HR director, Scottish Water
Before people use the internet they have to register with their line manager and as long as they do that they will ordinarily be OK. The general agreement is that if you are going to use the system you have to abide by our rules, and we make sure that everyone who uses the internet has a copy of our policy, which is very clear about instances of abuse and how it is managed and treated.
There’s also a warning that comes up when you switch on the machine, saying that Scottish Water has a policy for the use of its IT systems – not just the internet. You are told that by going beyond that screen you are automatically accepting the rules and that if you do anything that we think is wrong, we have the right to investigate.
There is no ambiguity, and one of the strengths of our system is the repeated reminder – it’s probably the most powerful part of the system.
But if you’re not abusing the system you have nothing to worry about.
We have had a small number of cases where there has been abuse and these have been treated robustly by us, but mainly people are sensible about what they do.
While we realise the need to have an internet policy we also realise that people may need to use it for e-mail or homeworking. It comes down to reasonableness at the end of the day. If we find someone is e-mailing pals in Hong Kong all day we would have a problem. But if someone is working to 8pm and books a holiday online then there’s no problem. You can’t allow people to connect to anything they want for the security of the IT system itself.
Head of Great Company, Microsoft
Our employees are expected to use their own judgment and common sense at all times, so when they use company-provided IT and its contents we expect them to do it in an ethically correct and professional manner.
Employees are allowed to use Microsoft’s IT systems to send and receive occasional personal communications. They’re also allowed to prepare and store incidental personal data like calendars, address lists and similar personal data that they might want close to hand.
The main thing we ask is that all of this is stored in a reasonable manner and does not interfere with the individual’s work duties. Obviously, it also can’t be used for monetary gain, conflict with Microsoft’s business interests, or otherwise violate any company policy. We also have a stringent set of rules stating what people are allowed to access on the internet.
Microsoft does not allow its staff to come into any form of contact with material that is pornographic, obscene, sexually explicit, abusive, harassing, or otherwise offensive or inappropriate for the workplace. This includes images, jokes, cartoons and anything else that might cause offence.
This policy applies to anyone that’s using a company-owned or leased property and any company-provided computer systems, whether they’re working in head office or remote-working from home.
Head of human resources, HSBC
HSBC provides internet facilities for business purposes. However, we realise that it may sometimes be necessary for employees to look for personal information on a site. A limited amount of personal use is allowed, although this should be kept to a minimum so that it doesn’t interfere with employees’ work.
The rules are very straight-forward: employees must not create, view, download, send or forward any inappropriate material at any time. This includes anything that is illegal, libellous, pornographic, sexually explicit, obscene or racist.
We also have rules against ‘flaming’, where people publish derogatory comments about a person, or ‘spamming’, the internet equivalent of sending junk mail. The use of and access to web-based e-mail systems, such as Hotmail, for business purposes is forbidden.
The company uses a combination of firewall controls and a URL blocker, which is configured to restrict access to inappropriate websites. We also log all web browsing activity so we know precisely what people have been looking at. However, we don’t routinely inspect these logs, unless there’s a specific need to do so.
Our internet policy takes a realistic approach. We appreciate that people sometimes look at pages for personal reasons and we do not have a problem with that as long as it’s kept to a minimum. The rest of it is basically a case of common sense and shouldn’t affect 99 per cent of our staff. But we’ve built in safeguards, should anyone be unprofessional and irresponsible.
Systems director, Compass Group UK & Ireland
Compass Group has issued a detailed computer usage policy to all its staff and managers. It includes full guidelines on the use of the internet when people are at work so they know precisely where they stand.
The purpose of the policy is to ensure that all staff who are authorised to use the company computer facilities do so in an efficient, ethical and lawful manner. Any unauthorised access or breach of the policy is dealt with through the company’s disciplinary procedures in much the same way as any other problem: in other words, on its merits and discreetly.
To avoid confusion, the policy is published on the company intranet so that employees can access it at any time. It’s also a condition of using the company computers that the policy has been read and understood. This is updated whenever it’s appropriate.
One of the main conditions we have is that internet is provided for business purposes and any personal use of the facilities is expected to be limited.
While we understand that people may want to access certain pages at work, access to certain categories of internet sites is blocked.
Internet use by staff is regularly monitored and statistics are sent to HR on a monthly basis.