EDINBURGH INTERNATIONAL FILM FESTIVAL LIMITED (the “Charity”)
A Charity Registered in Scotland – SC053218
About This Policy
Our IT and communications systems are intended to promote effective communication and working practices. This policy outlines the standards you must observe when using these systems, when we will monitor their use, and the action we will take if you breach these standards.
Equipment, Security & Passwords
You are responsible for the security of the equipment allocated to or used by you, and you must not allow it to be used by anyone other than in accordance with this policy. You should use passwords on all IT equipment. New employees will be allocated passwords for the systems, these should be personalised upon first log-in. You should keep your passwords confidential and change them regularly. Passwords are required to comply with the following requirements:
At least 1 capital letter
At least 1 number
At least 8 characters long
You are required to set a password to log on to your computer(s)
You must only log on to our systems using your own username and password. You must not use another person’s username and password or allow anyone else to log on using your username and password unless as needed by Lee Hair IT Support in direct fulfilment of fault finding and troubleshooting duties.
If you are away from your desk you should log out or lock your computer. You must log out and shut down your computer at the end of each working day because this will ensure that all data will be saved can be backed up. Applications left open can interfere with backups.
It is your responsibility to take due care of equipment. You must ensure that you route cables to avoid tripping hazards, if necessary requesting help from the IT department. Take care with liquids around electrical equipment. Laptops and portable equipment including mobile phones are not to be left unattended or visible in cars. Laptops should not be taken offsite unless absolutely necessary, when offsite, these should be safely stored at all times.
You must inform your manager immediately if you know or suspect that a portable device has been lost or stolen. Not informing EIFF about a known or suspected loss of equipment is deemed a risk to data security.
Systems and data security
You should not delete, destroy or modify existing systems, programs, information or data (except as authorised in the proper performance of your duties). You must not download or install software from external sources without authorisation from Lee Hair IT Support. Downloading unauthorised software may interfere with our systems and may introduce viruses or malware.
Access to company systems is only approved through prescribed company devices and is not permitted from any personal devices. Such unauthorised access is deemed a risk to data security.
You must not attach any device or equipment including mobile phones, tablet computers or USB storage devices to our systems without prior authorisation from Lee Hair IT Support. You must not allow third parties to attach any such equipment without the prior permission of Lee Hair IT Support.
We monitor all emails passing through our system for viruses. You should exercise particular caution when opening unsolicited e-mails or emails from unknown sources.
If an email looks suspicious do not reply to it, do not open any attachments and do not click any links in it.
Inform Lee Hair, either in person or by telephone, if you suspect your computer may have a virus. If you suspect or are aware of a virus do not send emails from that system until it has been checked or approved by Lee Hair IT Support.
Not informing Lee Hair IT Support about a known or suspected virus or malware issue is deemed a risk to data security.
Be aware that the email system and the emails within it are the property of the company and not the individual.
Adopt a professional tone and observe appropriate etiquette when communicating with third parties by email. Remember that emails can be used in legal proceedings and that even deleted emails may remain on the system and be capable of being retrieved.
Any email which is deemed to contain sensitive client data must be deleted once it has been used for the purpose in which it was sent/received.
You must not send abusive, obscene, discriminatory, racist, harassing, derogatory, defamatory, pornographic or otherwise inappropriate emails.
You should not:
- send or forward private emails at work which you would not want a third party to read;
- send or forward chain mail, junk mail, cartoons, jokes or gossip;
- contribute to system congestion by sending trivial messages or unnecessarily copying or forwarding emails to others who do not have a real need to receive them; or
- send messages from another person’s email address (unless authorised) or under an assumed name.
- Do not use your own personal email account to send or receive email for the purposes of our business. Only use the e-mail account we have provided for you.
Using the Internet
Internet access is provided primarily for business purposes.
