Internet, Intranet and Email Acceptable Use Policy 8.0 Derek … · 2019-09-30 · Internet,...

Internet, Intranet and Email Acceptable Use Policy v7

Policy Title

Internet, Intranet and Email Acceptable Use Policy

Policy Number

OP17

Version Number

8.0

Ratified By

Information Governance Assurance Group

Date Ratified

19/03/2019

Effective From

01/09/2019

Author(s) (name and designation)

Derek Prudhoe, IT Directory and Security Manager

Sponsor

Nick Black, Chief Digital Information Officer

Expiry Date

01/03/2020

Withdrawn Date

Unless this copy has been taken directly from Pandora (the Trust’s Sharepoint document management system) there is no assurance that this is the most up to date version This policy supersedes all previous issues

Internet, Intranet and Email Acceptable Use Policy v8 2

Version Control

Version Release Author/Reviewer Ratified by/Authorised by

Date Changes (Please identify page no.)

1.0

Mar 2001

P Dunnigan JCC 21/02/2001

2.0

May 2004

J Tomlinson TPF Apr 2004

3.0

Feb 2009

D Prudhoe BSDC Feb 2009

4.0

Aug 2011

D Prudhoe IG Committee Aug 2010

5.0 03/12/2012 D Prudhoe Health Informatics Assurance Committee

07/11/2012 Sections re-written and added throughout the policy in order to incorporate email into this policy and minor update to email encryption section (6.3.4.1)

6.0 04/08/2015 D Prudhoe Health Informatics Assurance Committee

04/03/2015 Reviewed, no changes.

7.0 07/12/2017 D Prudhoe Health Informatics Assurance Group

21/11/2017 Reviewed, updated for NHSMail, minor corrections in body of policy, removed secure domains as not applicable any more, added data declaration as Appendix C

8.0 01/09/2019 D Prudhoe Information Governance Assurance Group

19/03/2019 6.2.6 – added clause for Smart devices Updated references from DPA to GRPR Updated text in Code of Connection Appendix A2 6.2.5 – updated text as not reasonable for users to check AV


CONTENTS

1.0 INTRODUCTION .................................................................................................................................. 4

1.1 Rationale ......................................................................................................4 1.2 Principles ......................................................................................................4

2.0 Policy Scope ........................................................................................................................................ 4

3.0 Aim of Policy ....................................................................................................................................... 5

4.0 Duties (Roles and Responsibilities) .................................................................................................. 5

5.0 Definitions ........................................................................................................................................... 5

6.0 INTRANET, INTERNET and EMAIL ACCEPTABLE USE .................................................................. 6

6.1 Core Principles .............................................................................................6 6.2 Intranet and Internet......................................................................................6

6.2.1 Authorisation ......................................................................................... 6 6.2.2 Permissible access ............................................................................... 7 6.2.3 Non-permissible access ....................................................................... 7 6.2.4 Copyright ............................................................................................... 7 6.2.5 Viruses ................................................................................................... 8 6.2.6 Internet Service Providers .................................................................... 8

6.3 Email ............................................................................................................8 6.3.1 Access .................................................................................................... 8 6.3.2 Best Practice .......................................................................................... 8 6.3.3 Legal Issues ........................................................................................... 9 6.3.4 Email of Personal Identifiable Information ......................................... 10 6.3.4.1 Methods of sending ........................................................................... 10 6.3.4.2 Confidential Information .................................................................... 10 6.3.5 Offsite/Home and Mobile access to NHSMail ..................................... 10 6.3.6 Out of Office ........................................................................................... 10 6.3.7 Monitoring .............................................................................................. 11 6.3.8 Administration of Email Accounts ...................................................... 11 6.3.9 Unused/Obsolete Accounts ................................................................. 11 6.3.10 Confidentiality Disclaimer .................................................................. 12

7.0 Training .............................................................................................................................................. 12

8.0 DIVERSITY AND INCLUSION ........................................................................................................... 12

9.0 Monitoring compliance with the policy .......................................................................................... 12

10.0 Consultation and review .................................................................................................................. 12

11.0 Implementation of policy (including raising awareness).............................................................. 13

12.0 Associated documentation .............................................................................................................. 13

Appendix A ..................................................................................................................................................... 14

