Computers, E-Mail and Internet Use Policy & Procedures

COMPUTERS, E-MAILAND INTERNET USE POLICY & PROCEDURES

This document sets out the Policy and Procedures in respect of the use and operation of computers, e-mail and the Internet by staff employed by the Royal Air Force Museum and Royal Air Force Museum Enterprises Ltd., collectively referred to as the ‘Museum’. The term staff includes paid and un-paid, volunteers and those on any form of secondment or attachment to the Museum.

1.PROTECTION OF THE COMPUTER SYSTEM

1.1Compliance. Every member of staff has a personal responsibility to prevent theft, damage or misuse of Museum owned or operated computer equipment, IT resources, data sources and information contained therein. All staff are required to comply with this Policy document, its annexes, and other instructions or guidance that may be issued from time to time. Failure to do so may lead to disciplinary action and in cases of gross misconduct, this could result in dismissal.

1.2Passwords. Passwords will be used to prevent unauthorised access to workstations. Passwords uniquely identify each user, and allow access to the Museum network. For the protection of individuals and the Museum, passwords must be kept secure and secret. They must not be shared with anyone else. Individual users are responsible for ensuring that passwords are changed at least every six months, or immediately if it is suspected that security has been compromised. This can be done in collaboration with the IT Support Manager. Line Managers are responsible for checking that their staff regularly change passwords. See also paragraph 1.5.

1.3Viruses. These are designed to cause loss, disruption or alteration to computer data and, in extreme cases, can completely disable an IT system. All staff need to be alert to the danger of virus infection that might arise from accepting documents or attachments to e-mail from external sources – particularly unsolicited e-mail and software downloaded from the Internet. This principle also applies to any program or software which is suspicious, of dubious origin or produces unexpected outcomes or appearances. Staff must immediately report any incidents, actual or suspected of computer virus infections to the IT Support Manager and immediately cease using their workstations until clearance has been given. The IT Support Manager is able to provide advice and technical support when users believe that such action is necessary before introducing data etc to Museum IT systems.

1.4Unauthorised Software. The installation of software, including screensavers and applets by staff on any part of the Museum’s IT system (whether stand-alone or networked) is only allowed with the prior written authority of the IT Support Manager, who will ensure that it is necessary, compatible with existing systems and does not breach licensing agreements. It is forbidden to introduce onto Museum owned and operated equipment any form of device, data (whether via computer disks, other data storage device), or any device, programs or software not procured through the IT Department without first having them approved and checked by the IT Support Manager for viruses (see paragraph 1.3).

1.5Security. Users must log-off and switch off their workstations before leaving site. Similarly, users must log-off when they leave their workstations unattended and unsupervised for other than short periods of time. E.g., workstations should be logged-off when users leave offices at lunchtimes.

1.5.1Confidential information contained in electronic form such as Word documents etc may be protected against theft or unauthorised access by file password protection. Records of all file passwords must be kept in a separate secure location. Such passwords are not like network passwords, and files cannot easily be recovered if passwords are mislaid, etc. Line Managers are authorised to hold signed and sealed copies of passwords of their staff in a secure location. Such locations must be selected on the basis that access may be urgently needed when a user or their line manager is not immediately available.

1.5.2All files, data and software stored on any part of the Museum’s IT system are Museum property. This extends to any media that contains Museum information. Staff must not download, change or permanently delete, software, programs or Museum information (whether current or archived material) howsoever stored, without prior authority of the IT Support Manager. This does not preclude the efficient file and data storage space management by the deletion of files by users when data created by them or e-mail traffic sent to users is no longer needed.

1.6Back-ups. The Museum network is routinely backed-up. Users storing data elsewhere, e.g. on workstation internal hard drives, must ensure that a back-up regime is in place and it is tested from time to time. See paragraph 1.11.

1.7Personal Digital Assistants/Palmtops. The Museum recognises the convenience of Personal Digital Assistants (PDAs) which as personal property are used by some members of staff. When properly pre-authorised in writing by the IT Support Manager it is permissible to connect these devices to Museum equipment for the purpose of exchange calendar and contact information with Museum e-mail / scheduling programs. Individuals must take steps to ensure that PDA viruses are not introduced to the system, or to other palm computers. The IT Support Manager will keep a record of such authorisations.

1.8.Personal Music Players, Downloaded Music and Streamed Audio. Personal music players such as the Apple iPod may be connected to the Museum’s systems in much the same way as PDAs and Palmtops. However, the downloading and storing of music on the museum’s computer equipment is not permitted. You should not use the Museum’s network to download music under any circumstances because the legal status of the music cannot be properly established. You should also not upload music from commercial CDs for any reason unless the necessary permission has been given by the copyright holder.

