Information Security Policy
Introduction
This policy sets out the responsibilities and required behaviour of users of Rainmaker People’s information systems, networks and computers.
Scope
All employees and contractors and partners that have been granted access to Rainmaker People’s facilities.
User identification and authentication
Each individual will be assigned a unique identifier (userID) for his or her individual use. This userID may not be used by anyone other than the individual user to whom it has been issued. Each individual will require an associated account password which must not be divulged to anyone, including IT Services staff, for any reason. This account password should not be used as the password for any other service. Individuals are expected to remember their password and to change it if there is any suspicion that it may have been compromised
Each individual will also be assigned a unique email address for his or her individual use and some individuals may also be given authorisation to use one or more generic (role based) email addresses. Individuals must not use an email address assigned to anyone else without their explicit permission.
Email addresses are Rainmaker People owned assets and any use of these email addresses is subject to Rainmaker People policies.
Personal use of facilities
Rainmaker People information and communication facilities, including email addresses and computers, are provided for academic and administrative purposes related to work at Rainmaker People.
Rainmaker People facilities should not be used for the storage of data unrelated to the work of Rainmaker People
Individuals should not use a personal (non Rainmaker People provided) email account to conduct Rainmaker People business and should maintain a separate, personal email account for personal email correspondence.
Use of services provided by third parties
Wherever possible, individuals should only use services provided or endorsed by Rainmaker People for conducting Rainmaker People business.
Rainmaker People recognises, however, that there are occasions when it is unable to meet the legitimate requirements of its clients and that in these circumstances it may be permissible to use services provided by client of other third parties.
Unattended equipment
Computers and other equipment used to access Rainmaker People facilities must not be left unattended and unlocked if logged in. Individuals must ensure that their computers are locked before being left unattended. Care should be taken to ensure that no restricted information is left on display on the computer when it is
left unattended.
Particular care should be taken to ensure the physical security of Rainmaker People supplied equipment when in transit.
Unacceptable use
In addition to what has already been written above, the following are also considered to be unacceptable uses of Rainmaker People facilities.
● Any illegal activity or activity which breaches any Rainmaker People policy
● Any attempt to undermine the security of Rainmaker People’s facilities. (For the avoidance of doubt, this includes undertaking any unauthorised penetration testing or vulnerability scanning of any systems.
● Providing access to facilities or information to those who are not entitled to access.
● Any irresponsible or reckless handling of Rainmaker People or client data
● Any use which brings Rainmaker People into disrepute
● Any use of Rainmaker People facilities to bully, harass, intimidate or otherwise cause alarm or distress to others.
● Sending unsolicited and unauthorised bulk email (spam) which is unrelated to the legitimate business of Rainmaker People.
● Creating, storing or transmitting any material which infringes copyright.
● Creating, accessing, storing, relaying or transmitting any material which promotes terrorism or violent extremism or which seeks to radicalise individuals to such causes.
● Creating, storing or transmitting defamatory or obscene material.
● Using software which is only licensed for limited purposes for any other purpose or otherwise breaching software licensing agreements.
● Failing to comply with a request from an authorised person to desist from
any activity which has been deemed detrimental to the operation of the Rainmaker People’s facilities.
● Failing to report any breach, or suspected breach of information security to IT Services.
● Failing to comply with a request from an authorised person for you to change your password.
Penalties for misuse
Minor breaches of policy will be dealt with by our Resource and People Manager. More serious breaches of policy (or repeated minor breaches) will be dealt with under Rainmaker People’s disciplinary procedures.
Where appropriate, breaches of the law will be reported to the police. Where the breach has occurred in a jurisdiction outside the UK, the breach may be reported to the relevant authorities within that jurisdiction.