GENERAL
This document is only applicable to employees of Blue Ring Digital Services Ltd.
"IT Framework Policy" refers to this IT Framework Policy.
"You", "Your", "Yours", "User", "Users" refers to You the User or employee of Blue Ring Digital Services Ltd.
"We", "Us", "Our", "Development Team", "Data Protection Officer", "Blue Ring Digital Services Ltd" refers to Blue Ring Digital Services Ltd.
"Our Network" refers to Our network of connected Devices which may or may not have global access and/or internet connectivity.
"Data", "Information" refers to all Data elements that are owned or licenced by Us or any Information processed by the Us on behalf of a third party.
"Information Systems" refers all Information systems owned, held, utilised or present on Our network and anyone making use of them.
"Device", "Devices" referes to any computer equipment used to access Our network or informations systems. This includes but is not limited to laptops, desktop PC's, tables, mobile telephones, printers, scanners, external storage and servers.
The headings in this IT Framework Policy are for convenience only and shall not affect their interpretation.
The masculine shall include the feminine and the neuter and the singular the plural and vice versa.
If any provision or part of any provision of this IT Framework Policy is found by a court or other competent authority to be void or unenforceable, such provision or part of a provision shall be deleted from this IT Framework Policy and the remaining provisions or parts of the provision shall continue to be in full force and effect.
We, at all times, to ensure consistent, high quality implementations and management of our IT resources, processes and practices. A comprehensive framework of well-defined policies, procedures and standards are required to facilitate and ensure this. The need for formal IT policies has been highlighted in risk management processes and internal control frameworks for the Blue Ring Digital Services Ltd. This IT Policy Framework is a key element in meeting and supporting these requirements.
In developing the IT policies, procedures and standards for Blue Ring Digital Services Ltd due regard and consideration has been given to the ISO 27000 series of standards which have been specifically reserved by ISO (International Standards Organisation) for Information security matters. It is not intended that Blue Ring Digital Services Ltd seeks to be compliant with all aspects of the relevant ISO Information security standards as this would not be appropriate in all instances. However, it is intended that we would aspire to implement policies, standards and procedures which are consistent with key aspects of the standards.
The Development Team
The Development Team provides guidance and direction for the day to day running of Our websites and social media presence. The Development Team implements policy, defines standards and agrees content for our web pages. The Development Team also have a key role in ensuring compliance with IT Policies and responding to breaches of the same. In terms of IT policies, the Development Team will:
Assess incidents/ policy breaches and action next steps;
- Escalate more serious issues where appropriate to the Senior Leadership Team;
- Manage any operational risk to Us, from breaches of approved IT policies.
External Hosting
The Development Team and Data Protection Officer are responsible for approving the hosting of corporate Data and Information off-premise and in third party Data centres, and is also tasked with advising and directing a response to any IT Policy Framework breach relating to Data or resources. In the event of a policy or Data breach the Development Team and Data Protection Officer will:
Assess incidents/ policy breaches and to agree the next steps;
- Escalate more serious issues where appropriate;
- Manage any operational risk to Blue Ring Digital Services Ltd, from breaches of approved policies;
- Advise Data owners on appropriate hosting options and controls.
IT Policy Breach
The Development Team and Data Protection Officer will meet in response to a breach in any IT policy that has been escalated or the External Hosting and decide if Our Business Continuity Plan needs to be invoked. Other relevant stakeholders will be invited to any meetings called by this team based on the details of any IT policy breach. This team will act as an escalation point for serious incidents or breaches of policy relating to User generated or corporate Data and resources, examples of these include:
Incidents that may result in disciplinary action;
- Incidents that may result in the invocation of the Our Business Continuity Plan;
- Incidents that may result in a legal action;
- Incidents that may warrant a communication plan for internal or external stakeholders.
Compliance
All employees and authorised Users are expected to adhere to all IT Policies.
Policy Text
The following IT policies have been developed to facilitate and ensure consistent, high quality implementations and management of Our IT resources and Information.
Acceptable Usage Policy
The purpose of the Acceptable use policy is to provide all Users of Our IT resources with clear guidance on the acceptable, safe and legal way in which they can use Our IT resources. Providing an efficient and reliable computing and networking service, as well as access to communications Devices, depends on the cooperation of all Users. It is therefore important that Users are aware of their responsibilities as detailed in the Acceptable use policy.
IT Security Policy
The purpose of this IT Security Policy is to protect our information assets from all threats, internal, external, deliberate or accidental. The policy is aimed at safeguarding the availability, confidentiality and integrity of Our Information and protect the IT assets and services against unauthorised access, intrusion, disruption or other damage. The policy has been written to provide a mechanism to establish procedures to protect against security threats, minimise the impact of security incidents and ensure compliance with applicable legislation and regulations.
Web and Social Media Policy
We recognises that the internet provides unique opportunities to participate in interactive discussions and to share Information on topics of interest via a wide variety of social media platforms, such as Facebook, Twitter and YouTube. However, as the content of such media is largely user-generated, this poses a unique set of legal and reputational risks for Blue Ring Digital Services Ltd.
