MARSTON S PLC EMPLOYEE POLICIES & PROCEDURES GROUP I.T. TELEPHONE AND SOCIAL MEDIA POLICY

Transcription

1 LAST REVISION: November 2016 MARSTON S PLC EMPLOYEE POLICIES & PROCEDURES GROUP I.T. TELEPHONE AND SOCIAL MEDIA POLICY Policy Statement The computer systems, network, internet, intranet, communications software and/or all operating licences (including any updates) and other systems (the System(s) ) owned or operated by Marston s PLC or any group company from time to time (the Company ) are installed and maintained to enable effective and lawful communication within the business. Employees (and other authorised people) are provided access to the Systems to assist them in their jobs and duties. This policy covers all Company employees, officers, consultants, contractors, work experience students, casual or agency workers or anyone who has access to the System ( Users ). This policy outlines the standards Users must observe when using the System, the circumstances in which the Company will monitor your use, and the action the Company will take in respect of breaches of these standards. The Company has a responsibility to ensure all Users are aware of the parameters within which they may use the System, and any hardware provided to them, including (but not limited to) laptops, PC s, mobile phones, 3G cards and other mobile or handheld devices ( Hardware ) and the consequences of misuse. The System and the Hardware are the property of the Company and may only be used for legitimate business purposes authorised by the Company from time to time. Users are only authorised to use the System and have access to information contained on the Systems, which is relevant to their job or appointment and subject to the terms of this policy. All Users have a responsibility to use the Systems in a professional, lawful and ethical manner. Abuse of the System and Hardware or breach of this policy by any User may result in disciplinary action, including possible termination, and civil and/or criminal liability. The use of the Systems and all communications made by Users (whether by , telephone, text message, through social media or otherwise) is monitored by the Company. This monitoring is performed in order to ensure the integrity of the System, compliance with all Company policies and procedures and other legitimate business reasons, as well as compliance with the Company s legal obligations. This document also sets out the Company s policy on employees or workers use of social media where that use may affect the business and reputation of the Company, its officers, employees, pubs/premises, brands, customers or suppliers. In such circumstances, the Company has a legitimate business interest to monitor the use of social media utilising the System and/or may occasionally monitor the use of social media (that is in the public domain) outside work where such use may materially conflict with the Company s policies and procedures (in particular but not limited to the Company s Equal Opportunities Policy, or other similar policies or guidelines relating to antiharassment or bullying from time to time) or may prejudice or negatively affect the Company s reputation or business interests. Page 1 of 10

2 1. STAFF/USERS STARTERS, LEAVERS AND TRANSFERS 1.1. All Hardware for new starters to the Company must be ordered through the IT Department who will purchase and configure the Hardware equipment for the User in accordance with the Company s policies and procedures. Details of the Hardware will be entered onto the Company s asset register and appropriate security privileges will be granted The IT Department must be informed of all User relocations or department moves. The relevant changes will be added to the asset register and changes to the User s security profile will be made. The IT Department will arrange the installation of equipment, Hardware or relevant Systems if required All leavers must return all Hardware to the IT Department on or before their last day with the Company, unless expressly agreed otherwise in writing with the Company. Once in receipt of the Hardware, the IT Department will amend the asset register. In addition the User shall upon the same date disclose to the Company all known computer access codes relating to the Systems or the Company s business (including any part of the Company s group from time to time). 2. IT HARDWARE/EQUIPMENT & SOFTWARE 2.1. All Hardware is loaned to the User, but remains the property of the Company. It is the User s responsibility to take good care of it Users should take great care in handling and storing the Hardware provided to them. Wherever possible, Hardware should not be left unattended (such as inside a vehicle) and at no time whatsoever should Hardware be left on view inside a vehicle Care should always be taken not to drop, or throw Hardware, particularly into cupboards or car boots, when transporting from one location to another. All Hardware is loaned to Users by the Company, solely in order for them to perform their roles satisfactorily Any misuse of any Hardware will be investigated thoroughly and may be subject to the Company s disciplinary procedure Users are given Hardware to assist them in the performance of their duties. Users should have no expectation of privacy in anything they create, store, send or receive using the Company s Hardware or Systems, and the Company will from time to time monitor a User s use of the Hardware to ensure compliance with this policy and the Company s other policies and procedures. Software Installation, including Freeware and Public Domain Software 2.6. All Systems may only be installed by, or under the direction of, the IT Department or its agents. Under no circumstances should a User install anything on to the System without prior express authorisation (including Freeware or Public Domain Software) In particular, Users should not be using external cloud storage like Dropbox unless it is expressly authorised by the IT Department. Software Compliance & Documentation 2.8. The IT Department maintains original and/or electronic copies of licences for all Systems used on Company premises/hardware. These will be referred to for comparison purposes when running audits from time to time. Automated daily audit checks are run on all relevant Hardware to ensure that authorised software is being used. Periodic manual checks and audits may be conducted from time to time, with or without the knowledge of the User. Page 2 of 10

