Acceptable Use Policy

This Acceptable Usage Policy covers the security and use of all TLC VA’s information and IT equipment. It also includes the use of email, internet, voice and mobile IT equipment. This policy applies to all TLC VA employees, contractors and agents (hereafter referred to as ‘individuals’).

This policy applies to all information, in whatever form, relating to TLC VA’s business activities worldwide, and to all information handled by TLC VA relating to other organisations with whom it deals. It also covers all IT and information communications facilities operated by TLC VA or on its behalf.

Computer Access Control – Individual’s Responsibility
Access to the TLC VA’s IT systems is controlled by the use of User IDs, passwords and/or tokens. All User IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the TLC VA’s IT systems.
Individuals must not:
• Allow anyone else to use their user ID/token and password on any TLC VA IT system.
• Leave their user accounts logged in at an unattended and unlocked computer.
• Use someone else’s user ID and password to access TLC VA IT systems.
• Leave their password unprotected (for example writing it down).
• Perform any unauthorised changes to TLC VA IT systems or information.
• Attempt to access data that they are not authorised to use or access.
• Exceed the limits of their authorisation or specific business need to interrogate the
system or data.
• Connect any non-TLC VA authorised device to the TLC VA network or IT systems.
• Store TLC VA data on any non-authorised TLC VA equipment.
• Give or transfer TLC VA data or software to any person or organisation. outside TLC VA without the authority of TLC VA.

Line managers must ensure that individuals are given clear direction on the extent and limits
of their authority with regard to IT systems and data.

Internet and email Conditions of Use
Use of TLC VA internet and email is intended for business use. Personal use is permitted where such use does not affect the individual’s business performance, is not detrimental to TLC VA in any way, not in breach of any term and condition of employment and does not place the individual or TLC VA in breach of statutory or other legal obligations. All individuals are accountable for their actions on the internet and email systems.

Individuals must not:
• Use the internet or email for the purposes of harassment or abuse.
• Use profanity, obscenities, or derogatory remarks in communications.
• Access, download, send or receive any data (including images), which TLC VA considers offensive in any way, including sexually explicit, discriminatory, defamatory or libellous material.
• Use the internet or email to make personal gains or conduct a personal business.
• Use the internet or email to gamble.
• Use the email systems in a way that could affect its reliability or effectiveness, for
example distributing chain letters or spam.
• Place any information on the Internet that relates to TLC VA, alter any information about it, or express any opinion about TLC VA, unless they are specifically authorised to do this.
• Send unprotected sensitive or confidential information externally.
• Forward TLC VA mail to personal TLC VA email accounts (for example a personal Hotmail account).
• Make official commitments through the internet or email on behalf of TLC VA unless authorised to do so.
• Download copyrighted material such as music media (MP3) files, film and video files (not
an exhaustive list) without appropriate approval.
• In any way infringe any copyright, database rights, trademarks or other intellectual property.
• Download any software from the internet without prior approval of the IT Department.
• Connect TLC VA devices to the internet using non-standard connections. Clear Desk and Clear Screen Policy
In order to reduce the risk of unauthorised access or loss of information, TLC VA enforces a clear desk and screen policy as follows:
• Personal or confidential business information must be protected using security features
provided for example secure print on printers.
• Computers must be logged off/locked or protected with a screen locking mechanism
controlled by a password when unattended.
• Care must be taken to not leave confidential material on printers or photocopiers.
• All business-related printed matter must be disposed of using confidential waste bins or
shredders.

All data that is created and stored on TLC VA computers is the property of TLC VA and there is no official provision for individual data privacy, however wherever possible TLC VA will avoid opening personal emails. IT system logging will take place where appropriate, and investigations will be commenced where reasonable suspicion exists of a breach of this or any other policy. TLC VA has the right (under certain conditions) to monitor activity on its systems, including internet and email use, in order to ensure systems security and effective operation, and to protect against misuse.
Any monitoring will be carried out in accordance with audited, controlled internal processes,
the UK Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000 and the
Telecommunications (Lawful Business Practice Interception of Communications)
Regulations 2000.
This policy must be read in conjunction with:
• Computer Misuse Act 1990
• Data Protection Act 1998

All breaches of information security policies will be investigated. Where investigations reveal misconduct, disciplinary action may follow in line with TLC VA disciplinary procedures.

%d bloggers like this: