Information Security Policy
This Acceptable Use Policy sets out the responsibilities and required behaviour of users of The Resourcing Hub’s information systems, networks and computers.
All employees and contractors and partners that have been granted access to The Resourcing Hub’s facilities.
User identification and authentication
Each individual will be assigned a unique identifier (userID) for his or her individual use. This userID may not be used by anyone other than the individual user to whom it has been issued. Each individual will require an associated account password which must not be divulged to anyone, including IT Services staff, for any reason. This account password should not be used as the password for any other service. Individuals are expected to remember their password and to change it if there is any suspicion that it may have been compromised
Each individual will also be assigned a unique email address for his or her individual use and some individuals may also be given authorisation to use one or more generic (role based) email addresses. Individuals must not use an email address assigned to anyone else without their explicit permission.
Email addresses are The Resourcing Hub owned assets and any use of these email addresses is subject to The Resourcing Hub policies.
Personal use of facilities
The Resourcing Hub information and communication facilities, including email addresses and computers, are provided for academic and administrative purposes related to work at The Resourcing Hub.
The Resourcing Hub facilities should not be used for the storage of data unrelated to the work of The Resourcing Hub
Individuals should not use a personal (non The Resourcing Hub provided) email account to conduct The Resourcing Hub business and should maintain a separate, personal email account for personal email correspondence.
Use of services provided by third parties
Wherever possible, individuals should only use services provided or endorsed by The Resourcing Hub for conducting The Resourcing Hub business.
The Resourcing Hub recognises, however, that there are occasions when it is unable to meet the legitimate requirements of its clients and that in these circumstances it may be permissible to use services provided by client of other third parties.
Computers and other equipment used to access The Resourcing Hub facilities must not be left unattended and unlocked if logged in. Individuals must ensure that their computers are locked before being left unattended. Care should be taken to ensure that no restricted information is left on display on the computer when it is
Particular care should be taken to ensure the physical security of The Resourcing Hub supplied equipment when in transit.
In addition to what has already been written above, the following are also considered to be unacceptable uses of The Resourcing Hub facilities.
● Any illegal activity or activity which breaches any The Resourcing Hub policy
● Any attempt to undermine the security of The Resourcing Hub’s facilities. (For the avoidance of doubt, this includes undertaking any unauthorised penetration testing or vulnerability scanning of any systems.
● Providing access to facilities or information to those who are not entitled to access.
● Any irresponsible or reckless handling of The Resourcing Hub or client data
● Any use which brings The Resourcing Hub into disrepute
● Any use of The Resourcing Hub facilities to bully, harass, intimidate or otherwise cause alarm or distress to others.
● Sending unsolicited and unauthorised bulk email (spam) which is unrelated to the legitimate business of The Resourcing Hub.
● Creating, storing or transmitting any material which infringes copyright. ● Creating, storing or transmitting defamatory or obscene material.
● Creating, accessing, storing, relaying or transmitting any material which promotes terrorism or violent extremism or which seeks to radicalise individuals to such causes.
● Using software which is only licensed for limited purposes for any other purpose or otherwise breaching software licensing agreements.
● Failing to comply with a request from an authorised person to desist from
any activity which has been deemed detrimental to the operation of the The Resourcing Hub’s facilities.
● Failing to report any breach, or suspected breach of information security to IT Services.
● Failing to comply with a request from an authorised person for you to change your password.
Penalties for misuse
Minor breaches of policy will be dealt with by our Resource and People Manager. More serious breaches of policy (or repeated minor breaches) will be dealt with under The Resourcing Hub’s disciplinary procedures.
Where appropriate, breaches of the law will be reported to the police. Where the breach has occurred in a jurisdiction outside the UK, the breach may be reported to the relevant authorities within that jurisdiction.