All members of staff are responsible for the security of the equipment allocated to or used by them and must not allow it to be used by anyone other than in accordance with this policy.
The School has a secure firewall and anti-virus software in place. These prevent individuals from unauthorised access and to protect the School’s network. The School also teach individuals about e-safety to ensure everyone is aware of how to protect the School’s network and themselves.
All IT Systems (in particular mobile devices) shall be protected with a secure password or passcode, or such other form of secure log-in system as approved by the IT support company. Biometric log-in methods can only be used if approved by the IT Department.
All passwords must, where the software, computer, or device allows:
- be at least 6 characters long including both numbers and letters;
- be changed on a regular basis and at least every 180 days;
- cannot be the same as the previous 10 passwords you have used;
- not be obvious or easily guessed (e.g. birthdays or other memorable dates, memorable names, events, or places etc.)
Passwords must be kept confidential and must not be made available to anyone else unless authorised by a member of the Core Team who will liaise with the Business Manager as appropriate and necessary. Any member of staff who discloses his or her password to another employee in the absence of express authorisation will be liable to disciplinary action under the School’s Disciplinary Policy and Procedure. Any member of staff who logs on to a computer using another member of staff’s password will be liable to disciplinary action up to and including summary dismissal for gross misconduct.
If you forget your password you should notify the IT company operative to have your access to the IT Systems restored. You must set up a new password immediately upon the restoration of access to the IT Systems.
You should not write down passwords if it is possible to remember them. If necessary you may write down passwords provided that you store them securely (e.g. in a locked drawer or in a secure password database). Passwords should never be left on display for others to see.
Computers and other electronic devices with displays and user input devices (e.g. mouse, keyboard, touchscreen etc.) shall be protected with a screen lock that will activate after a period of inactivity. You may not change this this time period or disable the lock.
All mobile devices provided by the School, shall be set to lock, sleep, or similar, after a period of inactivity, requiring a password, passcode, or other form of log-in to unlock, wake or similar. You may not alter this time period.
Staff should be aware that if they fail to log off and leave their terminals unattended they may be held responsible for another user’s activities on their terminal in breach of this policy, the School’s Data Protection Policy and/or the requirement for confidentiality in respect of certain information.