top of page
  • LinkedIn
  • Facebook
  • Twitter
  • Instagram

I T  POLICY

Information Technology (IT) Policy

​

1. Purpose

The purpose of this IT Policy is to ensure that all employees use company technology systems responsibly, securely, and in accordance with business and legal requirements. This policy helps protect company data, systems, and users from security risks, data breaches, and misuse.

​

2. Scope

This policy applies to all employees, contractors, consultants, temporary staff, and any other individuals who have access to the company's IT systems, networks, devices, and data.

It covers all company-owned and personal devices used to access company systems, including:

  • Desktop computers

  • Laptops

  • Mobile phones

  • Tablets

  • Email systems

  • Cloud platforms

  • Internal databases

  • Internet access
     

3. Acceptable Use

​

Company IT systems are provided for business purposes. Limited personal use may be permitted provided it:

  • Does not interfere with work responsibilities

  • Does not affect system performance

  • Does not violate any laws or company policies
     

Users must not use company systems to:
 

  • Access or distribute offensive, discriminatory, or inappropriate content

  • Download or install unauthorised software

  • Engage in illegal activity

  • Attempt to bypass security controls

  • Share confidential company data without authorisation
     

4. Passwords and Account Security
 

All employees must follow secure password practices.

Requirements include:

  • Passwords must be strong and difficult to guess

  • Passwords must not be shared with others

  • Passwords should be changed regularly

  • Multi-factor authentication (MFA) must be used where available
     

Employees must immediately report any suspected compromise of their account.
 

5. Data Protection and Confidentiality
 

Employees must ensure that all company and client data is handled securely and in accordance with UK GDPR and data protection laws.

Sensitive information includes:

  • Client details

  • Candidate information

  • Employee records

  • Financial data

  • Healthcare or patient information
     

Users must not:
 

  • Store sensitive data on personal devices without approval

  • Send confidential data to personal email accounts

  • Share company data with unauthorised individuals
     

All confidential information must be stored within approved company systems.
 

6. Email and Communication Systems
 

Company email and messaging systems must be used professionally.
 

Users must not:
 

  • Send spam or chain emails

  • Open suspicious email attachments

  • Click unknown or suspicious links

  • Use company email for personal business activities
     

Any suspected phishing or malicious emails should be reported to IT immediately.
 

7. Internet Usage
 

Internet access is provided for work purposes.

Employees must not use the internet to:

  • Access illegal content

  • Download pirated material

  • Visit websites that pose a security risk

  • Conduct non-work-related business activities
     

The company reserves the right to monitor internet usage where necessary.
 

8. Software and Hardware
 

Only approved software may be installed on company devices.

Employees must not:
 

  • Install unauthorised applications

  • Modify system settings

  • Connect unauthorised devices to the company network
     

All company equipment must be used responsibly and returned when employment ends.
 

9. Remote Working and Device Security
 

When working remotely, employees must ensure that:
 

  • Devices are password protected

  • Screens are locked when unattended

  • Public Wi-Fi networks are avoided where possible

  • Confidential work is not visible to others
     

Company devices must not be used by family members or other unauthorised individuals.
 

10. Monitoring and Compliance
 

The company reserves the right to monitor:
 

  • Email usage

  • Internet activity

  • System access logs
     

Monitoring will be conducted in accordance with relevant laws and company policies.

Failure to comply with this IT policy may result in disciplinary action, up to and including termination of employment.
 

11. Reporting Security Incidents
 

All employees must report any suspected IT security incident immediately, including:

  • Lost or stolen devices

  • Suspicious emails

  • Unauthorised system access

  • Data breaches
     

Prompt reporting helps minimise risk and protect company systems.
 

12. Policy Review

This policy will be reviewed periodically to ensure it remains effective and compliant with current laws and technology standards.

bottom of page