6.1. LGSCO equipment 

•  Only LGSCO equipment will be used to store confidential information. (This also includes any cloud-based or Software-as-a-service (Saas) equipment used by LGSCO. Where a cloud or Saas is deployed, it will be subject to meeting prevailing standards and policies.)
• All LGSCO equipment remains the property of the LGSCO and will be returned on request and when contractual obligations end.
• Unless scanned first and authorised by the IT Manager, the equipment of third parties (for example that of trainers and suppliers) will not be attached to our equipment.

6.2. Access and passwords

No staff or contractors will be given access to our systems until they have confirmed understanding and adherence to the provisions of this policy and the objectives which underlie it. Staff will periodically be required to reconfirm understanding and adherence.

All computer systems and databases storing confidential information will be password controlled to prevent unauthorised access. 

No staff or contractors will be given access to our systems until they have confirmed understanding and adherence to the provisions of this policy and the objectives which underlie it. Staff will periodically be required to reconfirm understanding and adherence.

All computer systems and databases storing confidential information will be password controlled to prevent unauthorised access.

• Network passwords must be at least 12 characters long and include one number and one special character. (For more information, see ‘passwords’ in the IT user handbook.) 
• The IT team will only set up logon (user) accounts on notification of a new starter by HR.
• HR system (Cascade) passwords are set to expire after one year and must be eight characters and use upper, lower case + numbers + special characters.
• Line managers will inform HR of leavers (including agency workers) immediately. The HR Assistant will notify the IT Manager so the user account can be disabled within 24 hours.
• The IT Team will regularly review user accounts to lock or remove redundant accounts and ensure permissions are not excessive. 
• Passwords, logon accounts, IDs, swipe cards etc will not be shared, or stored so that they can easily be linked to the computer or other equipment. 
• Appropriate access to systems is determined by roles. This applies to systems for Finance, IT or HR and also to shared data on the K: drive. Each K: drive folder has an owner who is responsible for ensuring only the appropriate staff have access. Access is granted or revoked by IT via the Operational Support Service Desk.

6.3. Software and Apps

Use of unlicensed software or inappropriate software sharing (including music) breaches copyright legislation and may be subject to disciplinary action, and further civil or criminal penalties. In particular, users will not:

• Pass on LGSCO software to third parties. 
• Copy LGSCO software. 
• Attempt to alter the software source code. 

Without authorisation from the IT Team, users will not store personal photographs or music on LGSCO IT equipment (but may load a photograph as wallpaper without explicit consent). 

The only apps allowed on work devices are those required for work purposes. Where this includes a messaging app (such as WhatsApp), these must not contain casework information or any personal data. The content of any apps used must be appropriate and not likely to bring the organisation into disrepute. 

6.4. Personal IT Devices

Staff must not use their own personal IT devices to store or discuss any LGSCO business information. This includes personal emails, WhatsApp or similar ‘chat apps’. Although the devices are their personal possessions by law any casework related information on them must be disclosed if there is a data request.