3 Acquisition and Delivery 2.9. All Hardware and related equipment and software must be purchased or obtained through the IT Department. No User may purchase such items for use on Company business or in relation to the System by any other means such as credit cards, expense accounts or petty cash without the IT Department s express permission If the Hardware or software required by the User is not currently available then a new item or licence/copy may be purchased at the IT Department s discretion. The relevant Hardware and/or software and any accompanying licence will be added to the Asset Register against the specific User and/or department. The relevant Hardware will be configured for use on the System and any software will be loaded on both the Users workstation and the Company s audit/tracking system by a member of the IT Department. If necessary, training will be provided for the User All newly purchased Hardware and/or software should be delivered to the IT Department so that licences can be checked and Asset Registers updated. If, by prior arrangement with the IT Department, new Hardware and/or software is delivered to the User/department directly, all licence documentation and media must be forwarded on to the IT department after installation. Disposal The disposal of all Hardware must only be carried out by, or under the direction of, the IT Department or its agents Once Hardware is deemed ready for disposal by the IT Department, (subject to the necessary licence conditions) all software will be removed by the IT Department and may be stored for re-use All data will be permanently and securely removed from the Hardware and the asset register will be updated. No user has any right to any data or software stored on any Hardware or contained within the Company s Systems. Any personal data will be dealt with in accordance with the Data Protection Policy. If appropriate, the certificate of disposal/destruction will be held on file. Lost or Stolen Hardware/Equipment Should any Hardware or other Company property in your possession be lost or stolen, Users must inform the IT department immediately. If the Hardware lost or stolen contains any personal data (see below) you should also refer to the Company s Incident Response Plan. If you are unsure where to find this, contact the IT Service Desk for help. Domain names Any domain names required for Company business must be purchased by, or obtained through, the IT Department. No User may purchase any domain names for use by the Company by any other means such as credit cards, expense accounts or petty cash without the IT Department s express permission All such domain names must be purchased and registered in the Company s name, not in the personal name of the User. Any domain names incorrectly registered in a User s name shall be held on trust for the Company and you agree at any time to enter into any documentation reasonably required by the Company to re-register the domain name in the name of the Company. Page 3 of 10

4 3. FAIR USE RULES - IMPORTANT 3.1. This section applies to all forms of electronic communications, including but not limited to , instant messages, texts and posts on messages boards or social media, internet use and use of company-provided telephone or mobile phones. Users should read this in conjunction with the rules on personal use of , mobile phones, the Internet and Social Media (below) You must not send s or post messages or other content which could be considered abusive, obscene, discriminatory, racist, harassing, derogatory, defamatory, or otherwise inappropriate, or disparaging about, or harmful to, the Company s brands, officers, employees, pubs/premises, brands, customers, suppliers or other assets and/or other electronic messages may be disclosed in legal proceedings. All such messages are potentially retrievable (whether deleted or not) either from the main server or using specialist software Examples of inappropriate use of the Hardware or the System include (but are not limited to): a) Sending or forwarding private s, texts, messages or posts at work which you would not want a third party to read; b) Creating or forwarding chain mail, junk mail, cartoons, jokes or gossip; c) Harassment or nuisance, whether through language, frequency or size of messages or posts; d) Downloading files or software without ensuring protection against viruses; e) Downloading, transmitting or distributing copyright information without the authority of the copyright owner; f) Entering into contractual commitments or making representations by /phone unless appropriate authority has been obtained. A name typed at the end of an is a signature in the same way as a name written at the end of a letter; g) Sending messages from another person's address or mobile phone (unless authorised); h) Making any false and/or defamatory statement about any person or organisation; or i) Making any comments likely to damage or prejudice (in the reasonable opinion of the Company) the reputation of the Company or any of its officers, employees, pubs/premises, brands, customers or suppliers Anyone who feels that they have been harassed or bullied, or are offended by material received from a colleague via or posted on social media should inform their line manager or the Human Resources Department You should take care with the content of messages, or other forms of electronic communication, as incorrect or improper statements could give rise to claims against you or the Company Remember that you have no control over where your or other content may be forwarded by the recipient. Avoid saying anything which would cause offence or embarrassment if it was forwarded to colleagues or third parties, or found its way into the public domain If you receive an in error you should inform the sender and not act on any content which is not meant for you Any serious breach of the Fair Use Rules may be considered to amount to gross misconduct, which may lead to dismissal in accordance with the Company s Disciplinary Procedure. Page 4 of 10

