26/ IT & Communications Acceptable Use

DEFINITION

For the purposes of this document, references to “Reprotec UK Ltd” refers also to its subsidiary companies, customers (whether prospect or contracted), organisations and systems.

OVERVIEW

Reprotec UK Ltd is committed to protecting Reprotec UK Ltd employees, partners and the company from illegal or damaging actions by individuals, either knowingly or unknowingly.

Internet/Intranet/Extranet-related systems, including but not limited to computer equipment, software, operating systems, storage media, network accounts providing electronic mail, WWW browsing, and FTP, are the property of Reprotec UK Ltd. These systems are to be used for business purposes in serving the interests of the company, our clients and customers in the course of normal operations.

Effective security is a team effort involving the participation and support of every Reprotec UK Ltd employee and affiliate who deals with information and/or information systems. It is the responsibility of every computer user to know these guidelines and to conduct their activities accordingly.

PURPOSE

The purpose of this policy is to outline the acceptable use of computer equipment at Reprotec UK Ltd. These rules are in place to protect the employee and Reprotec UK Ltd. Inappropriate use exposes Reprotec UK Ltd to risks including virus attacks, compromise of network systems and services, and legal issues.

SCOPE

This policy applies to the use of information, electronic and computing devices, and network resources to conduct Reprotec UK Ltd business or interact with internal networks and business systems, whether owned or leased by Reprotec UK Ltd, the employee or a third party. All employees, contractors, consultants, temporary, and other workers at Reprotec UK Ltd and its subsidiaries are responsible for exercising good judgement regarding appropriate use of information, electronic devices, and

network resources in accordance with Reprotec UK’s policies and standards, and local laws and regulations. Exceptions to this policy are documented in the Policy Compliance section of this document.

This policy applies to employees, contractors, consultants, temporaries, and other workers at Reprotec UK Ltd, including all personnel affiliated with third parties. This policy applies to all equipment that is owned or leased by Reprotec UK Ltd.

GENERAL USE AND OWNERSHIP

Reprotec UK Ltd proprietary information stored on electronic and computing devices whether owned or leased by Reprotec UK Ltd, the employee or a third party, remains the sole property of Reprotec UK. You must ensure through legal or technical means that proprietary information is protected in accordance with the Data Protection Standard.

You have a responsibility to promptly report the theft, loss or unauthorised disclosure of Reprotec UK Ltd proprietary information.

You may access, use or share Reprotec UK Ltd proprietary information only to the extent it is authorised and necessary to fulfil your assigned job duties.

Employees are responsible for exercising good judgement regarding the reasonableness of personal use. Individual departments are responsible for creating guidelines concerning personal use of Internet/Intranet/Extranet systems. In the absence of such policies, employees should be guided by departmental policies on personal use, and if there is any uncertainty, employees should consult their Line Manager or a Director.

For security and network maintenance purposes, authorised individuals within Reprotec UK Ltd may monitor equipment, systems and network traffic at any time.

Reprotec UK Ltd reserves the right to audit networks and systems on a periodic basis to ensure compliance with this policy.

SECURITY AND OWNERSHIP

All mobile and computing devices that connect to the internal network must comply with the Acceptable Usage Policy.

Employees must use extreme caution when opening email attachments received from unknown senders, which may contain malware.

UNACCEPTABLE USE

The following activities are, in general, prohibited. Employees may be exempted from these restrictions during the course of their legitimate job responsibilities (e.g., IT administration staff may have a need to disable the network access of a host if that host is disrupting production services).

Under no circumstances is an employee of Reprotec UK Ltd authorised to engage in any activity that is illegal under UK, European or international law while utilising Reprotec UK Ltd-owned resources.

The list below is by no means exhaustive but attempts to provide a framework for activities which fall into the category of unacceptable use.

PROHIBITED SYSTEM NETWORK ACTIVITIES, WITH NO EXCEPTIONS: 

1. Violations of the rights of any person or company protected by copyright, trade secret, patent or other intellectual property, or similar laws or regulations, including, but not limited to, the installation or distribution of “pirated” or other software products that are not appropriately licensed for use by Reprotec UK Ltd.

