IT Policy
Vale Mill (Rochdale) Limited
Robinson Street
Rochdale
OL16 1TA
Information Security Policy and Guidelines
Computers and output reports can expose their users and the company to security risks. This document sets out your obligations to protect both yours and the company’s interests.
It is therefore important that you read and understand this document fully. If you have any queries, require advice relating to this document or Information Security in general, please call the IT Department.
Additional copies of this Information Security Policy are available from the IT Department.
YOU are responsible for Information Security
Security is not “someone else’s problem”. Throughout VALE MILL (ROCHDALE) LIMITED, each person is responsible for the computer they use, the data held within it, output reports and the observance of security procedures.
Computer hardware, software and the communications system are the property of the company and may only be used for business purposes.
Control Access to Information in Your Computer
If people can access your computer then they can access the information on your system and if they know your login password they can access all of your network information as well.
Individual passwords protect sensitive information
Ø Do not write passwords down
Ø Change all your passwords on a regular basis
Ø Change standard passwords (often provided when you receive new hardware or software) immediately after receipt
Ø Ensure your password is at least 6 characters of mixed letters and numbers
Ø Give passwords for web sites in a sealed envelope to the IT Department (this is required should you be sick etc)
Ø Do Not leave PC’s logged on and unattended.
Software Piracy is a Breach of Company Policy
When software is purchased it is supplied with a licence to use it. Unless stated otherwise this licence gives permission for installation on one computer. If the licence agreement is broken the user and the company are liable to prosecution, which has been known to cause a company to have to close down.
Ø Do not copy software
Ø All software licences, CDs and diskettes are to be passed to the IT department.
Backups of Your Information
A backup is a secure copy of your data/information. Any information saved to either the PUBLIC (Y-drive) or PRIVATE (Z-drive) will be backed up overnight by the IT Department. Any information stored anywhere else will not be backed up and is your responsibility. All E-mails are also backed up on a daily/weekly basis.
Guard Against Viruses in Software
Attacks by computer viruses are a real threat. Viruses are computer programs written to destroy or interfere with your data/information. There are now thousands of viruses – several have caused serious loss to companies. They are normally introduced either by staff or via e-mail. They then spread.
To help combat against viruses, Antivirus Software has been installed throughout the company. However, to fully protect the company please note that:
Ø All software MUST be purchased through the IT department.
Ø Computers that may have been exposed to contamination (e.g. used by suppliers for demonstrations or have been off-site) should be virus checked before further use
Ø If you do company work on your home PC, request that Antivirus Software is installed
Ø Beware of “free” software as these are the source of a large number of viruses
If your computer behaves oddly, gives unexpected messages or a curious display etc; contact the IT Department as soon as possible. Do not try to go on using it, especially if it is networked.
Data Protection
The storage and handling of all data is everyone’s responsibility.
- All data must be kept secure at all times.
- Computers must be locked if left unattended.
- It is your responsibility to ensure your passwords are kept secure.
- Never share your passwords with colleagues.
- Data on laptops and portable devices must be kept to a minimum.
- Filing cabinets should be locked and only accessible to relevant authorised personnel.
- Confidential material must not be left unattended on desks.
- Documents should be removed promptly from fax machines, printers and photocopiers.
Confidential data must be kept up to date.
Confidential data should only be held for as long as it is required and for the reason it was collected.
The sending of any confidential information should be done in a secure manner.
When disposing of confidential information it must be done securely.
When away from the office….
- Keep confidential information that is stored on portable devices or memory sticks etc. secure at all times.
- Do not leave documents or devices unattended.
- Ensure your device screen cannot be seen by any unauthorised person.
- Avoid discussing confidential matters where unauthorised persons may hear.
Security breaches (such as the loss of any electronic equipment, folders, documentation, etc) should be reported to the appropriate person immediately.
Electronic documents, calendar entries and meeting requests should be password protected where appropriate.
Internet e-Mail, World Wide Web (WWW) and Internal e-Mail
As the Internet becomes more widely available and used, VALE MILL (ROCHDALE) LIMITED needs to ensure that this facility is not being abused in any way. It can be, if used properly, of great commercial benefit, and an easy way to communicate outside of the Company.
To protect VALE MILL (ROCHDALE) LIMITED, a strict policy has been chosen. (Computer hardware, software and the communications systems are the property of the company and may only be used for business purposes).*
The Company has the right of access to all E-Mail messages, which may be read at any time by Security staff and all WWW sites accessed are monitored 24hr x 365 days. This is part of an ongoing process to ensure security levels are maintained.
You Must Not
x Use the system for any unauthorised purpose
x Send any personal or non-business related messages *
x Use the system for sending junk or nuisance messages
x Send any obscene or profane messages – outgoing and incoming messages are electronically monitored, those with inappropriate text or material will be rejected
x Send any messages which may be derogatory or defamatory about any person, firm or company
x Send any messages with any trademark or logo being the property of any person, firm or company other than a company within the VALE MILL (ROCHDALE) LIMITED group
x Use the WWW for non-business related purposes
x Download files from any internet or FTP sites
x Abuse or misuse your access rights
x Overburden people with unwanted or irrelevant E-Mails
x Use E-Mails to send information which needs to be especially protected or secured
* Some personal use may be authorised by your manager.
Laptop Security
Laptops are an easy target for thieves. They are used for their mobility and convenience, so are an obvious choice for someone wishing to steal a PC.
Ø Do not leave laptops (or any PC) in your car overnight
Ø When you are forced to leave your laptop in your car (e.g. when out on business) ensure that it is locked in the boot
Ø Always leave your laptop in a safe place secured by a security cable to an appropriate solid object e.g. to a radiator pipe
Ø Do not leave the cable key anywhere near the laptop or cable
Compliancy
Compliance reduces risk. Your co-operation helps to ensure that VALE MILL (ROCHDALE) LIMITED is not exposed to unreasonable risk.
Non-compliance can threaten the security of company information, hardware and software, and jeopardise the company’s standing and reputation.
To ensure that all the above topics are adhered to, your PC might be subject to an audit at any time.
Information Security Policy Top Ten
No set of procedures can completely protect you against the various threats to the information in or accessible from your computer. By adhering to the rules set out below and with your own diligence you will reduce the risk without inconvenience.
Information Security is your responsibility. Here are some key points to assist you in complying with the VALE MILL (ROCHDALE) LIMITED Information Security Policy: -
ü Change all your passwords on a regular basis
ü Backup data regularly
ü Virus check all diskettes/CD’s prior to use
ü Ensure that your PC is switched off at end of shift
ü Ensure that all software is purchased and installed by the IT department
û Do not copy software
û Never try to reconfigure your PC except under direct Help Desk guidance
û Do not “share” your passwords with other personnel
û Do not play games
û Do not access or interfere with computer systems to which you are not authorised