ICT equipment is provided for work purposes.  This includes its use in giving direct support to the people who use Key’s services.  ICT equipment must not be used for personal or recreational use or private gain.

If you believe that ICT equipment has been improperly used you must report this immediately to your line manager or to ICT staff.

Settings and security - You must not alter the settings of your computer or the network.  Installations are generally standardised to aid support and maintenance.  You must not attempt to gain access to parts of the system or network to which you do not normally have access rights.

Automatic Updates - Important security and software updates download automatically on computers connected to the Internet.  Updates should be installed as early as possible after they have been downloaded.

Passwords - Access to all systems is controlled by a logon user name and password.  User passwords are renewed on a schedule set by ICT staff.

• This password should never be disclosed to another person.
• Compromised passwords should be reported to ICT staff immediately.
• Passwords must never be written down or displayed to permit others to see it.
• When leaving a computer unattended, you should always log off or shut down the computer.

Where to save your work - All work relating to Key must be stored in the folders or network drive set up by and agreed with ICT staff.  This will ensure that the data will be properly backed up.

Folder structures - Folder structures must not be altered, extended or put to alternative use by users.  If a structure does not meet the needs of the organisation a review should be sought with ICT staff.

Using removable media/drives – Information relating to individuals must never be saved to removable media.  Key’s virtual desktop environment provides access to information from any location with an Internet connection.

Where information not related to an individual is committed to removable storage, the media/drives must be owned by Key and use data encryption software to prevent unauthorised access.  The removable media/drive must never be the sole or primary location for this data. 

Relocation of equipment & services - Once installed no computer, telecoms or electronic office equipment should be moved without first discussing this with ICT staff.  This is to ensure the continuing availability of Internet and network services as well as meeting Key’s asset management requirements.

Virus protection - Antivirus software is installed on all computers and is set up to operate automatically.  The software is configured to update itself each day.

Backups - Backup of data is done automatically.  This backup data is held on servers within either Key’s main administrative office in Glasgow or its designated business continuity site.  The backups are, in turn, archived for up to 12 weeks.

Computers owned by the people Key support - Employees can use computers belonging to people supported by Key only in the following circumstances:

• to provide direct support to the individual
• to access Key’s virtual desktop environment to complete administrative tasks relating directly to that person and with their prior, informed consent

Computers owned by employees - Employees should not use personal or family owned computers, except as a means to access Key’s virtual desktop environment.  Administrative tasks must only be carried out on physical or virtual computers belonging to Key.

Computers owned by employees must never be brought in to the workplace, nor connected to wireless or wired networks belonging to Key or the people Key support.