2. Unauthorised copying of copyrighted material including, but not limited to, digitization and distribution of photographs from magazines, books or other copyrighted sources, copyrighted music, and the installation of any copyrighted software for which Reprotec UK Ltd or the end user does not have an active licence is strictly prohibited.

3. Accessing data, a server or an account for any purpose other than conducting Reprotec UK Ltd business, even if you have authorised access, is prohibited.

4. Exporting software, technical information, encryption software or technology, in violation of international or regional export control laws, is illegal. The appropriate management should be consulted prior to export of any material that is in question.

5. Deliberate introduction of malicious programs into the network or server (e.g., viruses, worms, Trojan horses, e-mail bombs, etc.).

6. Revealing your Reprotec UK Ltd personal account password to others or allowing use of your account by others. This includes family and other household members when work is being done at home.

7. Using a Reprotec UK Ltd computing asset to actively engage in procuring or transmitting material that is in violation of sexual harassment or hostile workplace laws in the user’s local jurisdiction.

8. Making fraudulent offers of products, items, or services originating from any Reprotec UK Ltd account.

9. Making statements about warranty, expressly or implied, unless it is a part of normal job duties.

10. Effecting security breaches or disruptions of network communication. Security breaches include, but are not limited to, accessing data of which the employee is not an intended recipient or logging into a server or account that the employee is not expressly authorised to access, unless these duties are within the scope of regular duties. For purposes of this section, “disruption” includes, but is not limited to, network sniffing, pinged floods, packet spoofing, denial of service, and forged routing information for malicious purposes.

11. Port scanning or security scanning is expressly prohibited unless prior notification to the IT Director is made.

12. Executing any form of network monitoring which will intercept data not intended for the employee’s host, unless this activity is a part of the employee’s normal job/duty.

13. Circumventing user authentication or security of any host, network or account, unless this activity is a part of the employee’s normal job/duty.

14. Introducing honeypots, honeynets, or similar technology on the Reprotec UK Ltd network.

15. Interfering with or denying service to any user other than the employee’s host (for example, denial of service attack).

16. Using any program/script/command, or sending messages of any kind, with the intent to interfere with, or disable, a user’s terminal session, via any means, locally or via the Internet/Intranet/Extranet, unless this activity is a part of the employee’s normal job/duty.

17. Providing information about, or lists of, Reprotec UK Ltd employees to parties outside Reprotec UK Ltd, unless this activity is a part of the employee’s normal job/duty.

EMAIL AND COMMUNICATIONS

When using company resources to access and use the Internet, users must realise they represent the company. Whenever employees state an affiliation to Reprotec UK Ltd, they must also clearly indicate that ‘the opinions expressed are my own and not necessarily those of Reprotec UK Ltd’. 

PROHIBITED: 

1. Sending unsolicited email messages, including the sending of “junk mail” or other advertising material to individuals who did not specifically request such material (email spam), unless this activity is a part of the employee’s normal job/duty.

2. Any form of harassment via email, telephone or paging, whether through language, frequency, or size of messages.

3. Unauthorised use, or forging, of email header information.

4. Solicitation of email for any other email address, other than that of the poster’s account, with the intent to harass or to collect replies.

5. Creating or forwarding “chain letters”, “Ponzi” or other “pyramid” schemes of any type.

6. Use of unsolicited email originating from within Reprotec UK Ltd networks of other Internet/Intranet/Extranet service providers on behalf of, or to advertise, any service hosted by Reprotec UK Ltd or connected via The Company’ network.

7. Posting the same or similar non-business-related messages to large numbers of Usenet newsgroups (newsgroup spam).

BLOGGING 

1. Blogging by employees, whether using Reprotec UK Ltd’ property and systems or personal computer systems, is also subject to the terms and restrictions set forth in this Policy. Use of Reprotec UK Ltd’ systems to engage in blogging is acceptable, provided that it is done in a professional and responsible manner, does not otherwise violate Reprotec UK Ltd’ policy, is not detrimental to Reprotec UK Ltd’ best interests, and does not interfere with an employee’s regular work duties. Blogging from Reprotec UK Ltd’ systems may also be subject to monitoring.