A.1 Request for Access to the Gateshead Trust Computer Network ...................14 A.2 Email, Internet, Digital Systems and Services - User Code of Connection ....15

Appendix B - Legal Disclaimer ..................................................................................................................... 18

Appendix C - NHSMail Data Declaration .................................................................................................... 19


Internet, Intranet and Email Acceptable Use Policy 1.0 INTRODUCTION 1.1 Rationale

In common with other NHS organisations, the Trust operates an internal and external email facility and access to the Internet through its connection to the N3 network. The N3 network is a virtual private network that operates throughout the NHS and is inaccessible to non-NHS organisations. It provides access to both NHS-specific websites (prefixed nww.) and the world-wide web (www.). The Trust also provides an intranet that is internal to the Trust and provides access to a wide range of Trust-specific information. This policy sets rules and provides guidance for the use of the Trust Intranet, Internet and email facilities.

1.2 Principles

The Internet is a fast and effective electronic means of gathering information that can enhance the efficiency and effectiveness of staff in the Trust.

The Intranet is a website that is internal to the Trust that provides access to a wide range of Trust-specific information.

The facilities exist primarily for the purpose of conducting Trust business but can also be used for limited permitted personal purposes.

The Internet provides a wide-ranging source of information and knowledge but offers no guarantee of accuracy, reliability or authenticity.

Email and the Internet are fast and effective electronic means of communicating and gathering information that can enhance the efficiency and effectiveness of staff in the Trust.

The Trust will use these facilities to the full (but within available resources and technology) in communicating and cascading information throughout the organisation. Staff are encouraged to familiarise themselves with the facilities and to make use of the Trust’s intranet site.

Email carries the same legal status as other written documents and should be used with the same care.

Email allows electronic records of communications over a period of time to be maintained and systematically managed and referenced.

The internet and email facilities employ complex technology which is not 100% reliable and staff should not rely wholly and solely on them for critical business processes.

2.0 POLICY SCOPE

This policy applies to:

all full-time and part-time employees of the Trust, and to non-executive directors, contracted third parties (including agency staff), locums, students and trainees, secondees and other staff on temporary placements with the Trust, and staff of partner organisations with approved access;

other individuals and agencies who may gain access to data, such as volunteers, visiting professionals or researchers, and companies providing IT services.


3.0 AIM OF POLICY

This document defines the Intranet, Internet and email Policy for Gateshead Health NHS Foundation Trust and

Sets out the Trust’s policy for the protection of the confidentiality, integrity and availability of the Intranet, Internet and e-mail system.

Establishes the Trust and user responsibilities for the Intranet, Internet and e-mail system.

Provides reference to documentation relevant to this policy.

The purpose of this policy is to ensure the proper use of the Trust’s Intranet, Internet and email system and make users aware of what the Trust deems as acceptable and unacceptable use of its e-mail system. The objective of this policy is to ensure the security of the Trust’s e-mail system. The Trust will:

Ensure Availability Ensure that the Intranet, Internet and email system is available for users.

Preserve Integrity Protect the Intranet, Internet and email system from unauthorised or accidental modification ensuring the accuracy and completeness of the Trust’s assets.

Preserve Confidentiality Protect assets against unauthorised disclosure.

4.0 DUTIES (ROLES AND RESPONSIBILITIES)

The Trust will take all reasonable steps to ensure that users of the Intranet, Internet and email service are aware of acceptable use policies and legal obligations relating to the use of e-mail. All staff and Non-Executive Directors are obliged to adhere to this policy. It is the responsibility of the individual to ensure that they understand this policy. Managers at all levels are responsible for ensuring that the staff for whom they are responsible are aware of and adhere to this Policy. They are also responsible for ensuring staff are updated in regard to any changes in this Policy. The IT Directory & Security Manager, on behalf of the Chief Executive, will take steps to ensure that all staff adhere to this Policy. A failure to adhere to this Policy may result in disciplinary action.

5.0 DEFINITIONS

Email - A system for sending and receiving messages electronically over a computer network Internet - a vast computer network linking smaller computer networks worldwide. The Internet includes commercial, educational, governmental, and other networks, all of which use the same set of communications protocols.