5 Monitoring The Company reserves the right to monitor, retrieve, read and disclose the contents of all electronic messages (including but not limited to , text messages, telephone communications or other electronic content posted by Users using the Company s Systems) for the purpose of audit and investigating compliance with this and other Company polices, other legitimate business purposes of the Company and to comply with any legal obligations If you receive an or other form of electronic communication that looks suspicious, you should report it to the IT Department and then on their instruction (subject to their need to investigate) delete it immediately without opening it. If you have opened it and there is a link, do not click on this in any circumstances. If it is legitimate, the sender will contact you again by another means. If you have clicked on the link or opened an attachment that appears suspicious, please report this to the IT Service Desk All use should comply with the Fair Use Rules Although is a vital business tool, you should always consider if it is the appropriate method for a particular communication. Correspondence with third parties by should be written as professionally as a letter You must only use your Company address to conduct business on the Company s behalf. In particular you must NOT send personal data or commercially sensitive data by to your personal address (or to any other address without it being encrypted). Please see the Data Protection Policy for further information. 5. INTERNET 5.1. All use of the Internet on the System should comply with the Fair Use Rules Our Systems permit access to the internet. The Company determines which individuals can access the internet based on the overriding principle that such access is intended to enhance the effectiveness of the Company on matters relating to the Company s business. Internet access should therefore be used for that purpose Users should be aware that when the Internet is used, footprints are left enabling the Company to trace pages that have been accessed. Routine checks and monitoring of Internet use are carried out to ensure that Internet access is not misused If the System will not permit access to a website to which you are trying to navigate, there is usually a good reason this. You should not try to bypass the controls, but instead speak to the IT Department. Personal use of Internet 5.5. If you have access to the Company s internet you may occasionally use the internet for personal use provided that it does not interfere with the performance of your duties and provided that such use complies with this policy at all times. Personal use should be kept to a minimum and where possible, such use should be limited to your lunch break or outside normal working hours. Excessive personal use may, depending on the circumstances, constitute misconduct, which may be subject to disciplinary action Access, viewing, downloading and re-distribution of inappropriate, and/or offensive and/or illegal and/or pornographic material is strictly forbidden. As a general rule, if any person (whether intended to view the page or not) might be offended by the contents of a webpage, or if it might be a source of embarrassment if made public, then viewing it will be a breach of this policy. The following list, which is not intended to be exhaustive, may be considered to be gross misconduct and may lead to your summary dismissal: Page 5 of 10

6 a) Serious failure to comply with the Fair Use Rules; b) Viewing, downloading or circulation of inappropriate, offensive, pornographic or illegal material, or other content deemed unacceptable by the Company (you should be aware that if the material involves child pornography you not only commit gross misconduct but also a criminal offence and the Company will report the matter to the police); c) Engaging in online gambling; d) Downloading, transmitting or distributing information in breach of copyright; and e) Downloading, transmitting or distributing confidential information about the Company or any of the Company s Directors, employees, clients, or suppliers. Social media 5.7. The Company recognises that many Users participate in social networking on websites such as Facebook or Twitter, or message boards and chat rooms and any other social media platforms. Social media has a place in a social business like Marston s and occasional personal use of social media on the Company s Systems is therefore permitted, but Users must comply with the Fair Use Rules outlined above Additionally, Users must not disclose Company secrets, breach copyright, or disclose personal data or information about any individual that could breach the Data Protection Act 1998 ( DPA ). Please refer to the Company s Data Protection Policy and the below section on Data Protection. Users should not engage in any inappropriate communications with others via social networking sites or message boards (even outside working hours), which could amount to discrimination under the Company's Equal Opportunities Policy or which could amount to any other form of bullying or harassment or which may be harmful to the Company, its brands, employees or other assets. The Fair Use Rules also apply to private use of social media outside of work in certain circumstances if such use is contrary to the Company s policies and procedures, or if it amounts to discrimination, harassment, breach of Company confidence or likely to damage or otherwise negatively affect the reputation of the Company or its business, employees, officers, pubs/premises, brands, customers or suppliers If Users choose to write about their work even without identifying the precise Company it may still be possible for people to work out the employer's identity. Users should therefore be conscious of their duty to act in good faith and in the best interests of their employer under English law The use of social media by employees and workers (both in work time and, if necessary outside work time) may be monitored by the Company from time to time to ensure compliance with this policy and the Fair Use Rules, as well as ensuring that behaviours do not conflict with the Equal Opportunities Policies and/or to ensure that the reputation of the Company and its business is not prejudiced or potentially brought into disrepute. 6. SECURITY AND INTEGRITY OF COMPANY SYSTEMS 6.1. Files or attachments obtained from sources outside the Company, including data brought from home, files downloaded from the Internet, files attached to and files provided by customers may contain dangerous computer viruses that can be extremely destructive to the Company s Systems If you suspect that a virus has been introduced into the Company s Systems, notify a member of the IT Department immediately Unauthorised access, or hacking, is an offence under the Computer Misuse Act If any User believes they have access to unauthorised systems, software or data this should be reported to the IT Department immediately. Under no circumstances should any User attempt to gain unauthorised access to systems, software or data owned or operated by another organisation using equipment, systems or software provided by the Company. Page 6 of 10