2. Reprotec UK Ltd’ Confidential Information policy also applies to blogging. As such, Employees are prohibited from revealing any Company confidential or proprietary information, trade secrets or any other material covered by Reprotec UK Ltd’ Information Sensitivity Policy when engaged in blogging.

3. Employees shall not engage in any blogging that may harm or tarnish the image, reputation and/or goodwill of Reprotec UK Ltd and/or any of its employees. Employees are also prohibited from making any discriminatory, disparaging, defamatory or harassing comments when blogging or otherwise engaging in any conduct prohibited by Reprotec UK Ltd’ Non-Discrimination and Anti-Harassment policy.

4. Employees may also not attribute personal statements, opinions or beliefs to Reprotec UK Ltd when engaged in blogging. If an employee is expressing his or her beliefs and/or opinions in blogs, the employee may not, expressly or implicitly, represent themselves as an employee or representative of Reprotec UK Ltd. Employees assume any and all risks associated with blogging.

5. Apart from following all laws pertaining to the handling and disclosure of copyrighted or export controlled materials, Reprotec UK Ltd’ trademarks, logos and any other Reprotec UK Ltd intellectual property may also not be used in connection with any blogging activity

SOCIAL MEDIA

1.    Reprotec UK recognises that some employees will have personal social media accounts.  Such accounts must only be used to express personal views, and care should be exercised in all cases where you are identifiable as someone employed by Reprotec UK.

2.    Reprotec UK requires employees using social media sites to refrain from making any comments or engage in discussions which could adversely affect Reprotec UK or its reputation, or that of our customers and suppliers.

3. It is also prohibited to breach discrimination legislation or harass or bully an employee or damage working relationships between fellow employees.

4. Should any derogatory comments be posted about Reprotec UK or any employee of Reprotec UK then disciplinary action may be taken.

5.    You must not share any confidential or sensitive Reprotec UK information on social networks. 

6.    You are reminded that regardless of the social network used, or privacy settings activated, everything posted on the internet has the potential to become public and widespread.

7. All social media posts should therefore be carefully considered to ensure they fit with the professional image of you and Reprotec UK want to share online.

8. Any information posted on the internet may result in disciplinary action up to and including dismissal if it breaches this policy or any other expected levels of conduct.  This includes posts on a personal account with inappropriate privacy settings, posts made outside of working hours, and those posts made not using the Company computers or equipment.  You may also be required to remove content created or shared by you if Reprotec UK considers such posts to be a breach of this policy.  

9. All Reprotec UK rules and policies apply in respect of social media posts. This policy therefore should be read in conjunction with all other policies, in particular your attention is drawn to the Equality, Inclusion and Diversity and Positive Work Environment policies.  

MOBILE PHONES 

WORK MOBILE PHONES 

Reprotec UK may provide you with the necessary items of equipment to aid you in carrying out your working duties.

Where a device has been issued, it is for business use only, and at all times will remain the property of Reprotec UK. 

A device is provided primarily to enable you to do your job.  It is your responsibility therefore to ensure that the device is kept charged and switched on while you are working.

You must ensure that your company mobile is kept within a robust case to protect it from damage. 

If you have been issued with a mobile phone or other device, you are responsible for the safekeeping and condition of the device at all times.  You will be responsible for any cost of repair or replacement other than fair wear and tear.  Reprotec UK will arrange for any repair or replacement.  In the event that the device is lost or stolen Reprotec UK must be notified immediately in order to cancel the number. 

Where you have been issued with a mobile phone or device with internet access, you should where possible connect to a secure and free WI-FI network in order to access the internet. 

You agree that upon termination of your employment should you not return your device, or should your device be returned in an unsatisfactory condition, the cost of replacement or a proportionate amount of this, as decided by Reprotec UK, will be deducted from any final monies owing to you, or you will otherwise reimburse Reprotec UK.

If you have been issued with a work mobile phone:

1.    Use the mobile phone for business purposes only, ensuring that no personal calls are made using the company’s phone.