You should not access any web page or download any image or other file from the internet which could be regarded as illegal, offensive, in bad taste or immoral. Even web content that is legal in the UK may be in sufficient bad taste to fall within this prohibition. As a general rule, if any person (whether intended to view the page or not) might be offended by the contents of a page, or if the fact that our software has accessed the page or file might be a source of embarrassment if made public, then viewing it will be a breach of this policy.
We may block or restrict access to some websites, content, internet-based systems or services at our discretion.
All Peer to Peer sharing sites, such as Bit-torrent et al, are explicitly forbidden
Security & Compliance Audits
Periodic audits will be conducted to ensure compliance with this policy. All equipment must be made available for this purpose.
Personal Use of Our Systems
We permit the incidental use of our systems to send personal email, browse the internet and make personal telephone calls subject to certain conditions. Personal use is a privilege and not a right. It must not be overused or abused. We may withdraw permission for it at any time or restrict access at our discretion.
Personal use must meet the following conditions:
- it must be minimal and take place substantially outside of normal working hours (that is, during your lunch break, and before or after work);
- all personal communication should be sent from a private non-work related address/source;
- it must not affect your work or interfere with the business;
- it must not affect the operation of the IT systems or consume storage resources;
- it must not commit us to any marginal costs; and
- it must comply with our policies
Remote Wiping & Disposal of Equipment
Company phones, PCs, laptops and other equipment, as well as all data on them, are the property of the company and the company can and will wipe them remotely in cases or loss, theft or misuse, including where there are reasonable grounds to suspect any of the foregoing.
Electronic equipment of any type must be wiped by Lee Hair IT Support before disposal.
Leaving the Company
When employment ends, for whatever reason, then access to all company systems is no longer permitted. Any attempts to access systems will be logged and action, including legal action, may be taken to protect customers’ and employees’ data. On leaving the company passwords will be changed or disabled on all systems as soon as Lee Hair IT Support is informed of the date or on the date of leaving.
All company equipment should be returned to the line manager involved who is responsible for a) informing Lee Hair IT Support of what has been returned and for b) obtaining and emailing any passwords or access codes relating to the items.
Monitoring
Our systems enable us to reasonably monitor company communications. For business reasons, and in order to carry out legal obligations in our role as an employer, your use of our systems including the telephone and computer systems (including any personal use) may be continually monitored by automated software or otherwise.
We reserve the right to retrieve the contents of e-mail messages or check internet usage (including pages visited and searches made) as reasonably necessary in the interests of the business, including for the following purposes (this list is not exhaustive):
to monitor whether the use of the e-mail system or the internet is legitimate and in accordance with this policy;
- to find lost messages or to retrieve messages lost due to computer failure;
- to troubleshoot or fault find with the operation of the system;
- to assist in the investigation of alleged wrongdoing; or
- to comply with any legal obligation.
Prohibited Use of Our Systems
- Misuse or excessive personal use of our telephone or e-mail system or inappropriate internet use is prohibited. Misuse of the internet can in some cases be a criminal offence.
- Creating, viewing, accessing, transmitting or downloading any of the following material will usually amount to gross misconduct (this list is not exhaustive):
- pornographic material (that is, writing, pictures, films and video clips of a sexually explicit or arousing nature);
- offensive, obscene, or criminal material or material which is liable to cause embarrassment to us or to our clients;
- a false and defamatory statement about any person or organisation;
- material which is discriminatory, offensive, derogatory or may cause embarrassment to others (including material which breaches our EIFF Diversity, Inclusivity and Equal Opportunities Policy);
- confidential information about us or any of our staff or clients (except as authorised in the proper performance of your duties);
- unauthorised software;
- any other statement which is likely to create any criminal or civil liability (for you or us); or
- music or video files or other material in breach of copyright.
Clear Desk Policy
It is essential that a clear desk policy is adhered to at all times. Copies of client documentation should be uploaded to the EIFF Shared Drive.
Policy Last Amended: 23 April 2024