Intranet - a network operating like the internet but having access restricted to a limited group of authorised users usually within a single organisation. N3 Network - a virtual private network that operates within the NHS which provides access to both NHS-specific websites (prefixed nww) and the internet (www).

6.0 INTRANET, INTERNET AND EMAIL ACCEPTABLE USE

6.1 Core Principles

Staff will have access to the intranet and the Internet and email in accordance with national targets

Recognised staff organisations, including Trade Unions, will have access to the Internet and email

Personal use of the facilities will be limited and within prescribed areas Safeguards will be established to protect the security, integrity and

availability of the Trust’s systems The requirements of relevant Acts of Parliament and mandatory national

policies will be observed at all times Staff awareness of copyright and contractual issues will be raised. Guidance on e-mail etiquette will be observed Guidance on housekeeping to ensure efficiency in the operation of the

network and personal folders will be observed Personal use of e-mail should not interfere with work Personal e-mails must also adhere to the guidelines in this policy The forwarding of chain letters, junk mail, jokes and executable programs is

not allowed

6.2 Intranet and Internet

6.2.1 Authorisation The Head of Service/Head of Department must request an account for a new member of staff by completing a ‘Request for Access to the Gateshead Trust Computer Network’ form. This form should ideally be submitted prior to the commencement date of the member of staff but should be completed for any member of staff who requires a user account and submitted to the IT department. The Head of Service/Head of Department must ensure that the member of staff has read this policy. In addition, all users are required to complete and sign an ‘Email & Internet Services - User Code of Connection’ form. This needs to be submitted to the IT department within 1 week of their starting date. If the IT department has not received the form by this date the account will be disabled and will only be re-enabled on receipt of the Code of Connection form. A copy of both forms can be found at Appendix A.


6.2.2 Permissible access Access to the Internet is primarily for Healthcare related purposes. That is for NHS work or for professional development and training. Reasonable personal use is permitted provided this does not interfere with the performance of your duties. Personal access to the Internet can be limited or denied by your manager. Staff must act in accordance with their manager’s local guidelines. The Trust has the final decision on deciding what constitutes excessive use. The use of the Internet for personal transactions only, such as booking reservations or tickets or the purchase of any goods or services for personal use, is permitted. Employees should regard this facility as a privilege that should not be abused and should normally be exercised in their own time and without detriment to the job. Inappropriate or excessive use may result in disciplinary action and/or removal of facilities. Staff should be aware that Internet access will be subject to restrictions and monitoring.

6.2.3 Non-permissible access Access to websites that contain offensive or inappropriate material is strictly forbidden. Offensive or inappropriate material includes hostile text or images relating to gender, ethnicity, race, sex, sexual orientation, instruction on criminal or terrorist skills, promotion of cults, gambling, religious or political convictions, disability or any other material likely to bring the Trust into disrepute. This list is not exhaustive. Downloading of such material is considered a serious breach of Trust security and may result in dismissal or prosecution. Other than instances which demand criminal prosecution, the final arbiter on what is or is not offensive material, or what is or is not permissible access to the Internet will be decided by senior Trust management. However, the Trust notes that access to subjects and sites of a potentially contentious nature may be appropriate in some areas of normal operation and/or in specific circumstances, e.g. sex education, youth advice, counselling on gambling, approved research, etc. The Trust therefore places special responsibilities of care on staff operating in such areas to ensure that such access is necessary and that other users, staff and members of the community are not exposed to any such material without good cause. Staff should not use the Internet to conduct personal transactions in pursuit of their own commercial or business interests nor in such a way as to implicate the Trust in those transactions. If in doubt, staff should consult the IT Directory & Security Manager.

6.2.4 Copyright


Files must not be downloaded from the Internet and used in such a way as to violate copyright laws. Even if downloading is permissible under copyright law, there may be restrictions with regard to copying, forwarding, or otherwise distributing files. Software license agreements should be read and adhered to. Staff must not transmit copyright software from their computer via the Internet.

6.2.5 Viruses Viruses can damage computer systems, destroy data, cause disruption and incur considerable expense for the Trust. All files downloaded from the Internet must be virus checked before use. Employees must not independently load software onto their PCs (this includes screen-savers). All software installations must be arranged with the IT Department.