The use of the Internet for listening to Streaming Audio is permitted, provided that you have the approval of your Line Manager, and it does not disturb other people who work near you. The free “RealAudio Player” can be be obtained through the IT Department.

1.8.1Just as for any other software, you should not download or install software e.g. Napster, for downloading music.

Music Players can be used for playback using external speakers, or through your computer’s internal speakers. If the player uses software which is part of the Operating System – Apple iTunes or Windows Media Player – then there is no reason why these should not be used.

1.9Museum Laptops. A limited number of laptops are available for members of staff to borrow and use when they have an essential need to work off-site. These are marked with Museum asset numbers.

1.9.1Staff must seek approval from their Line Manager to borrow a laptop, and arrange for the laptop to be issued by the IT Support Manager, who will require an e-mail (or other written) notification detailing the machine required, where it will be used and the period it will be off site. When returning the laptop, staff must ensure that none of their files have been left on the hard drive. If appropriate, arrangements must be made to transfer such files to the Museum’s networked data storage system.

1.9.2When a member of staff takes a laptop off-site, the security of that laptop becomes their responsibility. The user must make sure that the laptop is not left unattended in view. When transporting it around, it must be in a bag and out of sight. If it is left in a vehicle, it must be locked in the boot or covered luggage area and out of view. Laptops must be returned to the IT Support Manager, or if unavailable, given to the Control Room for safe keeping.

1.9.3The Museum has insurance cover for a limited number of laptops and IT equipment used off-site. Such cover is restricted and excludes items left unattended and in view. Uninsured losses may be recovered from staff when there has been a breach of this Policy.

1.9Technical Support. Museum Staff are not able to support any equipment which is not the responsibility of the Museum, e.g. personal property.

1.10Museum Software. The transfer, installation, changing, copying or borrowing of any Museum owned software for use on a non-Museum computer is forbidden. Such action is likely to contravene the Copyright Laws and so be treated extremely seriously by the Courts. It could also constitute gross misconduct and result in dismissal.

1.11Files & Folders. As a routine, users must store all work on the Museum’s main server, thus providing automatic back up if a local workstation fails. For additional resilience, additional copies may be stored on the internal hard drives of users’ workstations. Data should be stored on files and folders in a systematic way that makes it easy to find information. Files should not be kept longer than necessary. It is good practice to review periodically all files and delete those which are no longer required, thus saving space. See also paragraph 1.5.2.

1.12Programs. The master discs for all programs will be stored by the IT Support Manager in secure conditions and checked against an inventory list as part of the Internal Audit process.

2.E-MAIL & INTERNET

2.1Authorised Use. The Museum’s e-mail and the Internet access facilities are provided for Museum business. Occasional and reasonable personal use is permitted provided that this does not interfere with the performance of Museum work. Any personal e-mail sent internally or externally must be preceded with the Header “Personal E-Mail” in the Subject Field before any subject. E-mails are can be used in evidence in legal proceedings. Under certain conditions, individuals and external agencies can apply for e-mails traffic records to be searched and disclosed to authorised parties. Separate ‘Conditions Of Use For Access To The Internet From Museum Equipment’ are at Annex A.

2.2Appropriate Use. Staff are encouraged to use e-mail as a method of written communication within and between the Museum’s sites and with third parties as appropriate. The Museum has a strict legal liability for any e-mail and other electronic communication sent using its computers and equipment. Carelessly worded messages can easily be misconstrued and are able to be forwarded to others outside the control of the Museum. Therefore, staff need to consider carefully on each occasion not only the content of the message but also whether e-mail is the appropriate form of communication. In all cases, care needs to be taken over the content of the e-mail and thought given to ensure that all addressees need to be included in the circulation list. Sending e-mail needlessly to other people not only wastes their time, but can overload the system and cause delay. Some staff allow, as a routine, other staff access to their e-mail traffic. E-mail should not be used to communicate sensitive or confidential issues.

2.3Unauthorised Use.Staff will be held personally responsible for any legal action brought against the Museum as a result of their unauthorised or inappropriate use of e-mail or the Internet. Such use may expose both the member of staff personally, and the Museum, to criminal or civil liability and so may constitute gross misconduct which could result in dismissal.

