SCRAPPIES INFORMATION TECHNOLOGY POLICY

Introduction

This section provides the policies and procedures for selection and use of IT within Scrappies. It also provides guidelines Scrappies will use to administer these policies, with the correct procedure to follow.

Scrappies will keep all IT policies current and relevant. Therefore, from time to time it will be necessary to modify and amend some sections of the policies and procedures, or to add new procedures.

These policies and procedures apply to all employees and volunteers.

Technology Hardware Purchasing Policy

Computer hardware refers to the physical parts of a computer and related devices. Internal hardware devices include motherboards, hard drives, and RAM. External hardware devices include monitors, keyboards, mice, printers, and scanners.

The purchase of hardware for Scrappies must be appropriate, give value for money and, where applicable, integrate with other technology for the charity. The objective of this policy is to ensure that there is minimum diversity of hardware within Scrappies.

Purchasing computer systems:

  • Computer systems may not be purchased or installed without the prior consent of the management committee.
  • The desktop computer systems purchased must run Windows 10, at least, and integrate with existing hardware, such as printers, scanners, etc.
  • The purchase of portable computer systems (such as laptops, notebooks, ipads, etc.) is not recommended, unless an employee or volunteer needs to work away from the office, since this offers an increased risk to protected data and of theft.  If a need for a portable computer is demonstrated to the satisfaction of the management committee, the machine purchased must be compatible with existing hardware.

Purchasing computer peripherals:

  • Computer system peripherals can only be purchased where they are not included in any hardware purchase or are considered to be an additional requirement to existing peripherals.
  • Computer peripherals purchased must be compatible with all other computer hardware and software at Scrappies.
  • The purchase of computer peripherals can only be authorised by the management committee.

Policy for use of Technology Hardware

IT hardware must be treated with care and used only in accordance with the proper operating instructions:

  • Any apparent fault with hardware should be reported promptly.
  • Equipment must not be used if there is reason to believe that it may not be in safe working order.
  • Staff/Volunteers must not by any deliberate or careless act or omission jeopardise or seek to jeopardise the integrity of any IT equipment, and/or its software and/or any information stored within it and/or accessed through it.
  • Users must not access and/or attempt to access any IT equipment, software and/or data which they are not properly authorised to access. In particular, the confidentiality of data belonging to other members of the organisation must be respected.
  • Staff and volunteers must take all necessary steps to protect and maintain the security of any equipment, software, data, storage area and/or passwords allocated for their use.
  • Users must comply with all their legal obligations affecting their use of IT facilities, including Contempt of Court, Copyright, Defamation, Computer Misuse Act, Data Protection Act, Official Secrets Act, Obscene Publications Act, Protection of Children Act and Equality Act 2010.
  • The use of any of Scrappies equipment for storage and/or transmission of materials which the management committee considers to be obscene and/or offensive is strictly prohibited. Furthermore, Scrappies technology facilities must not be used to download pornographic, obscene, excessively violent and/or offensive materials from the Internet.

Policy for Acquiring Software  

This policy provides guidelines for the purchase of software for Scrappies to ensure that all software used by Scrappies is appropriate, value for money and where applicable integrates with other technology for Scrappies. This policy applies to software obtained as part of a hardware bundle, pre-loaded software, separately purchased software or downloaded freeware and open source software.

Request for and purchase of Software:

  • All software, including non-commercial software such as open source, freeware, etc. must be approved by the management committee prior to the use or download of such software.
  • The purchase of all commercial software (eg. Office programs) must be approved by the management committee.
  • All purchased software must be purchased from reputable software sellers.
  • All purchases of software must be compatible with Scrappies’ hardware and operating systems.
  • Any changes from the above requirements must be authorised by the management committee.