7 7. PASSWORD POLICY 7.1. All Users given access to the Systems are responsible for data security and must behave in a responsible manner that does not allow access by an unauthorised person. The following should be adhered to: 7.2. The Company password policy stipulates that a User s domain password should consist of a minimum 8 characters and include at least 2 of the following character sets: (1) Upper case characters, (2) Numeric values; (3) Special characters The System will not allow a User to change their domain password unless it complies with the Marston s password policy All standard User domain passwords will expire every 30 days and must be changed prior to this by the user to avoid access issues. Users should also be aware that if a password reset is attempted using a password that has already been used within a 24 month period, the password will be declined by the domain server If a User requires a password reset, they should contact the IT Service Desk. The User may be required to answer some security questions for user verification purposes Users should keep passwords confidential at all times and not write them down or allow anyone else to use them If you move away from your monitor for any length of time, you should ensure that you lock your device. All devices should always have the auto-lock activated after a maximum of 5 minutes inactivity The Company reserves the right to change its password policy at any time. 8. DATA PROTECTION 8.1. When Users use the System or Hardware for processing (meaning any action including but not limited to accessing, viewing, disclosing, deleting, inputting, printing or blocking) personal data (including employee and customer data), the User must adhere to the Company s Data Protection Policy Users are not allowed to load or store any personal data or confidential data onto any portable or removable devices, memory sticks or similar, other than as may be expressly approved by the IT Department Any personal data or confidential data (see below) transmitted by , must be encrypted. If you are unsure how to do this, please contact the IT Department There are strict company guidelines when it comes to sharing any personal data with third parties. Please refer to the Data Protection Policy If you need any advice or assistance, or are unsure of your responsibilities, regarding personal data, please refer to the Company s Data Protection Policy or contact the IT Department. 9. CONFIDENTIAL DATA 9.1. Confidential company data must always be stored on a Company network drive protected with appropriate security privileges. It must never be stored on a local computer drive (e.g. My Documents), portable drive, memory stick or copied to CD/DVD Confidential company data must never be shared with an external organisation without the prior approval of a relevant Divisional Director. The IT department must be informed and the most appropriate method of transmission will be identified Confidential company data means information of a confidential nature belonging to the Company or any employee, officer, customer or supplier obtained by the User and includes, without limitation: data, documents, letters, s, reports, drawings, photographs, specifications, software, programs, and any other material bearing or incorporating any information and/or the Company s know-how, business affairs, strategies, processes, recipes, customer lists or data, pricing, sales and marketing plans, account details and any other financial information disclosed; in every case Page 7 of 10