2.    Use Whatsapp for all photographic messaging.

3.    Use the network provider’s text messaging service for general business texts.

4.    Not take or use the company mobile phone abroad unless on company business. 

5.    Not use the mobile phone Internet for any other reasons other than those related to business use.

6.    Ensure that the mobile phone is maintained in good working order

7.    Ensure the security of the mobile phone.

8.    Report any malfunctions or loss of mobile phone immediately to the Office Manager.  

9.    Ensure that all information and photographs relating to business projects are transferred from the mobile phone and/or from the Cloud to the Photograph folder on the company’s shared drive. 

10.  10.   Ensure that no information relating to Reprotec UK Ltd including photographs are placed on an employee’s personal Cloud space or any other personal storage system. 

11.  On receiving an upgraded mobile phone, transfer all data from the previous mobile to the new mobile; and return the previous mobile phone to the Office Manager within 24 hours of receiving the new phone. 

12.  In the case of an upgrade or leaving the company, restore the mobile phone to its factory settings and switch off ‘Find my phone’ at the end of the mobile phone’s contract before returning the phone to the Office Manager within 24 hours or at an agreed time. 

13.  The above should be read in conjunction with the policies and procedures set out in the Team Handbook. 

MONITORING OF DIGITAL DEVICES

Reprotec UK reserves the right to access and monitor usage of all company owned digital devices, including monitoring internet, telephone and e-mail use.  Reprotec UK also monitors access to its networks via private devices.

Reprotec UK may monitor, intercept or record all communications received or made via Reprotec UK’s telephone system .

If you wish to make a call that cannot be monitored you should discuss this with management.

Monitoring may be conducted by any member of management but will be for work-related purposes only. This makes up part of your contractual terms and conditions.

DATA SECURITY RESPONSIBILITY 

You must take the appropriate steps to guard against unauthorised access to, alteration, accidental loss, disclosure or destruction of data.

Under no circumstances should you divulge your password/s to anyone else nor should you gain access or attempt to gain access to information stored electronically which is beyond the scope of your authorised access level.

You are responsible for any activity which occurs within your accounts. 

NO PERSONAL USE

Personal use of Reprotec UK’s computer and telephone systems to access inappropriate material is not permitted and will result in disciplinary action.

You must not use Reprotec UK internet connections or devices for gambling or to access or download content that is illegal, pornographic, or supports hate and/or discrimination or any inappropriate material of any descriptions.

You must not send communications via Reprotec UK or personal devices that could be deemed to be offensive.

DATA PRIVACY – CAMERAS AND MOBILE PHONES

The use of any device to photograph or film fellow employees, customers, clients, visitors, or any member of the public without their consent may breach an individual’s right to privacy and could in certain circumstances constitute harassment.

USING YOUR OWN PERSONAL MOBILE PHONE RESTRICTIONS

You are to refrain from using your personal mobile phone during working hours.

You are not permitted in any circumstance to use your personal phone for the unauthorized talking, recording, or sharing of images linked to Reprotec UK. 

You must not use a Reprotec UK or personal mobile phone whilst undertaking any task or in places where other colleagues may be holding conversations or where safety is a consideration, or where the use of the phone might interfere with the level of concentration required to undertake the task safely

USING YOUR MOBILE PHONE ON SITE

Operatives must follow the client’s rules of the site you are working on with regards to the use of personal mobile phones.

Where the client bans the carrying or use of any mobile phones i.e. hospitals, petro-chemical plants, specific factories etc, our client will provide secure places to leave phones and other items such as cigarette lighters and e-cigarettes. 

In some instances, no mobile phone can be left in vans that are parked in designated car parking spaces within the client’s premises.  

Failure to comply with any aspect of this procedure may result in a disciplinary action being taken in line with our disciplinary procedure.

MONITORING COMMUNICATIONS

As stated above, Reprotec UK may monitor, intercept or record all communications received or made via Reprotec UK’s telephone system or any other system including e-mail and internet usage.

 If you wish to make a call that cannot be monitored you should discuss this with management.

Monitoring may be conducted by any member of management but will be for work-related purposes only. This makes up part of your contractual terms and conditions.

LINKED POLICIES

·         Cyber Security

·         Data Protection

·        Positive Work Environment

·         IT & Communications - Acceptable Use