Information Security Golden Rules

  • We are all responsible for information security
  • We must all ensure we understand obligations as detailed in the Acceptable Use Policy and other relevant information security policies
  • Our use of eduserv assets, including information, must be respectable, honest and comply with both legislative and regulatory requirements
  • We must report any potential security events, suspicious activity, issues, incidents, policy breaches or near misses immediately, to the Service Desk or Assurance Team
  • We must not attempt to access, or enable others to access, anything we haven’t been explicitly authorised to access
  • We must not disable or attempt to bypass any security controls
  • We will take all appropriate precautions to prevent damage to or theft of any assets we are responsible for
  • We will use the confidential waste bins
  • We will follow the information classification rules
  • We will follow the password guidance in the AUP and protect our passwords
  • We will lock away our documents and lock our screen when away from our desk
  • We must not install software on our device without prior authorisation
  • We must not attach USB or mobile devices to our Eduserv workstation / laptop without prior authorisation
  • We will be mindful of tailgaters
  • We understand that eduserv reserves the right to view any material we produce or store on eduserv’s systems and networks for monitoring and measurement purposes


Regulation and legislation applicable to us all includes, but is not limited to:

  • Official Secrets Act
  • Rules of Investigatory Powers Act (RIPA)
  • Computer Misuse Act
  • Rules of Evidence
  • Data Protection Act / GDPR
  • Privacy and Electronic Communications Regulations
  • Freedom of Information Act (FOI)


Working considerately

We do not tolerate bullying or harassment, and any complaints will be taken seriously and dealt with under the grievance procedure and/or as gross misconduct. Further details on what constitutes bullying and harassment can be found on the link:


Working lawfully

The following policies apply to you and you will need to ensure that you are familiar with them, as any breach may result in disciplinary action, including a gross misconduct dismissal – it is that serious, so please do read them as soon as you can!

  1. Acceptable usage
  2. Anti-bribery
  3. GDPR/data protection
  4. Health and safety
  5. Equal opportunities


Being the best you can

  • Continuous feedback for continuous improvement - Through our HR system, BambooHR, you will be able to receive continuous feedback from your peers and manager on how you are doing.
  • Meaningful learning opportunities – We will ensure you have the appropriate technical skills to meet our operational needs now, and in the future. We will also provide you with appropriate soft skills training and knowledge dissemination to ensure you have all the skills you need to carry out your role to the best that you can.


When your expectations aren’t met


Informal process: We would hope that most complaints can be dealt with informally. If you want help mediating a conflict, speak to your manager or HR. If your complaint concerns your manager, speak to their manager or the talent and organisational excellence team.

We follow the ACAS code of practice for formal grievances. Please find further information here.


If you wish to make a protected disclosure, you can find further advice what that means and what protection it offers you here. We would hope that you would be able to inform a member of the exec team, or a trustee, before going outside of the organisation. If you make a protected disclosure, as set out on the website, we will ensure that you are not put at a detriment.


When our expectations aren't met

Misconduct & gross misconduct

We follow the ACAS code of practice on disciplinary and grievance procedures, which sets out what we must do to ensure the process is fair. Further information can be found here

The definitions we use to distinguish misconduct from gross misconduct are as follows:

Misconduct: where an employee’s actions are such that they fall outside of what is generally, and reasonably agreed to be acceptable standards.

Gross misconduct: where an employee behaves in such a way that we cannot reasonably be expected to allow that behaviour or action to be repeated, for example, Illegal activities, serious breach of our policies, gross negligence, serious insubordination, or offensive behaviour.

Performance management

Unfortunately, if your performance doesn't meet the level required for your role, and informal attempts to help your performance improve don't work, you will be subject to the performance management process.

This closely follows the three-step process under the misconduct procedure, but with performance review meetings, and first and final warnings being replaced with improvement notices. As with misconduct meetings, you will have the right to be accompanied by a work colleague or trade union representative.

The time between reviews will vary depending upon the nature of the improvements needed, but will ensure sufficient time to put into action any remedial action, and to demonstrate improvement.

If there is no improvement following the final improvement notice, it may result in dismissal due to poor performance. If this occurs, an appeal to the decision will be offered.

Sickness management

If your absence levels are deemed unreasonable, you will be notified of the need to improve. If your absence levels continue to be unsatisfactory, or a pattern emerges, we will begin the absence management process.

The absence management process mirrors the three-step disciplinary process, in that there are formal meetings at which you can be accompanied by a work colleague or trade union rep.

If you are dismissed because of poor absence, you may appeal this decision.


If you are unable to undertake the role you have been hired to do due to either continued ill health or incapacity, we will ensure we have exhausted any possible reasonable adjustments before making any decision to dismiss.

You will be given the right to be accompanied by a trade union rep or work colleague during formal review meetings. The number of review meetings needed will be dependent upon the circumstances of the case, however we will do what we reasonably can to help you retain employment with Eduserv.

You may be required to attend either an occupational health review, or will be asked for permission for Eduserv to contact your GP. If we do not have sufficient medical information, we would be required to make a decision without all of the facts, which ultimately may be to your detriment.

You may appeal any decision to dismiss due to capability.