6.2.6 Internet Service Providers Internet access must be via the Trust’s network in all instances. The use of alternative methods to connect to the internet is strictly prohibited and individuals must not independently arrange Internet access direct with a commercial Internet Service Provider. Where Trust Portable devices or Smart Devices are used, access to the internet via 4G or wi-fi is permitted. However, use of the internet must comply with all Trust policies. Portable devices and Smart devices will be restricted and monitored when possible.

6.3 Email

6.3.1 Access

NHSMail is provided by NHS Digital and is used as the Trust e-mail system. All NHSMail users are required to accept the NHSMail Acceptable Use Policy which can be found at https://digital.nhs.uk/nhsmail/policies. Acceptance of this policy is built into the NHSMail registration process. Staff who have previously worked for another NHS Trust and have an existing NHSMail account should ensure their previous Trust has marked them as a ‘leaver’. They should advise the IT Department of their existing email address so that their account can be transferred to the Trust. New NHS employees or those without an existing NHSMail account will be provided a NHSMail account after they have completed the procedure in para 6.2.1

6.3.2 Best Practice The Trust considers e-mail as an important means of communication and recognises the importance of proper e-mail content and speedy replies in conveying a professional image and delivering a good service. Therefore the Trust wishes users to adhere to the following guidelines:

https://digital.nhs.uk/nhsmail/policies


Before sending an e-mail, consider whether there is a more appropriate way of communicating e.g. a telephone call or face to face contact.

Do not print e-mails unless you really need to for work purposes. E-mails can be saved, if you need them.

Only mark e-mails as important if they really are important.

Ensure you send your e-mail only to people who need to see it. Sending e-mails to all in your address book can unnecessarily block the system.

Ensure your email “Address Book” is set to search Gateshead Health NHS Foundation Trust as a default.

Before sending an email check the email address is correct. If you are uncertain of the email address send a test email before disclosing any information

E-mails should be treated like any other correspondence and should be answered as quickly as possible.

Delete any e-mail messages that you do not need to have a copy of.

If you suspect you received a virus by e-mail, telephone the IT Service Desk immediately (ext 2397).

6.3.3 Legal Issues

The Freedom of Information Act 2000 enables people to have access to much more information held by public bodies than previously. Communications sent via e-mail may relate to decisions made that might have been sent in letters and memos a few years ago. Like their paper counterparts, these e-mail records must be saved, filed and managed in a manner that will allow easy access in future. E-mail is a business communication tool and users are obliged to use this tool in a responsible, effective and lawful manner. Consideration should also be given to the General Data Protection Regulation and Data Protection Act 2018. The following rules are to be strictly adhered to:

Do not send or forward emails with any libellous, defamatory, offensive, harassing, racist or any discriminatory language, homophobic, obscene or pornographic remarks or depictions. If you receive an email of this nature, you must notify your manager

Do not forward confidential information without acquiring permission from the sender first

Do not knowingly send an email that contains a virus

Do not send unsolicited email messages

Do not forge or attempt to forge email messages

Do not send email messages using another person’s email account

Do not knowingly breach copyright or licensing laws when composing or forwarding emails and email attachments.

By following the guidelines in this policy, the e-mail user can minimise the legal risks involved in the use of e-mail. If any user disregards the rules set out in this policy, they may be subject to action by the Trust in accordance with the Trust’s Disciplinary Policy.


6.3.4 Email of Personal Identifiable Information

6.3.4.1 Methods of sending

Email is not secure and it should not be treated as the standard method of communicating personal identifiable information. Where email is agreed as the most appropriate method of transfer of personal identifiable information, NHSMail is only secure when sent between two NHSMail accounts. Emails sent from NHSMail to any email address other than a NHSMail account which contains personal identifiable information must be encrypted using the facility within NHSMail. To encrypt an email [secure] should be added to the subject field in the email. Further guidance from NHS Digital can be found at https://s3-eu-west-1.amazonaws.com/comms-mat/Training-Materials/Guidance/encryptionguide.pdf Any e-mail containing person identifiable information held in an e-mail account should be deleted as soon as no longer required.

6.3.4.2 Confidential Information Where possible, personal identifiable information (including digital images) should not be forwarded by e-mail unless it has been anonymised, or the personal identifiers have been removed. These can be provided to the recipient by separate communication. The safe standards of confidentiality should also be applied to staff related personal details.