2.4Disclaimer. All e-mails sent outside the Museum must contain a final disclaimer paragraph in the following terms:

• Confidentiality: This e-mail and its attachments are intended for the above named only and may be confidential. If they have come to you in error you must take no action based on them, nor must you copy or show them to anyone; please reply to this e-mail and highlight the error.
• Security Warning: Please note that this e-mail has been created in the knowledge that Internet e-mail is not a 100% secure communications medium. You should remember this lack of security when e-mailing us.
• Viruses: Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should take steps to confirm that they are actually virus free.

It is the responsibility of each user to place these disclaimers on all their external e-mail. Advice is available from the IT Support Manager.

2.5 Prohibited Material. It is a criminal offence to publish or distribute indecent, defamatory, hateful or offensive material. This includes, amongst other things, possessing, showing or distributing indecent photographs or pseudo-photographs of children. Staff must not download view, introduce or send any such material using the Museum’s IT system or equipment. Inadvertent receipt of such prohibited material is to be reported to the IT Support Manager, or in his absence a member of the Senior Management Team.

2.6Discrimination and Harassment. Individually or collectively, words and pictures produced on e-mail or the Internet are capable of being defamatory if they are untrue, ridicule the person and as a result, damage that person’s reputation. Therefore, no such information or statements may be introduced onto the Museum’s IT systems or the Internet via the Museum’s IT systems or equipment. The Museum will not tolerate discrimination or harassment in any form whatsoever. This principle extends to any information distributed on the Museum’s IT systems via e-mail or the Internet. It is forbidden to download, view, introduce or send via the Museum’s IT system or equipment any material which discriminates or encourages discrimination or harassment on racial or ethnic grounds or on grounds of gender, sexual orientation, marital status, age, ethnic origin, colour, nationality, religion or disability. Such action would be against the Museum’s Equal Opportunities Policy and may constitute gross misconduct which could result in dismissal.

2.7E-Mail – Good Practices

• Check e-mail regularly
• Be suspicious of unusual e-mail messages, particularly those with attachments, even if they appear to be from reliable sources – whatever their origin.
• Reply promptly to messages requiring a reply.
• Before sending check if the message, is really necessary and if everyone on the distribution list needs to see it.
• If in doubt as to the authenticity of e-mail or virus status of any message or attachment check with IT Support Manager before opening.
• Delete any messages which are no longer required.
• Use folders to store and subsequently find stored messages.
• Print and file copies of messages that need to be retained for audit or form part of matters dealt with on Museum official correspondence files.

2.8All external e-mail traffic must be sent to and from the Museum via the Network System, which is Microsoft Outlook and Microsoft Exchange Server. Where internet access can be reached outside the Museum, “Outlook Web Access” is provided for Museum staff using the address . This can be used for Museum communications in the same way as Outlook on your Museum computer. Users of this facility are advised to guard their password especially carefully when using “public” computers, and report any problems to the IT Manager as soon as possible.

2.9Signature Block. All messages must include a signature block using the Museum’s standard format. An example of the Museum’s signature format is:

Name

Job Title

RoyalAirForceMuseum

T: 020 8358 XXX

The font that should be used is Arial, 10pt. The software allows you to store this ‘signature’ information to save time. If your job role covers all sites, then in the third line you should just use Royalair ForceMuseum rather than specifyingLondon, Cosford or Stafford.

3.MONITORING

3.1Monitoring of E-Mail and Internet Access. For business purpose and to ensure compliance with legislation and this Policy, all e-mail and internet traffic records, official or private, are stored. The Director General, members of the Senior Management Team, and other nominated staff, may inspect and read any e-mail (including personal e-mail) at any time without reference or notice to senders/receivers. Monitoring will be targeted and only used when such action is essential for business purposes. Individual messages will only be accessed when it is clear that the business purpose for which monitoring is undertaken makes this necessary.

4.INTERNET ACCESS

4.1Conditions of Use for Access to the Internet from Museum Computers or equipment are set out in ‘Annex A’.

4.2Authority. The Museum reserves the right to restrict Internet access to only those members of staff authorised, in writing, by a Divisional Director or, in respect of staff of Royal Air Force Museum Enterprises Ltd., an officer of the Company. All Internet use will be monitored (see paragraph 3.1) and staff will be required to sign a “Conditions of Use Agreement” before being allowed access rights from these terminals.

4.3File Transfer. Whilst the Museum’s firewall and Anti-Virus software will normally check all incoming traffic, users must contact the IT Support Manager in any case of suspected virus contamination.

4.4Inappropriate Material. The contents of paragraphs 2.4 – 2.6 above apply equally to all Internet access.