Acceptable Use Policy

[Company Name] provides computers, accounts, and internet access to enable work. This policy sets out what acceptable use looks like.

• Use company kit and accounts for work tasks.
• Some personal use is fine — e.g. checking train times, ordering lunch — provided it doesn't interfere with work or break this policy.
• Take work calls and emails on company devices outside hours, if that suits you.

• Access, store, or share material that is illegal, discriminatory, harassing, or grossly inappropriate.
• Install software that hasn't been approved.
• Use company kit for a side business or competing activity.
• Share your password with anyone, ever — including your manager or IT support.
• Connect personal USB drives or hardware to company devices without approval.
• Bypass security controls (VPN, MFA, web filtering, EDR) for any reason.
• Forward work email to a personal address.

Ask [Named Manager]. Better to ask than to guess.

Company devices, accounts, and traffic may be monitored where there is a legitimate business reason, in line with the Data Protection Act 2018 and our staff privacy notice. Personal communications are not routinely read.

Tell [Named Manager] immediately if you:

• Click a suspicious link or attachment.
• Lose a phone or laptop.
• Notice something on your screen that you didn't do.
• Get a phone call asking for credentials or payment changes.

You will not be blamed for honest mistakes promptly reported.

Significant or wilful breaches may result in disciplinary action up to and including dismissal.

Reviewed annually. Last reviewed: [date].