In this document, we use the term “Company,” which is identical to the firm or entity that owns the company or project, and which, via their website, has directed you here through an internet link.
By using the aforementioned website that has brought you to this platform, you hereby confirm that you have seen the link, visited this site, read through this content, and accepted its terms.
Company IT Policy
Introduction
This comprehensive IT policy has been established to provide clear and detailed guidelines, responsibilities, and best practices for the use of the company’s information technology (IT) resources. The primary objective of this policy is to ensure compliance with applicable data protection laws, safeguard company assets, and foster a secure and efficient digital working environment. This policy applies to all employees, contractors, and third-party users who interact with the company’s systems, networks, and data, regardless of their location or the device they are using. By adhering to this policy, all users contribute to the protection of sensitive information and the maintenance of the company’s reputation.
In addition to traditional IT security measures, this policy also addresses the growing role of artificial intelligence (AI) in the workplace. The use of AI technologies must align with the company’s ethical standards, data protection regulations, and operational requirements. Furthermore, this policy has been designed to comply with the European Union’s General Data Protection Regulation (GDPR) and other relevant EU data laws, ensuring that the company meets its legal obligations and maintains the highest standards of data privacy and security.
Access Control and Data Security
Access to company data is strictly controlled to maintain the highest levels of security and prevent unauthorised access or misuse. Employees are granted access to data and systems based on their specific job requirements, and any attempt to access data beyond their assigned permissions is strictly prohibited. To ensure robust protection, secure authentication methods, such as strong passwords and multi-factor authentication (MFA), must be used at all times. The company reserves the right to monitor and audit all data access and usage to ensure compliance with established security protocols. Any breach of access control measures will be thoroughly investigated and may result in disciplinary action, up to and including termination of employment, as well as potential legal consequences.
Physical security measures are equally important in safeguarding company data. Devices containing sensitive information, such as laptops, mobile phones, and external storage devices, must not be left unattended in public or unsecured areas. Employees are required to lock their screens whenever they step away from their workstations, even for short periods. Remote access to company systems is only permitted through approved virtual private networks (VPNs) or other secure connections to minimise the risk of data breaches or leaks. Employees must also ensure that their home workspaces, if used for remote work, are secure and free from potential vulnerabilities.
Data Ownership and Responsibility
All company data, including but not limited to customer information, business records, employee details, and operational data, is the exclusive property of the company. Employees, contractors, and any other authorised users must acknowledge that any data created, stored, transmitted, or processed using company devices, systems, or networks remains under the sole ownership of the company. This includes all data accessed or stored on company-provided laptops, mobile phones, servers, and cloud-based platforms. The company reserves the right to access, monitor, and review all data at any time to ensure compliance with internal policies and legal requirements.
Data should not be stored on personal cloud services or external storage devices unless explicit authorisation has been granted by the IT department. Any attempt to remove, alter, or share company data without proper permission is considered a serious violation of this policy and may result in disciplinary action, including termination of employment, as well as potential legal consequences. Employees are reminded that they have a responsibility to protect company data at all times and to report any suspicious activity or potential security breaches to the IT department immediately.
Data Protection and Backup Procedures
To comply with data protection laws, including the GDPR, and to uphold the company’s security policies, regular data backups are mandatory. The company conducts security backups at the end of each working day to ensure that all essential data is safely stored and recoverable in the event of data loss, corruption, or a security breach. Employees are required to ensure that all company-provided devices, including laptops and mobile phones, are regularly updated with the latest security patches and software updates to mitigate the risk of cyber threats.
In the event of data loss or a suspected breach, employees must report the incident to the IT department without delay. The IT team will then initiate appropriate recovery measures and investigate the cause of the incident to prevent future occurrences. Employees are also encouraged to familiarise themselves with the company’s data protection guidelines and to take proactive steps to safeguard sensitive information, such as encrypting files and using secure communication channels.
Shop Stewards and Union Communication
When a shop steward is appointed, they are required to use the designated union email address for all official union-related communication. This ensures that such communications remain confidential and comply with data protection regulations, including the GDPR. The use of personal or company-provided email addresses for union matters is strictly prohibited to maintain the integrity and security of union-related discussions. While the company respects the confidentiality of union communications, it retains the right to ensure that all IT security policies are upheld and that the use of company resources aligns with established guidelines.
Use of Company-Provided IT Equipment
Company-provided IT equipment, including laptops, mobile phones, and other devices, is strictly for work-related purposes. Personal use of these devices is not permitted unless explicit authorisation has been granted by the IT department or a senior manager. Any misuse of company IT equipment, such as the installation of unauthorised software, the storage of personal files, or any activity that violates security policies, may result in disciplinary action. At the end of an employee’s tenure with the company, all company-provided devices must be returned, and any company-related data stored on personal devices must be securely removed. A final security backup of the employee’s data will be created on their last working day to ensure data integrity and compliance with company policies.
Use of Personal Devices for Work
Employees who use personal devices for work-related activities must ensure that company data is stored and handled securely. All company-related files, emails, and communications conducted on personal devices are considered the property of the company, and employees must adhere to the same security protocols as when using company-provided equipment. This includes the use of encrypted storage, secure access methods, and regular backups. Failure to comply with these security measures may result in restrictions on the use of personal devices for work-related activities or other disciplinary actions.
Plan B – Contingency Measures
The company has established a comprehensive contingency plan to address major disruptions, such as cyberattacks, IT failures, or unexpected external restrictions on communication platforms. This plan includes the maintenance of alternative communication channels, secure backup systems, and emergency IT response protocols to ensure uninterrupted operations. Employees are expected to familiarise themselves with these contingency measures and be prepared to adapt to changes in communication methods or IT infrastructure as directed by the IT department. In the event of a significant disruption, the company will communicate promptly with all employees to provide guidance and ensure that workflow efficiency and data security are maintained.
Artificial Intelligence (AI) and Data Compliance
As the use of artificial intelligence (AI) becomes increasingly prevalent in the workplace, the company is committed to ensuring that AI technologies are used responsibly and in compliance with applicable laws, including the GDPR. Employees who utilise AI tools or platforms must ensure that such use aligns with the company’s ethical standards and data protection policies. Any AI-driven processes that involve the collection, processing, or analysis of personal data must be reviewed and approved by the IT department to ensure compliance with EU data laws. Employees are also required to report any concerns or incidents related to the use of AI to the IT department for further investigation.
This IT policy is a vital component of the company’s commitment to maintaining a secure, efficient, and compliant working environment. By adhering to the guidelines outlined in this document, employees, contractors, and third-party users play a crucial role in protecting company assets and ensuring the integrity of sensitive information. The company reserves the right to update this policy as necessary to reflect changes in technology, legal requirements, or operational needs. All users are expected to stay informed about any updates and to comply with the policy at all times. Failure to adhere to this policy may result in disciplinary action, including termination of employment, as well as potential legal consequences.