67. Cyber Security & IT Usage Policy
67.1. This policy sets out the rules for the safe and responsible use of company IT systems, devices, and networks.
67.1.1. It aims to:
67.1.1.1. Protect company and client data from cyber threats.
67.1.1.2. Ensure compliance with UK data protection laws.
67.1.1.3. Maintain the integrity, confidentiality, and availability of information.
67.1.1.4. Prevent damage or misuse of IT systems.
67.2. This policy applies to all employees, contractors, and interns who use Architecture North Ltd IT systems, devices, and networks.
67.2.1. This includes:
67.2.1.1. Company laptops, desktops, iPads, and mobile phones.
67.1.1.1. Protect company and client data from cyber threats.
67.1.1.2. Ensure compliance with UK data protection laws.
67.1.1.3. Maintain the integrity, confidentiality, and availability of information.
67.1.1.4. Prevent damage or misuse of IT systems.
67.2. This policy applies to all employees, contractors, and interns who use Architecture North Ltd IT systems, devices, and networks.
67.2.1. This includes:
67.2.1.1. Company laptops, desktops, iPads, and mobile phones.
67.2.1.2. Company email accounts and cloud services.
67.2.1.3. Remote working connections and VPN access.
67.3. All employees must:
67.3.1. Use company IT systems only for authorised business purposes.
67.3.2. Access systems only with your allocated username and password.
67.3.3. Keep passwords secure, unique, and never share them.
67.3.4. Store files only in approved company systems (e.g., cloud storage), not on personal devices.
67.3.5. Use company email for work-related communication only.
67.3.6. Log out or lock devices when unattended.
67.3.7. Be cautious with unexpected emails, even if they appear to be from known contacts.
67.3.8. Verify payment or bank detail changes via a phone call before processing.
67.3.9. Report phishing or suspicious emails to IT support immediately.
67.4. All employees must not:
67.4.1. Download or install unauthorised software or apps.
67.4.2. Access, store, or share inappropriate or offensive material.
67.4.3. Connect unapproved personal devices to the company network.
67.4.4. Bypass security controls or disable antivirus/firewall software.
67.4.5. Share company or client data on personal email, cloud storage, or messaging platforms.
67.4.6. Open suspicious links or attachments without verifying the source.
67.5. Report any suspected cyber attack, data breach, lost/stolen device, or unusual system behaviour immediately to Management.
67.6. When Remote Working, Employees must:
67.6.1. Only use company-approved devices for remote work.
67.6.2. Avoid using public Wi-Fi for work unless connected through VPN.
67.6.3. Keep company devices physically secure when travelling or working offsite.
67.7. The company may monitor IT usage for security, compliance, and operational purposes.
67.7.1. Any misuse may result in disciplinary action, up to and including dismissal.