovery
      • Discovery Briefing
      • Discovery Planning
      • Discovery Modules
      • Discovery Findings
      • Discovery Principles
      • Prepare for prototyping
    • Prototyping
      • Inputs to Prototyping
      • Prototyping Objectives
      • Prototyping Inception
      • Prototyping Sprints
      • Prototyping Outputs
    • Build
      • Inputs to Build
      • Build Kickoff
      • User Stories
      • Backlog Management
      • Backlog Scouting
      • Sprint Planning
      • Sprinting
        • Daily Standup
        • Story Lifecycle
        • Design in Sprints
        • User Testing in Sprints
        • Quality Control in Sprints
      • Sprint Review
      • Sprint Retrospective
    • Service Management
    • Digital Service Standards
      • Delivery Methodologies
        • Scrum
        • Kanban
        • Lean
          • Technical Standards
        • Code Quality
        • Testing
        • Automation
          • Security Standards
          • Quality Standards
          • Risk Standards
    • Delivery Governance
      • Steering Group
      • Risk Management
        • Risk Attitude
        • Assessing Risks
    • Delivery Help Cards
      • Help Card - Sprint Planning
      • Help Card - Sprint Review
      • Help Card - Sprint Retrospective
      • Help Card - Product Owner Feedback
      • Help Card - Common Issues
      • Help Card - Slack
      • Help Card - Github
      • Help Card - Trello
  • Our Recipes
    • Convivio Classic Cocktails
      • Ingredients
      • Tips and Techniques
      • Martini
      • Negroni
      • Manhattan
      • Old Fashioned
    • Potage Dubarry (or, creamy cauliflower soup) with spiced green pepper
    • Roasted Sweet Potato in a Herb and Nut Salad, with Maple Chilli Dressing
    • Aubergine Curry
    • Vegetarian Paella
    • Easy Ice Cream
Powered by GitBook
On this page
  • Scope and Objectives of Process
  • Unacceptable Use of I.T. Infrastructure
  • Network User Agreement - Restrictions
  • Data Protection Act and Computer Misuse Act
  • Risk Management
  1. Our Team
  2. Team Policies
  3. Security Policy

Acceptable Use Policy

PreviousSecurity PolicyNextBusiness Continuity Management

Last updated 5 years ago

This policy summarises what is considered acceptable use of hardware and software at Convivio. We need to implement rules and controls to protect employees and to control the risks around loss of confidentiality, digital attacks, network and system compromises and legal issues. This document and all supporting document forms our alignment with the ISO 27001 Information Security Management System.

Scope and Objectives of Process

It's the responsibility of all Convivio employees and contractors to exercise good judgement when using company assets for personal use. Any and all Information Technology (I.T.) equipment, software and associated services are provided to staff for business use though an amount of personal use is expected and accepted.

Passwords must be kept secure and only shared using acceptable methods. Employees and contractors are responsible for the security of their passwords and accounts. Sharing of passwords does not include individual login credentials allocated to an individual.

Laptops, tablets, handheld devices and workstations must be secured by a password protected screensaver with automatic activation of 15 minutes or less. A guide to acceptable password security is available on our page.

Because information contained on portable computers and handheld devices is especially vulnerable, special care should be exercised in protecting it.

Employ extreme caution when opening e-mail attachments received from unknown senders, they may contain viruses, e-mail bombs, or malware.

Confidential emails must only be sent via authorised routes.

All breaches (including suspected or otherwise) of Information Security must be reported to the management.

Unacceptable Use of I.T. Infrastructure

Account details should not be divulged to others including usernames or passwords, this includes members of family when work is being undertaken from home.

Users shall not install or use unlicensed software or introduce malicious programs deliberately or carelessly to any Convivio, client or supplier server (e.g. viruses, worms, etc).

There should be no unauthorised copying of copyrighted materials.

Staff should be aware of effecting security breaches including, but not limited to, accessing data of which the employee is not the intended recipient or logging into a server or account that you are not expressly authorised access to unless these duties are within the scope of regular duties.

Users should not send unsolicited email messages, these include:

  • “junk mail” or other advertising material to individuals who did not specifically request such material (email spam)

  • Any form of harassment or bullying via email

  • Email for any other email address, other than the poster’s account, with the intent to harass or to collect replies

  • Creating or forwarding of “chain letters”

No member of staff is permitted to access, display or download from Internet sites that hold offensive material.

Due to the insecure nature of Internet mail, users must consider Internet email to be public information. Unencrypted customer identifiable Information, confidential material or government classified information must not be transmitted over the Internet.

Network User Agreement - Restrictions

Convivio staff and its contractors must not attempt or by their actions or deliberate inaction assist others to attempt:

  • Unauthorised access to hardware platforms;

  • Unauthorised introduction of software or hardware components to the network;

  • Unauthorised modification of network components;

  • Unauthorised attempts to access networks from other networks;

  • Unauthorised attempts to access other networks from within networks;

  • Unauthorised circumvention of security features such as firewalls, passwords, etc.;

  • Unauthorised copying or distribution of software, documentation or media associated with trust systems;

  • Unauthorised removal of hardware, software, documentation or media associated with trust systems;

Data Protection Act and Computer Misuse Act

All Convivio staff and its contractors are subject to the provisions of the Data Protection Act and the Computer Misuse Act. Copies of these Acts are available upon request from the Management.

Risk Management

Convivio staff shall respect the confidentiality and privacy of individuals whose records they access; to observe any restrictions that apply to sensitive data; and to abide by legislation, policies, procedures, and guidelines with respect to access, use or disclosure of information.

The unauthorised disclosure of customer data in any medium, except as required by an employee’s job responsibilities is expressly forbidden, as is the access or use of any customer data for one’s own personal gain, or profit, or to satisfy one’s personal curiosity or that of others.

It is the responsibility of the Line Manager and/or Project Director to ensure this policy is deployed within their area of responsibility.

Security