Fair Usage Policy

SUMMARY

This policy provides standards for correct and proper use of our Customer’s IT networks to protect against degradation of performance and interruption to IT dependant business activities, loss of confidential and business critical information and safely and correctly operating IT equipment.

INTRODUCTION AND SCOPE

The Customer’s IT network is key to the on-going operations of its business; incorrect function of these networks would impact on the service provided to their customers and also profitability.

Furthermore, our customers wish to protect against loss of data which impacts on the day to day activities of the business, or if disclosed to certain parties, may affect the competitive activities of the business. Certain precautions must be taken to protect against disclosure or loss of information assets.

Finally, as with all electronic equipment, IT hardware can be dangerous when operated incorrectly or in the incorrect environment. It must also be used according to manufacturer’s instructions to prevent damage to the equipment.

GENERAL

  • This fair usage policy is designed so that the Supplier is able to provide the most effective service to all of its customers and provide service agreements which represent best value.
  • The fair usage policy will identify excessive levels of usage and provide steps to reduce this. The Supplier will communicate this to the Customer and try to establish what is driving specific high usage and which patterns and habits can be modified to the benefit of all. In extreme cases, the Customer may be required to apply management techniques to reduce the impact the heavy use has on the service delivery, or pay for additional service.

POLICY

  1. PC Usage

    IT hardware can easily be damaged when used inappropriately causing interruption to users and hence the business whilst repairs are carried out or a replacement sourced. Data loss, which may be more damaging to the business, could also occur. Finally, as with any electronic equipment, PCs and related accessories can be dangerous when handled inappropriately or in the wrong environment and it is the duty of the operators to ensure responsible usage.

    • Desktops, laptops, workstations (PCs) and related equipment should only be used in the manner and environment described in the applicable user guides and instructions.
    • PCs should only be used with recommended peripherals and should not be modified in any way which may invalidate the manufacturer warranty.
    • PCs should only be used for business activities or personal activities where specifically allowed by the Customer’s own IT policy.
  2. Housekeeping

    IT networks have a finite capacity for file and email storage and a certain amount of ‘housekeeping’ should be practiced by individual users to ensure reasonable storage availability and to prevent impact on performance. Furthermore, storing files in certain areas of a networked computer’s file system can impact performance and these practices should be avoided:

    • Duplicate files in both users’ home drives and on shared drives should be avoided.
    • Large programme files, audio files or videos should not be stored on the corporate network unless specifically required for business activities.
    • Junk or expired emails should be deleted from users’ email inboxes.
    • Emails with large attachments should be deleted from users’ email inboxes. Where the attachments are required for business purposes, they should be saved to a shared drive.
    • Files or folders should not be stored on your desktop. Desktop shortcuts to files and folders elsewhere are however acceptable.
    • Certain software which stores information in inappropriate locations (examples include iTunes and Google Earth) should not be installed. Where required for business purposes, this software should be installed by an IT administrator (normally the Supplier).
    • Running email archiving routines from Microsoft Outlook should be avoided. Where required for business purposes, a dedicated email archiving system should be installed. This software would be installed by an IT administrator (normally the Supplier) and would normally require purchasing.
  3. Internet and email usage

    Traffic coming from outside the business is the main source of software threats to corporate networks. Almost all software threats including viruses, spyware, trojans and other malicious software are spread through email and the internet and responsible use by operators is therefore paramount to the security of the network.

    Antivirus, anti-spam and other network security software will protect against these threats to some extent but will not be able to identify all malicious software. Users should follow best practices to provide a better level of protection against infection.

    • Emails from unknown senders with attachments should not be opened and immediately deleted.
    • Where an email is received from an unknown sender and it has a link in the email to a website, do not click on the link.
    • Where an email is received from a known sender and it has a link in the email to a website, do not click on the link. Instead of clicking on the link, open up Internet Explorer and type in the address that the link says it opens. It is possible for a link in an email to look like it is going to take you to one website, but the actual link that you click on may take you to a different website which may not be safe.
    • Do not download and install any software from the internet without consulting your network administrator (normally the Supplier). Internet based software can often contain viruses, spyware and trojans even if they do appear to come from a reputable source.
    • Do not engage in any file sharing or other peer to peer sharing activities. This will use up network bandwidth (affecting other users) and files downloaded through these mediums cannot be verified and may contain threats to the network.
    • Beware of websites informing you of security problems on your PC. This can be ‘scareware’ where malicious software is installed and a fee demanded to allow normal functioning of your PC. Any such occurrence should be reported to your network administrator (normally the Supplier).
    • Do not visit any websites containing pornographic material, illegal software or those associated with criminal activities. Use of all such websites carries a high risk of introducing malicious software to the network.
  4. Network security and management

    To ensure proper functioning of corporate IT systems, correct operation of networking equipment is required. Misuse and negligence can result in a reduction in or total loss of IT network functionality and significantly interrupting business activities.

