top of page


IT and Communications Systems Policy




The IT network exists to facilitate the work of Surge and is provided for the use of employees and other authorised users. This Policy has been designed in line with and with aim to enforce the Human Rights Act, the WEEE Directive, The Computer Misuse Act and The Freedom of Information Bill. As such, all users must agree to comply with the following policy.  This policy should be read in conjunction with the Digital Safeguarding Policy and the Digital Code of Conduct.  The Director has overall responsibility for this policy, including keeping it under review.


Principles of Acceptable Use

You are expected to adhere to the following user guidelines and to follow any instructions from the Director. 


IT Use, Accounts & Passwords

  • User names and passwords are intended for use by one person only.

  • In order to prevent hacking, your password should be 8 characters long and be a mixture of upper and lower case, numbers and letters.

  • To avoid unauthorised access to network files you should never allow anyone else to use your account and keep your passwords secure. You may be held accountable for any misuse carried out under your user name.

  • Freelance staff and visitors must not be allowed to access Surge computers or network unless expressly authorised by a Surge staff member.

  • Log out of your accounts when you are not at your desk. 

  • Your password must remain personal, not shared with your colleagues. 

  • Your computer must be switched off completely when leaving the building at the end of day or shift.


Data Storage & Privacy

  • Respect the privacy of others: for example, do not intentionally seek information on, obtain copies of, or modify files or data, belonging to other users, unless you have explicit permission to do so.  

  • Respect the Copyright, Design and Patents Act 1998, by not copying, storing on mobile or remote devices, Surge material for your personal use or other commercial use. 

  • Ensure you have pre-authorisation of the relevant copyright owners before using external material covered by Copyright. 

  • The use of remote or mobile devices, privately or company owned is strictly limited for business purpose, for working remotely and only for the duration of the work. You must not store Surge information on your Home computer.

  • Any personal contact information (e.g. mailing lists, marketing information) collected and stored on the Surge computer system must be in compliance with privacy and Data Protection laws.

  • You have access to the company dropbox folder and to your own folders on your computer.

  • Periodically clear out old files and old emails to keep everything running smoothly; this includes carrying out frequent archiving and deleting items from your inbox or outbox. 

  • Do not intentionally interfere with hardware or software without the permission of relevant Surge Staff (this includes installing programmes). 


Email and Internet

  • Before downloading or installing new software on your computer, ensure that you posses the relevant licence for the business use of that software Only download or install software that are used solely for business purposes. 

  • Adopt a professional tone and observe appropriate etiquette when communicating with third parties by e-mail. 

  • Remember that e-mails can be used in legal proceedings and that even deleted e-mails may remain on the system and be capable of being retrieved.

  • Avoid forwarding emails that have been already forwarded to you and show several email addresses (delete those addresses first or copy and paste the message).

  • If you think you may have picked up a virus immediately switch off your computer and contact the Director (not by e-mail).

  • Follow all instructions relating to anti virus measures as and when they are issued by the Director. 


Personal Use

  • It is acceptable to use Surge Internet facilities for reasons unrelated to Surge business provided that such use is in compliance with the principles of acceptable and unacceptable use listed in this document. 

  • You are reminded that personal Internet use should be restricted to your own time. 

  • Surge will not take responsibility for the safety of any personal information transmitted by a member of staff (e.g. bank account details, credit card numbers). 

  • Abuse of this privilege will be taken seriously and may result in withdrawal of web services and/or disciplinary action.


Prohibited use of our systems

Misuse or excessive personal use of our telephone or e-mail system or inappropriate internet use will be dealt with under our Disciplinary Procedure. Misuse of the internet can in some cases be a criminal offence.


Do not use Surge computers:

  • For any illegal purpose.

  • To transmit threatening, obscene or harassing materials or correspondence.

  • To send any email in contravention of Surge’s Equal Opportunities Policy.

  • To send any email with sensitive or confidential content to any individual or group for whom it would be inappropriate. 

  • To access any material that contravenes Surge’s Equal Opportunities Policy.

  • To send or forward private e-mails at work which you would not want a third party to read.

  • To request personal information from other individuals.

  • For unauthorised distribution of Surge data and information – this includes discussing details of the business of Surge and making unauthorised statements, including (but not limited to) derogatory comments to members of the press or on social networking sites. 

