IT Policy

Employees and associates must use IG owned and maintained IT resources, including computers, mobile devices, software, and internet access, primarily for work-related purposes.

Limited personal use is permitted, provided it does not interfere with job responsibilities or productivity.

All usage must comply with organisational standards and ethical practices, including the applicable laws related to the home country of the user, and the country that the user is operating in.

Where an employee, associate, or contractor us their own devices (known as BYOD), the same requirements apply when working on behalf of IG.

Firewalls must always be activated on devices used on behalf of IG. Most devices come with pre-loaded reputable Firewalls, and these should be used. It is not permitted to allow third parties to access Firewalls or modify any Firewall settings (such as ‘opening a port’) which would increase vulnerability.

User should change the standard password that is provided with new firewalls and routers to a unique password. The process to change a firewall password varies by firewall, but generally involves logging in, navigating to a configuration or settings menu, and selecting the option to change the password.

Users should ensure that updates and patches are enabled where they are certain they are legitimate. Employees and associates must report any security breaches, suspicious activities, or potential vulnerabilities immediately to support@binaryblue.co.uk

Devices must be locked when unattended.

Passwords must be strong, kept confidential, and changed at least once every 60 calendar days. A password that is difficult to guess will be unique and not be made up of common or predictable words such as "password" or "admin” or include predictable number sequences such as "12345". Passwords should always be a minimum of eight characters.

Where multi-factor authentication is available on a device, it should be activated and utilised at all times. This can include the use of facial recognition, fingerprint recognition, ancillary authenticator apps, or text messages sent to mobile phone numbers.

Where a user suspects that a password may have been compromised, they should change their password at the earliest opportunity, which should be at most 24 hours from discovering the suspected breach. If a user is unable to change their password, they should seek support from BB via support@binaryblue.co.uk

To minimise the risk of password hacking, IG users must only use hardware and third-party software which has functionality to lock accounts after a maximum of ten unsuccessful attempts.

Only authorised software and hardware should be installed or used. Granting of accounts is controlled by the IG onboarding form which can only be authorised by the Managing Director. Employees and associates are prohibited from downloading, installing, or using unauthorised software, which could compromise security or violate licensing agreements.

Only the following third party applications are permitted for use:

• Microsoft Azure including M365
• Microsoft Teams
• Microsoft OneDrive & SharePoint
• Xero accounting
• Canva graphic design
• Moodle platform for tutoring
• Kahoot! Learning and quizzes
• Webroot endpoint protection
• HubSpot CRM
• MyHours time tracking

Any additional desired software or hardware must be requested via support@binaryblue.co.uk to ensure compatibility and security compliance. Such requests will be authorised by the IG Managing Director before BB are permitted to provide them to a user.

The updating of third party software and Apps is important to maintain security. To this end, users should always log out of their systems at the end of each working day in order that update can be processed. All ‘push’ requests for updates from known and reputable third party software providers should be accepted and processed at the fastest opportunity, within 24 hours at the latest. Additionally, BB monitor devices remotely and users will receive pop-up messages stating they must re-boot their systems from time to time; these must be acted on within 24 hours.

When a user ceases working on behalf of IG, their accounts will be deactivated at the earliest opportunity, which at the latest will be within 7 days of their last date of working for IG. All hardware must be returned to either IG or BB within 7 days of the user ceasing work for IG.

Where third party software subscriptions are used (known as SaaS), it is mandatory that users activate multi-factor authentication. The same password protocols should be used as detailed in the Security section of this policy.

It is strictly forbidden for more than one person to share the same user account on any software or hardware.

No user is permitted to access or work within any hardware or software using an administrator account. All users should use accounts which have been assigned to them by name. The issuing of administrator accounts is strictly controlled by BB and additions can only be made with the prior authorisation of the IG Managing Director. Live administrator accounts will be reviewed annually, and any un-used accounts will be deleted.

Where software, applications, or any other third party App are no longer in use, they should be uninstalled from devices.

Users are not permitted to use any third-party software that is no longer technically supported by the software provider. If in doubt, contact the software provider directly to check whether a version is supported, or contact BB on support@binaryblue.co.uk

Emails and other electronic communications must be professional and used primarily for business purposes.

Employees and associates should be cautious of phishing attempts and avoid opening suspicious attachments or links. If in doubt, contact BB to obtain a second opinion on the authenticity of an email from a third-party.

Misuse of email for activities such as spamming, harassment, or dissemination of inappropriate content is strictly prohibited.

Any hard copy personal data should be filed electronically on the IG secure SharePoint network at the earliest opportunity.

Hard copy personal data should only be maintained if needed for a short-term use (within the next seven days). Once the use has been fulfilled, it should be destroyed using a shredding machine.

Electronic data should only be stored on the IG secure SharePoint network or on the CRM system being used by the business (which has its own security protocols). IG respects the right of data owners to request the deletion of personal data from IG systems and will promptly act upon such requests.

As a consultancy and training business, IG handles data for multiple clients and respects the need to maintain strict confidentiality protocols. The business operates a secure SharePoint network, with each client having a dedicated electronic folder, only accessible by employees and associates that are actively working on a client engagement. All electronic files, reports, documents, and data related to client work must be saved in the appropriate client folder(s) on the SharePoint network.