Acceptable use of assets policy - Annex A
Published: 09 October 2024Freedom of information class: How we manage our resources
Below is a list of actions or behaviours which will constitute unacceptable use – this list is not exhaustive.
Table of contents
1. Access to systems and information
- Allowing another individual to use your user ID/token and/or password on any RoS IT system
- Using another individual’s user ID/token and/or password to access any RoS IT system
- Attempting to access RoS information or systems that you are not authorised to use or access
- Attempting to exceed the limits of your authorised use or access Attempting to circumvent or subvert system security controls
- Using a system for any purpose other than what is intended
- Leaving a device unattended and unlocked
- Leaving your password unprotected
- Performing any unauthorised changes to RoS IT systems or information
- Store personal files such as music, video, or games on RoS IT equipment
- Attempting to connect any unauthorised device to the RoS network or IT systems
- Storing RoS information on any unauthorised equipment
- Using an unauthorised device to conduct business on behalf of RoS
- Transferring RoS information to any external party without the authority of the appropriate Information Asset Owner (IAO) or an authorised representative and carried out in accordance with the RoS Information Classification and Handling Policy.
2. Use of internet, email and telephony
- Using the internet or email for the purposes of harassment or abuse
- Using profanity, obscenities, or derogatory language in communications
- Accessing downloading, sending, or receiving any information (including images), which could be considered offensive, including sexually explicit, discriminatory, defamatory, or libellous material
- Using the internet or email to make personal gains or conduct a personal business
- Using the internet or email to gamble
- Using the email systems in a way that could affect their reliability or effectiveness, for example distributing chain letters or spam
- Sending sensitive or confidential information without appropriate protection
- Sending or forwarding RoS business e-mail to personal or non-RoS email accounts (for example Hotmail, Gmail, etc accounts)
- Using a RoS corporate email account to subscribe to a non business related activity
- Attempting to transfer RoS data to unauthorised or personal online storage
- Making official statements through the internet or email on behalf of RoS unless authorised to do so
- Downloading copyrighted material such as music media (MP3) files, film and video files (not an exhaustive list) other than for business purposes
- Infringing any copyright, database rights, trademarks or other intellectual property
- Downloading any software from the internet without prior approval of the IT Enablement Department
- Accessing and/or passing on information from any RoS information system other than as part of your business role and with IAO authorisation
- Undertaking any activity that will bring RoS into disrepute
- Using RoS voice facilities for sending or receiving private communications on personal matters
- Using RoS voice facilities to accept reverse charge calls except where a business purpose has been identified.
3. Clear desk and clear screen
- Not using password protected screen locking (or log off) when leaving a computer unattended
- Failing to clear information (for example documents, notes, reports) from desks to designated storage areas when away from working areas and at the end of the working day
- Failing to use secure printing for printing sensitive data (where facilities are available)
- Neglecting to use the authorised facilities to dispose of confidential / sensitive documents.
4. Working off-site
- Leaving RoS IT equipment or information unattended in public places or in public view
- Leaving mobile devices (including laptops) in checked baggage when travelling for business purposes – these must be hand luggage only
- Failure to appropriately protect RoS IT equipment or information against loss or compromise when working offsite (for example at home or in public places)
- Attempt to compromise RoS Device Encryption
- When working in a public area Authorised Users must ensure that screens are not visible and must exercise diligence when connecting to non-RoS networks
- Using a RoS issued broadband hub device for non-business related purposes.
5. Home broadband devices
- Streaming media to a personal device connected to the RoS broadband device
- Failing to return the home broadband device at the conclusion of the agreed period
- Taking a RoS owned home broadband device (dongle) outside of the UK.
6. Removable/portable storage devices
- Storing information on removable or portable storage devices that are not subject to encrypted
- Storing the key for decryption on the same device
- Leaving the removable or portable storage device in non-RoS locations
- Leaving data on the key when the need to hold the data has expired
- Storing the key in a physical location that is not subject to the required security controls for the classification of data it contains
- Charge mobile phones or any other electronic devices on a RoS owned device (e.g. laptop) Attaching external hard drives or similar storage devices or any other equipment to the RoS network without prior authority.
7. Software authorisation and installation
- Using unauthorised software on RoS IT equipment or to process RoS information
- Using cloud-based software (Software as a Service) without authorisation in accordance with the RoS Cloud Computing Policy and software request process
- Attempting to use an extended function, feature or plugin of a software without further assessment and authority.
8. Hardware
- All colleagues are responsible for using RoS supplied equipment for the purposes and requirements of their role
- Not Reporting accidental damage to the Service Desk promptly
- Not cleaning equipment provided by RoS to avoid excessive dust, dirt, marks or stains
- ‘Personalising’ RoS supplied equipment, including adding stickers
- Eating, or drinking over RoS supplied equipment, as this may lead to embedded crumbs or spillages
- Not using an appropriate laptop bag when travelling – you can request accessories on RoSNow
- Exposing RoS supplied equipment to smoke.
9. Security technologies
- Attempting to remove, disable, or otherwise circumvent anti-virus software
- Attempting to amend the configuration of the RoS anti-virus to omit any scanning features, changes times for scheduled tasks or omitting files or directories without consultation and approval from the IT Security function
- Attempting to resolve malware using non-RoS approved methods or software.
10. Actions upon termination of contract
- Retaining RoS information or intellectual property developed or gained during the period of employment remains the property of RoS beyond termination
- The re-use of information or intellectual property for any non-RoS purpose during the period of termination
- Returning RoS equipment, information or intellectual property by a method is not in line with the RoS Return of Assets Procedure and could knowingly cause damage and destruction of the asset.