6.3.5 Offsite/Home and Mobile access to NHSMail

NHSmail may be accessed using non Trust PCs via a web browser on an internet connected PC/other device, or on personal phones that are permitted to be used on NHS Mail (e.g Android 4.0 and above or iPhone 4 and above). To maintain security of NHSmail these devices must be protected by an up-to-date anti-virus programme where applicable and a personal firewall is also advised. Personal and sensitive information must not be accessed using a non-Trust device. If it is necessary to work with personal and sensitive information from a location other than Trust premises, an encrypted Trust laptop should be used. Staff should note that NHSMail on non-Trust devices is outside of the scope of support provided by the IT Department.

6.3.6 Out of Office

https://s3-eu-west-1.amazonaws.com/comms-mat/Training-Materials/Guidance/encryptionguide.pdf




An “out of office” message must be set up when absent from the Trust for one day or more. If away for a significant period of time (e.g. maternity leave or long-term sick leave) you should contact the IT Service Desk so that your account can be temporarily suspended. Suspended email accounts must be re-enabled within 18 months otherwise they will be deleted. If absence is expected to extend longer than 18 months the IT Department should be advised so they are able to prevent the account being deleted. Where appropriate, with your manager’s approval, access to your e-mail account can be granted to whoever is covering your role. The IT Service Desk can offer assistance with this facility.

6.3.7 Monitoring The content of emails is not routinely monitored. The Trust reserves the right to inspect, monitor and retain message content as required to meet legal, statutory and business obligations.

6.3.8 Administration of Email Accounts Although email accounts are provided by NHSMail, the Trust maintains ownership of all email sent and received including its contents. E-mail should not be considered private and confidential to the individual. All employees should be aware that to allow the business of the Trust to continue unhindered, or as part of an internal investigation, the Trust may require access to an individual’s mailbox, for example where an individual is away for a period and access is required to correspondence urgently. Any such access would be in exceptional circumstances and must be authorised by the Associate Director/Deputy Director of the relevant business unit. If access is required by an Associate Director/Deputy Director access must be authorised by a relevant Director. During the course of an official investigation access to an account may be required by 3rd parties e.g. Law Enforcement agencies, court orders etc. Guidance is provided by NHS Digital in their policy - https://s3-eu-west-1.amazonaws.com/comms-mat/Comms-Archive/Access+to+Data+Policy+2017.pdf Prior to leaving the Trust, staff must ensure that they do not leave any patient identifiable information or commercially sensitive information in their NHSMail account. Likewise, staff migrating their NHSMail account into the Trust must ensure that they do not bring any patient identifiable information or commercially sensitive information from their previous NHS Trust. Staff must complete the declaration at Appendix C to confirm they are aware of this.

6.3.9 Unused/Obsolete Accounts

https://s3-eu-west-1.amazonaws.com/comms-mat/Comms-Archive/Access+to+Data+Policy+2017.pdf




Information held in email may be of vital importance to the organisation and its availability and integrity must be safeguarded. The possibility of important messages being directed to unused accounts and left unread may pose a risk to the organisation. All unused email accounts will be removed from the system. For staff moving to another NHS organisation, their account will be marked as a ‘Leaver’. The owner of the account must ask their new organisation to ‘join’ their NHSMail account within 30 days otherwise it will be deleted. Inactive accounts will be deleted 30 days after being identified. Inactive accounts are classed as those which have not been active for a period of 12 months.

6.3.10 Confidentiality Disclaimer All emails should contain a confidentiality disclaimer asking to be informed if the incorrect person receives the e-mail. This may be set up as an AutoSignature. A standard disclaimer is provided at Appendix B

7.0 TRAINING Training for using Internet Explorer and Microsoft Outlook is available through the Trust Workforce team.

8.0 DIVERSITY AND INCLUSION

The Trust is committed to ensuring that, as far as is reasonably practicable, the way we provide services to the public and the way we treat staff reflects their individual needs and does not unlawfully discriminate against individuals or groups on the grounds of any protected characteristic (Equality Act 2010). This policy aims to uphold the right of all staff to be treated fairly and consistently and adopts a human rights approach. This policy has been appropriately assessed.