Open source or freeware software can be obtained without payment and usually downloaded directly from the internet:

  • In the event that open source or freeware software is required, approval from the management committee must be obtained prior to the download or use of such software.
  • Open source and freeware must be downloaded from reputable sites only.  If there is any doubt consult first!
  • All open source or freeware must be compatible with Scrappies’ hardware and software systems.
  • Any change from the above requirements must be authorised by the management committee

Policy for Use of Software

This policy provides guidelines for the use of software for all employees and staff within Scrappies to ensure that all software use is appropriate. Under this policy, the use of all open source and freeware software will be conducted under the same procedures outlined for commercial software.

Software Licensing:

  • All computer software copyrights and terms of all software licences will be followed by all Scrappies employees and volunteers.
  • Where licensing states limited usage (i.e. number of computers or users etc.), then it is the responsibility of the management committee to ensure these terms are followed.
  • The management committee is responsible for completing a software audit of all hardware twice a year to ensure that software copyrights and licence agreements are adhered to.

Software Installation:

  • All software must be appropriately registered with the supplier where this is a requirement.
  • Scrappies is to be the registered owner of all software.
  • Only software obtained in accordance with the software policy is to be installed on Scrappies’ computers.
  • All software installation is to be carried out by the management committee or its agent.
  • A software upgrade shall not be installed on a computer that does not already have a copy of the original version of the software loaded on it.

Software Usage:

  • Users must take all reasonable steps to exclude and avoid the spread of malicious software, e.g. viruses, and must co-operate fully with all measures instituted by the management committee to prevent the spread of such software.
  • Only software purchased in accordance with the software policy is to be used within Scrappies.
  • Prior to the use of any software, the user must receive instructions on any licensing agreements relating to the software, including any restrictions on use of the software.
  • All staff and volunteers who will use the new software should receive training. New employee/volunteers also should be trained to use existing software appropriately. This will be the responsibility of the management committee
  • Employees and volunteers are prohibited from bringing software from home and loading it onto Scrappies’ computer hardware.
  • Unless express approval from the management committee is obtained, software cannot be taken home and loaded on an employee’s or volunteer’s home computer.
  • Where an employee or volunteer is required to use software at home, an evaluation of providing the employee with a portable computer may be undertaken. However, if it is found that software can be used on the employee’s home computer, authorisation from the management committee is required to purchase separate software if licensing or copyright restrictions apply. Where software is purchased in this circumstance, it remains the property of Scrappies and must be recorded as such by the management committee
  • Unauthorised software is prohibited from being used at Scrappies. This includes the use of software owned by a volunteer or member of staff and used within Scrappies.
  • The unauthorised duplicating, acquiring or use of software copies is prohibited. Any employee or volunteer who makes, acquires, or uses unauthorised copies of software will be referred to the management committee for appropriate action. The illegal duplication of software or other copyrighted works is not condoned within this business and the management committee is authorised to undertake disciplinary action where such an event occurs.

Breach of Policy:

  • Where there is a breach of this policy by an employee or volunteer, that person will be referred to the management committee which will determine the appropriate action.
  • Where an employee or volunteer is aware of a breach of the use of software in accordance with this policy, they are obliged to notify the management committee immediately. In the event that the breach is not reported and it is determined that someone failed to report the breach, then that person will be referred to the management committee for appropriate action

Bring Your Own Device Policy:

At Scrappies we acknowledge the importance of mobile technologies in improving business communication and productivity. In addition to the increased use of mobile devices, staff members may wish to connect their own mobile devices to Scrappies’ network and equipment. We encourage you to read this document in full and to act upon the recommendations. This policy should be read and carried out by all staff and volunteers.

This policy provides guidelines for the use of personally owned notebooks, smart phones, tablets etc. for business purposes. All staff and volunteers who use or access Scrappies’ technology, equipment and/or services are bound by the conditions of this Policy.

Each employee who utilises personal mobile devices agrees:

  • Not to download or transfer business or personal sensitive information to the device without the express permission of the management committee. Sensitive information includes member information, staff and volunteer personal data, etc.
  • Not to use the device as the sole repository for Scrappies’ information. All business information stored on mobile devices should be backed up.
  • To make every reasonable effort to ensure that Scrappies’ information is not compromised through the use of mobile equipment in a public place. Screens displaying sensitive or critical information should not be seen by unauthorised persons and all devices should be password protected
  • Not to share the device with other individuals to protect Scrappies data access through the device
  • To abide by Scrappies’ internet policy for appropriate use and access of internet sites etc.
  • To notify Scrappies immediately in the event of loss or theft of the device.
  • Not to connect USB memory sticks or other external storage devices from an untrusted or unknown source to Scrappies’ equipment.