8 whether in writing, electronically, orally or by any other means, and whether stated to be confidential or not. 10. BACK UP & MAINTENANCE All centrally stored Company data is backed up every 24 hours. Any data stored on the local drives of desktop or laptop computers is backed up automatically onto a secure network area whenever the machine is on the Company network. Users are allocated space on central servers for the storage of data and must use this facility to ensure that their data is secure. 11. DISASTER RECOVERY The IT Department is responsible for regularly reviewing their ability to recover or re-supply the Company, within the timeframe required, with the Company Systems (or relevant part thereof) that will be needed to effect recovery of the business in the event of a major disaster. 12. MOBILE PHONE SERVICES The following should, if adhered to, provide Users and the company with sensible, effective and protected mobile phone services Use of Company-provided mobile phones must adhere to the Fair Use Rules (above) The Company will provide eligible Users with a mobile phone and if necessary, hands free car kit of a type suited to the requirements of the individual role from a range of handsets available at the time (subject to availability, technical requirements and limitations of the network) To control costs, mobile and data ( s) roaming outside the UK is disabled. If an employee needs to use a Company-provided phone while abroad under any circumstances then they should first obtain permission from their line manager and then provide the IT Department with at least one weeks notice to obtain the roaming service before it is required The Company reviews call and text charges on a monthly basis. In the event that the Company-provided mobile phone has been used inappropriately, the User may without prejudice to any other potential disciplinary action that might be taken, be asked to refund the charges through the expenses system or whatever other mechanism is appropriate at the time If you are unable to use your mobile to make a call, please contact the IT Department Because of cost and potential conflict with existing applications (Apps) we do not allow a User to download, update or store any applications on the mobile without the agreement of both their line manager and the IT Department All mobile phones provided by the Company must be protected by locking them with a personal pin number as soon as the phone is issued. New generation mobile phones provide access to as a standard feature and store data from and attachments on the phone. The phone therefore contains usernames and passwords which give access to our head office network and there are additional liabilities under the DPA that Users must be mindful of (please refer to the Data Protection Policy for further information) If your Company-provided phone is lost or stolen out of office hours, please call EE on from any landline and ask for an immediate and full bar For security reasons, we reserve the right to remove all company data from the Company-provided mobile phone and any attached peripherals, terminate the number, and cease any and/or additional services and impose bars and restrictions as required The User should not back up personal data such as personal photographs, music, Podcasts and video from their phone to the System. The IT Department will need to delete and remove any such files from the network and the Company will not be liable for any loss, re-instatement or otherwise. Page 8 of 10

9 Company phones should be properly looked after as outlined above. The cost of a replacement phone will be allocated to your department. If the phone is lost or damaged due to negligence, the employee may be asked to cover the cost of replacement. If the employee leaves the business, the phone, its charger and all other associated accessories must be returned. Failure to do so may incur an appropriate replacement charge If you leave the Country on Company business and you wish to set up International Roaming on your mobile, please obtain your line manager s approval for this facility in the form of an to the IT Department who will then activate this for the time you are out of the Country. Please note that this is not a facility that can be used for personal Holidays Upgrades will be automatically deployed as and when necessary and you will be contacted should this need arise Never use your Company-provided mobile phone whilst driving a vehicle unless using hands-free kit and in accordance with the Driver Safety booklet (copies available from the Corporate Risk Department). Even in these circumstances, use of mobile phones whilst driving should be limited and must be used only when it is safe to do so Free, dedicated technical assistance is available 24/7 from EE and if you do experience any difficulties using your Company-provided mobile, they should be contacted via your mobile on CONSEQUENCES OF BREACHES OF THIS POLICY Misuse or excessive personal use of our Systems or Hardware, telephone or system or inappropriate internet use or social media postings that do not comply with this policy will be dealt with under the Company s disciplinary procedure. Misuse of the internet or inappropriate comments on social media can in some circumstances be a criminal offence. Serious breaches of this policy shall may result in summary dismissal for gross misconduct Where evidence of misuse is found the Company may undertake a more detailed investigation, involving the examination and disclosure of monitoring records to those nominated to undertake the investigation. In addition, further monitoring of a User s use of the System or Hardware may be undertaken as part of such investigation. If necessary such information may be handed to the police in connection with a criminal investigation. 14. GETTING HELP The IT helpdesk is available 24/7 and the telephone number is x1500 0r or any other telephone number provided to you by the business from time to time Normal working hours are 08:00 17:00. During this time it is available by our internal IT Department. Between 17:00 08:00, the service is transferred to our out of hour s service which is an external resource. This is a limited service, but internal IT staff are on call for emergencies If you are having problems with any Hardware, please ensure you call the IT Helpdesk to arrange a mutually convenient date and time for help. 15. EMPLOYEE ASSISTANCE PROGRAMME (EAP) OPTUM is an employee assistance programme available to all employees. It is a free confidential service where you can seek expert advice and guidance, invaluable information, specialist counselling and support. This is available 24 hours a day, 7 days a week, online or on the phone all completely confidentially. Page 9 of 10

10 The contact details for the EAP are as follows: User name Marstons Password Brewery Telephone number OTHER POLICIES PLEASE KEEP THIS POLICY FOR YOUR RECORDS. This Policy should also be read in conjunction with the following other Company policies:- 17. FUTURE AMENDMENTS Equal Opportunities Data Protection Disciplinary Procedure Grievance Procedure Company Car & Car Allowance Whistleblowing The Company reserves the right to amend this policy when the needs of the business or statutory requirements necessitate such action. Where collective bargaining arrangements exist the Company will consult the elected Employee Representatives prior to implementing such changes. Page 10 of 10