9.0 MONITORING COMPLIANCE WITH THE POLICY

Standard / process / issue

Monitoring and audit

Method By Committee Frequency

Internet misuse

Check for excessive or inappropriate browsing via standard reports

Directory Security Team

Weekly

10.0 CONSULTATION AND REVIEW

Confidentiality & Data Protection Group Health Informatics Assurance Group


11.0 IMPLEMENTATION OF POLICY (INCLUDING RAISING AWARENESS)

This Policy will be published as per normal policies and circulated as per standard. This Policy will be available at all the Trust’s designated locations.

12.0 ASSOCIATED DOCUMENTATION

OP6 – IT and Information Security Policy OP50 Telecommunications Policy OP58 – Anti Virus Policy


APPENDIX A A.1 Request for Access to the Gateshead Trust Computer Network Request for Access to the Gateshead Trust Computer Network This form must be completed for all new staff by their Line Manager so that their user accounts and email accounts can be set up. Please return the form to the IT Department, Queen Elizabeth Hospital. All new staff must sign the Gateshead Health ‘User Code of Connection – Email and Internet Services’ prior to any computer usage. Please complete the following details for the USER, please print clearly. Name:

Department:

Location:

Start Date: (DD/MM/YYYY)

/ /

Other access required e.g. Shared network areas, shared mailboxes etc. - ***If access to shares is required please give full details of share name either in the format \\server\share or as “share on server (X:)“ where X is a drive letter. For help on identifying a share name please call the Service Desk.*** ................................................................................................................................ ................................................................................................................................ ................................................................................................................................ ................................................................................................................................ Authorised by Line Manager. Name:

Job Title:

Date:

/ /

Signature …………..………………………………………………………………..... All users must change their password when they first log onto the network. All Accounts will be set to enforce password changes every 60 days.


A.2 Email, Internet, Digital Systems and Services - User Code of Connection

Access to Gateshead Health NHS Foundation Trust Internet, email services, and all Digital Systems and

Services, is permitted only to those who accept this Code of Connection.

1 Introduction

All staff at Gateshead Health NHS Foundation Trust use one or more IT systems as part of their job. All

users of these systems must understand, and accept, the legal rules applying to use of NHS email, and all

our IT systems, including the Internet. Relevant legislation includes The Data Protection Act 2018, The

Computer Misuse Act 1990, Freedom of Information Act 2000, Regulation of Investigatory Powers Act

2000, The Sex Discrimination Act, The Race Relations Act, and the laws of libel.

2 Code of Connection

You must protect confidentiality

Much of the information stored and shared within healthcare is sensitive and confidential. You have a legal

duty to protect confidentiality and you must take care to prevent unauthorised access to your email and

other messages. You must keep your access passwords secret at all times. You must take care when

forwarding or replying to email to check that you do not pass on earlier messages in a string of emails

which contain information you do not intend to share. All trust emails and digital files can be subject to

legal disclosure under Freedom of Information and Data Protection laws. Trust emails and digital files can

be subjected to automated searching for specific key words as part of a legitimate request which has been

approved when necessary. Individuals may not necessarily be notified of any search being carried out. For

sensitive messages, senders should check with the intended recipient that the information will go directly

to the recipient and will not be passed to anyone else. Emails should contain a confidentiality notice asking

to be informed if the incorrect person receives an e-mail. This may be set up as an AutoSignature such as:

“This email, and files transmitted with it, is confidential and intended solely for the use of the individual or

entity to whom it is addressed. If you have received this email in error please destroy it and notify the

sender.”

You must use Digital Systems and Services in a reasonable manner, consistent with your role.

Internet and email services are provided for purposes related to your work, areas of legitimate research,

and for operational services. Personal use of email and internet should be kept to a minimum, and you

should obtain management consent for such usage. Use of email for personal messages is a privilege which

must not be abused. You must never send, view, or download illegal or inappropriate material from the

Internet or via email. (If in doubt seek advice from the IT Security Manager).

No personal material should be stored on Trust equipment, for example music files, holiday documents and

photographs.

You must use email in a professional manner.