  • To interfere with or disrupt network users, services or equipment.

  • To deliberately damage or disrupt computer facilities belonging to other individuals or organisations.

  • To knowingly distribute viruses, worms or Trojan horse programs.

  • For private purposes such as marketing or business transactions. 

  • For expressing or soliciting for religious, political and beliefs causes. This includes petitions and chain letters.

  • For unauthorised not-for-profit business activities.

  • For private advertising of products or services.


Questions relating to specific uses not covered above should be directed to the Director.


Monitoring Procedures & Surge Rights

  • The Director reserves the right to monitor and restrict Internet access requests and user histories.

  • In compliance with the Human Rights Act 1998 as it relates to privacy - user files and mail accounts will only be accessed on the instruction of the Director and then only if there is good reason to suspect misuse.

  • Messages relating to or in support of illegal activities will be reported to the appropriate authorities. 

  • Surge reserves the right to log network use and monitor file space taken up by users and assumes no responsibility or liability for files deleted as a result of a user failing to properly store their work.

  • Surge reserves the right to remove a user account from the network if misuse is suspected.

  • Surge will not be responsible to outside parties for any damages that may be incurred as a result of e-mail use. This includes the loss of data resulting from delays, non-deliveries, or service interruptions caused by negligence, errors or omissions. This point should be made clear on all outgoing e-mails that contain data of high importance. 

  • Surge reserves the right to change its policies and rules at any time – all users will be notified in advance of such a change. 


Environmental Digital Procedures


This section of the policy recognises the value in reducing carbon emissions created via our everyday use of IT.


  • Don’t leave your computer in sleep mode, shut down and turn off when leaving the office

  • Downloading is better than streaming

  • Don’t reply all unless needed

  • Only reply when necessary (can put NRN “No Reply Necessary” in the title of your email)

  • Clear out your inbox

  • Delete emails you don’t need and unsubscribe from mailing lists if you don’t read the emails

  • Send links to files rather than attachments

  • Bookmark regularly visited sites

  • Keep software up to date

  • Consider video conferencing over in-person meetings where travel is required for the in-person meeting

  • Use physical external hard drives for back ups rather than cloud storage.


Social Media Use

This section of the policy is in place to minimise the risks to our business through use of social media.


This deals with the use of all form of social media, including Facebook, LinkedIn, Twitter, Google+, Wikipedia, Instagram and all other social networking sites, internet postings and blogs. It applies to use of social media for business purposes as well as personal use that may affect our business in any way.


Personal use of Social Media

Personal use of social media should be restricted to your own time.


Prohibited use

  • Avoid making any social media communications that could damage our business interests or reputation, even indirectly.

  • You must not use social media to defame or disparage us, our staff or any third party; to harass, bully or unlawfully discriminate against staff or third parties; to make false or misleading statements; or to impersonate colleagues or third parties.

  • You must not express opinions on our behalf via social media, unless expressly authorised to do so by the Director. You may be required to undergo training in order to obtain such authorisation.

  • You must not post disclosing confidential information.

  • Any misuse of social media should be reported to the Director.


Guidelines for responsible use of social media

  • Be respectful to others when making any statement on social media and be aware that you are responsible for all communications which will be published on the internet for anyone to see.

  • Images or videos of work by artists or photographers should be credited appropriately when posting on social media.

  • See Surge’s Digital Safeguarding Policy for guidelines on sharing work created by young people under 18 years old.

  • When communicating with people via digital platforms, staff members will use official accounts and ensure that the personal details are not shared.

  • If you are uncertain or concerned about the appropriateness of any statement or post, refrain from posting it until you have discussed it with the Director.

  • If you see social media content that disparages or reflects poorly on us, you should discuss it immediately with the Director.


Enforcement and Violations

  • This policy is intended to be illustrative of the range of acceptable and unacceptable uses of the IT facilities, the internet and social media and is not intended to be exhaustive. 

  • Questions about specific uses related to security issues not covered in this policy statement should be directed to the Director. 

  • Reports of misuse should be directed to the Director who will review alleged violations of this Policy on a case-by-case basis.

  • Breach of this policy may be dealt with under our Disciplinary Procedure and, in serious cases, may be treated as gross misconduct leading to summary dismissal.



Review date:  reviewed 24.10.23 KV

bottom of page