The purpose of the Web and Social Media Policy is to inform Users what We deems to be acceptable use of these platforms; and to offer Users a level of protection from any misuse of this medium.
Data Policies
Our Information Systems are of important value to Us. The following policies provide clear guidance on the acceptable, safe and legal way in which Users should use and manage Our Information systems:
Monitoring
Network Usage
Our network usage is logged using multiple IT tools to protect Our IT resources and provide forensic methods for problem solving. Logging can come from various sources including but not limited to:
- server system auditing;
- network security monitoring;
- firewall intrusion detection;
- web and network activity.
The Development Team will monitor and investigate these logs in the following circumstances:
- there is reason to suspect that an IT policy is being breached;
- bandwidth trouble shooting;
- problem solving;
- We have other legitimate reasons for doing so.
You must therefore be aware that such logging and monitoring is taking place and the Data being logged may be used if requested by an authorised officer of Blue Ring Digital Services Ltd or the appropriate legal authority.
Data
Data in the Our systems (including documents, other electronic files, e-mail and recorded voicemail messages) is normally considered the property of Blue Ring Digital Services Ltd, except where this Data is received from an external source in the course of business and therefore may be the property of the sender. We may inspect and monitor such Data at any time in the following circumstances:
- there is reason to suspect that an IT policy is being breached;
- for the purposes of backup and problem solving;
- there are other legitimate reasons for doing so;
- it is required to do so by law.
Therefore, no individual should have any expectation of privacy for messages or other Data recorded in Our systems. This includes documents or messages marked “private”, which may be inaccessible to most Users. Likewise, the deletion of a document or message may not prevent Us from subsequently accessing the item in question.
The email account of a User, and any Information contained in it including content, headers, directories and email system logs, remains the property of Blue Ring Digital Services Ltd. In general, We will respect the privacy of users email account. However, We reserve the right to review, audit, intercept, access and disclose messages created, received or sent in the following circumstances:
- where there is reason to suspect that an IT policy is being breached;
- for the purposes of back-up and/ or problem-solving or where there are other legitimate reasons for doing so;
- when the We are required to do so by law;
- where, without access to the Information in the account, the operations or functions of Blue Ring Digital Services Ltd are likely to be seriously obstructed or impeded or where there could be serious safety or financial implications;
- where the account holder is no longer an employee;
- when an e-mail message is undeliverable (this is normally due to an incorrect address in which case the e-mail is redirected to the e-mail administrator who has to either open or redirect it accordingly or discard it).
Email traffic is monitored by the Development Team to ensure efficient system performance and, when necessary, to locate problems/ bottlenecks. Monitoring for this purpose may require an examination of the contents of messages.
Internet Usage and Social Media
Internet usage is monitored on a systematic basis by Us in the following circumstances:
- where there is reason to suspect that an IT policy is being breached;
- for the purpose of back-up and/ or problem solving;
- where there are other legitimate reasons for doing so;
- when it is required to do so by law.
Arising out of the need to protect Our network, We cannot guarantee the confidentiality of Information stored on any network Device belonging to Us.All Users should be aware that We monitor the internet and social media on an ongoing basis to keep abreast of matters of general interest, brand presence and third party perception.
We do not specifically monitor social media and other sites of Our Users for content, but reserve the right to utilise for disciplinary purposes any Information that could have a negative effect on Blue Ring Digital Services Ltd, which comes to Our attention.
Access by or Disclosure to a Third Party of Information in a Users Files or Email Account
While We retain the right to monitor, read or disclose the Information in a Users files or email account without the User's consent, the need to do so should arise only in exceptional circumstances. The circumstances in question would include the following:
- where there is reasonable evidence that there is or has been a violation of the Acceptable use policy.
- when required to do so by law;
- where, without access to the Information in the account, the operations or functions of Blue Ring Digital Services Ltd are likely to be seriously obstructed or impeded or where there could be serious safety or financial implications.
- where the account holder is no longer a employee.
Any request to the Development Team to disclose, or to provide access to, a third party to Information in a Users files or email account must be in accordance with our Privacy Statement.
Relevant Statutes
Statutes relating to the use of computers and networking:
- Criminal Damage Act, 1991 (particularly Section 5) ;
- Data Protection Act, 1988;
- Child Trafficking and Pornography Act, 1998;
- Copyright and Related Rights Act, 2000;
- Health and Safety Act (1989);
- Intellectual Property Miscellaneous Provisions Act (1998).
Breach of Policy
We operate a strict “notice and takedown” procedure. Users are encouraged to be vigilant and to report any suspected violations of this IT Policy Framework immediately. On receipt of notice (or where We otherwise become aware) of any suspected breach of this IT Policy Framework, We reserve the following rights:
- to remove, or require the removal of, any content which is deemed by Us to be in breach or potentially in breach of this IT Policy Framework;
- to disable any User and their access to Our IT resources.
If any breach of this IT Policy Framework is observed, then (in addition to the above) disciplinary action up to and including dismissal in the case of an employee, contract termination in the case of third parties and de-authorisation of Users may be taken in accordance with Our disciplinary procedures.
Changes to Our IT Policy Framework
This IT Policy Framework replace all previous versions. We reserve the right to change this IT Policy Framework at any time.