Employee Handbook

IT security Technology is an integral part of our business, but it also poses risks in terms of potential breaches of data, reputational damage and negative financial impact. We expect use of IT systems and equipment to be professional and the consequences of misuse are serious – you could potentially have your access withdrawn, or even lose your job. Examples of gross misconduct arising from company IT misuse can include: • Sharing false and defamatory statements about any person or organisation • Handling or sharing any material which is discriminatory or may cause embarrassment • Accessing, transmitting, or downloading any confidential information without permission • Breaching data protection obligations • Using unauthorised software • Bullying, discriminatory, or inappropriate use of social media, email or any other communication network • Any breach of copyright Use of FM Conway’s computer systems You should only use our computer systems, tablets, mobile phones, smartphones or personal digital assistants for the purposes of our business. To reduce the risk to FM Conway’s systems or network from virus infections, hacking etc. you may only access the systems and network as follows: • From company premises, using authorised equipment • Remotely using authorised equipment via secure means, e.g. VPN software only

Internet - monitoring We may monitor Internet usage, including searches about content that is not relevant to the business, the IP addresses of sites visited, and the duration and frequency of visits. Material that is pornographic, illegal, criminal, offensive, obscene, in bad taste or liable to cause embarrassment is strictly prohibited.

Email use - general

All communications, including email, should always reflect the highest professional standards. Here are some simple checks:

• Keep messages brief and to the point. Spell check emails before sending • Check the recipient(s) — it can be embarrassing if a message is sent to the wrong person, but it can also result in a breach of data • Do not send messages from another person’s email address (unless authorised in the proper performance of their duties), or under an assumed name • You must not send or post messages or material that are offensive, obscene, defamatory, or otherwise inappropriate in the work environment. This includes messages that are discriminatory or amount to bullying, criticise our competitors or their employees or use content that could embarrass FM Conway, its clients or customers, if in doubt – do not send the email, or forward any such email you receive, report it. • Do not send trivial messages – it wastes everyone’s time • Always use your FM Conway email address for all business communications • Emails are not confidential; use password protection where appropriate for any accompanying documents • We operate antivirus software; however, this does not eliminate risk. Be careful when opening unknown emails and let your line manager know if you suspect an issue • We periodically test security using various techniques. Always report suspected phishing attempts (from inside or outside of the business using the Phish Alert icon in Outlook

You must never access FM Conway’s systems or networks using an unsecure Wi- Fi connection.

Use of the internet - personal use Reasonable, limited personal use of our systems or network to browse the Internet is allowed if it does not interfere with the performance of your duties.

Emails - personal use and monitoring

Although the email system is primarily for business use, we understand that you may occasionally need to send or receive personal emails while at work.

This should be minimal, infrequent, and must not affect your job performance or otherwise interfere with our business.

72

73