Acceptable Use Policy

Overview

This policy sets out what is considered as ‘acceptable use’ by all users of this service in conjunction with the Civil Service Code and government departments’ IT user policies.

Scope

This policy applies to all users of this service.

Policy

1. The information displayed by this service has been classified as OFFICIAL-SENSITIVE and your adherence to this policy is required to protect the need to know.
2. You are responsible for exercising good judgment regarding appropriate use of this service in accordance with Civil Service / your organisation's policies, standards, and guidelines. Civil Service resources may not be used for any unlawful or prohibited purpose. As a user you are personally responsible for acting within the Data Protection Act 2018, the Official Secrets Act 1989 and protecting commercial confidentialities (including those of HMG).
3. Access to this service is solely for the purposes of carrying out your official duties. Use of the data for any other reason is a violation of this policy and the Civil Service Code.
4. For security, compliance, and maintenance purposes, authorised personnel may monitor and audit your use of this service and the associated systems and network traffic.
5. You are responsible for the security of data, accounts, and systems under your control. You must keep the email messages containing access links to this Service, and any associated authentication codes, secure and not share these with anyone, including other staff members, family, or friends. Providing access to another individual, either deliberately or through failure to secure authentication credentials, is a violation of this policy.
6. Do not attempt to log into the service as another user.
7. You must only access this service from a device that is managed by your department / organisation, which may include desktop, laptop, and smartphone and tablet devices, so as to avoid compromising authentication credentials or the information viewed. Devices must be managed in accordance with The Minimum Cyber Security Standard.
8. Where possible, mobile phones used to receive authentication codes should be managed by your department / organisation.
9. When accessing the Service, you must only do this from networks that you trust, such as your organisation’s office network, your home Wi-Fi network, GovWi-Fi or your mobile provider’s data service (i.e. 4G, 5G etc.). Do not use untrusted public Wi-Fi hotspots such as those found in coffee shops, airports and hotels as these may compromise your communications.
10. You must remain vigilant for 'shoulder-surfing' at all times and it is recommended that you employ screen privacy filters when accessing the service in the vicinity of members of the public.
11. Always lock your device’s screen before leaving it unattended for any period of time. Close your internet browser when you have finished using the service.
12. You are required to inform your organisation’s Cyber Security team and the Service administrator immediately if you suspect that the security of your device, your mobile phone, your emails or the service access links have been compromised.
13. You are required to inform the service administrator immediately if you leave or change your role and no longer require access to this Service.
14. This service is intended for use by authorised users from specified government departments and selected partner organisations only. Prior permission must be sought from the service administrator and relevant source department contacts before disclosing service information with any other parties.