Emails have the same legal standing as letters. An email using the NHS email address is similar to writing on

company headed notepaper. You must:

· take care to avoid inadvertently entering into contracts through email

· ensure you do not commit libel


· take care not to use language or graphics which may be construed as sexual harassment or an

offence under the Race Relations Act.

· take care not to breach copyright by “publication” of original material by forwarding to another

individual.

· ensure that your files and emails are stored on network storage in order to prevent loss.

You must use Internet Services in a professional manner.

When using Internet Services you must not:

· take part in personal commercial activity.

· undertake any form of share-dealing.

· take part in any gambling.

· take part in petitions, campaigns, politics or similar activity.

· access inappropriate material.

You must help to prevent spread of computer viruses.

Email is a common route of spreading of computer viruses. Computer viruses can be carried within any

attached documents or links to internet sites. Computer viruses can cause catastrophic failures within

hospitals, and across the NHS, with the potential to close down entire hospitals. The Trust IT security team

work to protect the hospital from viruses and to ensure that anti-virus software on individual computers

receives updates during restart cycles. Everyone using email must have up to date anti-virus software on

their computer and must keep their computer anti-virus software up to date by restarting the computer

every day.

In addition, you must protect PCs from unlicensed or unauthorised software, and you must not install any

software without approval.

Failure to Adhere to the Code may result in withdrawal of access, and disciplinary proceedings.

Breaches of security, abuse of services, or non-compliance with the Trust’s Information Security Policy or

the Code of Connection, may result in withdrawal of email and Internet services. Abuse of email services, or

non-compliance with the Code of Connection, will lead to invoking the Trust’s disciplinary procedures.

Users of the Trust IT systems, and email, must be aware of these security considerations, understand the implications of non-compliance, and must agree to abide by the terms of this Code of Connection and the Trust’s Internet, Intranet and E-mail Acceptable Use Policy.

The Trust reserves the right to monitor Internet access and emails sent or received by staff on Trust PCs, in order to ensure that the Code of Connection is not breached


USER ACCEPTANCE I confirm that my Line Manager has completed and signed a Request for Access form. I have read and understand the Email, Internet, Digital Systems and Services Code of Connection and agree to abide by both it and the Trust’s Internet, Intranet and E-mail Acceptable Use Policies *Please Print Clearly

Forename:

Surname:

Telephone/Bleep No:

Date: (DD/MM/YYYY)

/ /

Department/Directorate:

Have you previously worked at the Trust? If yes, which Department/Directorate:

Have you previously worked for the NHS at another Trust? If yes, which Trust/Organisation:

Do you have an existing NHSMail account? If yes, what is the email address:

User Signature: ……………………………………………………………………… Original to be sent to: IT Department Queen Elizabeth Hospital Gateshead NE9 6SX Copy to be retained by user


APPENDIX B - LEGAL DISCLAIMER

‘Unless expressly stated otherwise, the information contained in this e-mail and any files transmitted with it is confidential and is intended solely for the use of the individual or entity to whom it is addressed. If you are not the intended recipient you must not copy, distribute, or take any action or reliance upon it. If you have received this e-mail in error, please destroy it and notify the sender. Any unauthorised disclosure of the information contained in this e-mail is strictly prohibited.’


APPENDIX C - NHSMAIL DATA DECLARATION

Staff members who are coming into Gateshead Health NHS Foundation Trust from a different

Trust

Employees should note that it is their responsibility to ensure that they do not migrate any patient

identifiable information or commercially sensitive information from another NHS organisation

when transferring their NHS net account when commencing employment with Gateshead Health

NHS Foundation Trust. To do so, may constitute an Information Governance breach which may

require the Trust to notify the Information Commissioner. No organisational data should be left in

the NHS.net email account when staff are transferring to another NHS organisation.

Your Name:……………………………………………………………………………………………………………………………..

Your Dept:……………………………………………………………………………………………………………………………….

Signature:……………………………………………………………………………………………………………………………..

Date:……………………………………………………………………………………………………………………………….

Please return this sheet to Workforce Information when you have completed this form. Thank

you.

Internet, Intranet and Email Acceptable Use Policy 8.0 Derek … · 2019-09-30 · Internet,...

Documents

Transcript of Internet, Intranet and Email Acceptable Use Policy 8.0 Derek … · 2019-09-30 · Internet,...