Keeping mobile devices secure – the following must be observed when handling mobile computing devices (such as notebooks and iPads):

  • Mobile computer devices must never be left unattended in a public place, or in an unlocked house, or in a motor vehicle, even if it is locked. Wherever possible they should be kept on the person or securely locked away
  • Cable locking devices should also be considered for use with laptop computers in public places, e.g. in a seminar or conference, even when the laptop is attended
  • Mobile devices should be carried as hand luggage when travelling by aircraft.

Any breach of this policy will be referred to the management committee who will review the breach and determine adequate consequences.

Indemnity:

Scrappies bears no responsibility whatsoever for any legal action threatened or started due to conduct and activities of staff and volunteers in accessing or using these resources or facilities. All staff and volunteers indemnify Scrappies against any and all damages, costs and expenses suffered by Scrappies arising out of any unlawful or improper conduct and activity, and in respect of any action, settlement or compromise, or any statutory infringement. Legal prosecution following a breach of these conditions may result independently from any action by Scrappies.

Information Technology Security Policy

This policy provides guidelines for the protection and use of information technology assets and resources within Scrappies to ensure integrity, confidentiality and availability of data and assets.

Physical Security:

It is the responsibility of all staff and volunteers to maintain the security of IT assets, including computers and peripherals.

Information Security:

  • All relevant data should be backed-up, especially Scrappies Members Database, administration documents, graphics and photographs.
  • It is the responsibility of the management committee to ensure that data back-ups are conducted, at least weekly, and the backed up data is kept off site or on the cloud.
  • All technology that has internet access must have anti-virus software installed. It is the responsibility of the management committee to install all anti-virus software and ensure that this software remains up to date on all technology used by Scrappies.
  • All information used within Scrappies is to adhere to the privacy laws and Scrappies’ confidentiality requirements. Any employee or volunteer breaching this will be dealt with appropriately by the management committee.

Technology Access:

  • Every employee or volunteer who is required to access Scrappies technology will be issued with a unique identification code and will be required to set a password for access.  Passwords must not be shared.
  • Limited and legal personal use of Scrappies’ computers is allowed during working hours providing there are no other demands on the technology.

Website Policy

Website Register – the website register must record the following details:

  • List of domain names registered to Scrappies
  • Dates of renewal for domain names
  • List of hosting service providers
  • Expiry dates of hosting
  • Passwords for accessing the host site and the web site

Keeping the register up to date will be the responsibility of the web master.

  • The management committee will be responsible for any renewal of items listed in the register.
  • All content on Scrappies website is to be accurate, appropriate and current. This will be the responsibility of the web master.
  • All content on the website must be relevant to the charity. Basic branding guidelines must be followed on the website to ensure a consistent and cohesive image for Scrappies.
  • The content of the website is to be reviewed frequently.
  • The following persons are authorised to make changes to Scrappies website:
    • The web master
    • Scrappies Secretary
  • All data collected from the website is to adhere to Data protection and Privacy laws.

Emergency Management of Information Technology

IT Hardware Failure:

  • Where there is failure of any of Scrappies’s hardware, this must be referred to the management committee immediately.
  • It is the responsibility of the management committee to take appropriate action in the event of IT hardware failure.

Virus or other security breach:

  • In the event that Scrappies’s information technology is compromised by software virus or other malicious attack such breaches are to be reported to the management committee immediately.
  • The management committee is responsible for ensuring that any security breach is dealt with within as quickly as possible to minimise disruption to business operations.

Website Disruption

  • In the event that the business website is disrupted, the web master must be informed immediately. 
  • The web master will initiate an appropriate response, which may include notifying the web host and the management committee.