    • Do not plug any network devices in without consulting your network administrator (normally the Supplier). This can include switches, routers, wireless access points, printers and scanners.
    • Do not remove, replace or add any network cables from the office or from the comms or server areas without consulting your network administrator (normally the Supplier).
    • Do not tamper with, power off or remove any network switches. Reasonable precautions should also be taken to prevent to prevent other parties (ie. cleaners) from interfering with this equipment.
  5. Network Servers
    • Administration of network servers should be left to your network administrator (normally the Supplier) and they should be in no way tampered with or logged on to by non-qualified users. The server environment should also be kept clean and at temperature of 20 degrees centigrade or below.
    • All non-authorised or illegal access to IT systems (e.g. "hacking") will lead to the immediate blocking of the server without prior warning.
    • Each Customer who operates a server is solely responsible for all stored and transmitted data of the server and all actions which emanate from the server. The Customer must take adequate measures which comply with the current state of technology to ensure that any misuse of the server is effectively prevented. The Supplier reserves the right to block any server at any time which causes a loss of network integrity or affects the network operation of other servers without prior warning including those actions which are not specifically referred to below. The Supplier further reserves the right to remove a server from the network if it is deemed to be causing excessive load or traffic over an unacceptably long period.
  6. User access and management

    Correct management of user access is essential in preventing unauthorised persons from having access to your network and your business’ data. Unauthorised users can be people from outside of the business, former employees or current employees without the required permissions. All such access, whether malicious or otherwise, can cause damage to the network and interruption to the business. User access and management must therefore be tightly regulated.

    • Network users should use a strong password for network access. A strong password should be a minimum of 8 digits, contain letters, numbers and symbols. You should also change your password on a regular basis – once a month is good practise.
    • Never leave your PC logged in at the end of the day or for extended periods away from the office and where possible power it off at the end of the working day.
    • Addition of new users to the network, and modification to security permissions of existing users, should only be performed by a qualified network administrator. This would normally be the Supplier as your network support provider.
    • Users who are no longer required on the network should be disabled and deleted by a qualified network administrator. This would normally be the Supplier as your network support provider. You should notify your network administrator as soon as the user leaves your business.
    • Network master administrator passwords should not be disclosed to employees and should be kept off site in a safe or safety deposit box. IT administrators should access the network through individual administrator accounts.
  7. IP Spoofing

    IP spoofing refers to the falsification of the IP sender address for outgoing IP packages. This technology is generally used to conceal the origin of IP packages. The Supplier has installed anti-spoofing filters in order to prevent IP spoofing. All attempts at IP spoofing are automatically logged. Any attempt at IP spoofing will lead to the immediate blocking of the server without prior warning.

  8. MAC spoofing and MAC flooding

    MAC spoofing refers to the falsification of a sender address of an ethernet framework. This technology is often used to give a false identity in the local network or for a router. MAC flooding refers to the sending of ethernet frameworks with a number of different sender addresses for the purpose of flooding MAC databanks of switches thus causing a malfunctioning of these switches. The Supplier has put in place measures which in the event of any attempt at MAC spoofing or MAC flooding trigger an immediate and automatic blocking of the server without prior warning. All attempts at MAC spoofing and MAC flooding are automatically logged.

  9. ARP spoofing and ARP flooding

    ARP spoofing refers to the falsification of an ARP entry on a router by unsolicited ARP replies. This technology is often used to prepare a man-in-the-middle attack. ARP flooding refers to the mass transmission of ARP replies for the purpose of flooding the ARP databank of a router and thus causing a malfunctioning of this switch. All attempts at ARP spoofing and ARP flooding are logged and will lead to the immediate blocking of the server without prior warning.

  10. Transmission of Switch Protocol Frameworks

    The transmission of switch protocol frameworks, in particular spanning tree protocol frameworks (BPDUs) will lead to the immediate and automatic blocking of the server without prior warning. All attempts to transmit switch protocol frameworks are logged.

  11. Transmission of spam and malware

    Spam refers to the mass transmission of unsolicited or unrequested email advertisements. Malware refers to any type of injurious software e.g. viruses, worms, trojans, backdoors, spyware or illegal diallers. The sending of spam can lead to a warning being sent to the server operator or to the immediate blocking of the server without prior warning depending upon the gravity of the infringement. The sending of malware will lead to the immediate blocking of the server without prior warning.

  12. Phishing

    Phishing refers to illegal attempts to release access data for security areas to a wide distribution of users. Well known websites are often imitated so as to appear deceptively genuine for this purpose. The websites are reached under domain names which are similar to the original domain names. Users are invited by misleading emails to enter their access data on such hoax websites. Phishing will lead to the immediate blocking of the server without prior notice.

  13. Denial of service attacks

    Denial of Service attacks (DoS) refers to an attack on a server with the purpose of disabling one or more of its services. This generally occurs by overloading e.g. by attacks with a number of small UDP packages or TCP-SYN packages. Where the attack is coordinated by a larger number of other systems this is referred to as a Distributed Denial of Service (DDoS). The Supplier has put in place measures which permit the empirical recognition of Denial of Service attacks. All Denial of Service attacks are logged. A Denial of Service attack will lead to the immediate blocking of the system without prior warning.

  14. Scanning of external computers

    The scanning of computers refers to the systematic searching for services on this computer with the purpose of detecting weaknesses in the services in order to utilise them for hacking at a later time. The scanning of external computers can lead to a warning being sent to the operator of the service or to the immediate blocking of the server without prior notice according to the seriousness of the infringement.

SERVICE DESK

Our Service Desk services are scoped to our customer’s existing and expected demand, ensuring we have the appropriate team capacity and skillset to deliver against our high standard of service. Over time efficiencies are introduced and certain ticket type resolution can be automated, however Service Desk volumes can also increase due to growth within the Customer’s business, an expansion of scope to cover new areas of work, and the provision of new technologies.

To ensure that we are able to scale the service in line with our customers’ demand, we apply additional hourly charges when the blended hourly rate for Service Delivery drops below £60, or the rate set out in the Statement of Work.