Information Security Golden Rules

  • We are all responsible for information security
  • We must all ensure we understand obligations as detailed in the Acceptable Use Policy and other relevant information security policies
  • Our use of eduserv assets, including information, must be respectable, honest and comply with both legislative and regulatory requirements
  • We must report any potential security events, suspicious activity, issues, incidents, policy breaches or near misses immediately, to Service Desk
  • We must not attempt to access, or enable others to access, anything we haven’t been explicitly authorised to access
  • We must not disable or attempt to bypass any security controls
  • We will take all appropriate precautions to prevent damage to or theft of any assets we are responsible for
  • We will use the confidential waste bins
  • We will follow the information classification rules
  • We will follow the password guidance in the AUP and protect our passwords
  • We will lock away our documents and lock our screen when away from our desk
  • We must not install software on our device without prior authorisation
  • We must not attach USB or mobile devices to our Eduserv workstation / laptop without prior authorisation
  • We will be mindful of tailgaters
  • We understand that eduserv reserves the right to view any material we produce or store on eduserv’s systems and networks for monitoring and measurement purposes


Regulation and legislation applicable to us all includes, but is not limited to:

  • Official Secrets Act
  • Rules of Investigatory Powers Act (RIPA)
  • Computer Misuse Act
  • Rules of Evidence
  • Data Protection Act / GDPR
  • Privacy and Electronic Communications Regulations
  • Freedom of Information Act (FOI)


Corporate Social Responsibility

Eduserv recognises the importance of supporting, encouraging and developing its employees. We are committed to providing clear terms and conditions of employment, fair remuneration and opportunities for personal and professional progression for all our staff.

We think it’s important to give back to the communities in which we work and live. Many of our employees contribute to a range of good causes and community activities in their free time. To support this Eduserv offers employees 2 paid days per calendar year to volunteer for a good cause. 

We have in place a health and safety system to ensure the well-being of all of our employees. We are certificated to the ISO 18001 standard by a UKAS-accredited auditor and also regularly conduct our own health and safety internal audits.

Eduserv have a dedicated environmental policy detailing our commitment to minimising our environmental impact. We are certificated to the ISO 14001 standard by a UKAS-accredited auditor on an annual basis and also conduct our own internal audits to ensure continued compliance and improvement.


Equality and Mutual Respect

We are committed to the principle of equality in employment. At Eduserv our aim is to attract, retain and motivate high quality individuals and to provide equality of opportunity in order to maximise the benefit to the organisation from the diversity of its workforce. Diversity expresses itself in many different ways, - by age, gender, race, culture, physical and mental ability, religion, - and these differences are celebrated.

We aim to maximise everyone’s potential by harnessing these differences and creating a productive environment in which all are valued, where talents are fully utilised, and where the goals of the organisation are achieved. We strive to treat everyone fairly and to apply equitable practices in all that we do.

Accordingly, when carrying out recruitment, selection, training, development and promotion activities we aim to ensure that no job applicant or employee receives less favourable treatment on the above grounds. Eduserv’s objective is to ensure that individuals are selected, promoted and otherwise treated solely on the basis of their relevant aptitudes, skills and abilities.

Eduserv commit to encouraging equality and diversity in the workplace, and all employees should be aware that they, as well as Eduserv, can be held liable for acts of bullying, harassment, victimisation and unlawful discrimination, in the course of their employment, against fellow employees, customers, suppliers and the public.

We do not tolerate bullying or harassment, and any complaints will be taken seriously and dealt with under the grievance procedure and/or as gross misconduct. Further details on what constitutes bullying and harassment can be found on the link:


Working lawfully

The following policies apply to you and you will need to ensure that you are familiar with them, as any breach may result in disciplinary action, including a gross misconduct dismissal – it is that serious, so please do read them as soon as you can!

  1. Acceptable usage
  2. Anti-bribery
  3. GDPR/data protection
  4. Health and safety
  5. Equality and mutual respect


Being the best you can

  • Continuous feedback for continuous improvement - Through our HR system, BambooHR, you will be able to receive continuous feedback from your peers and manager on how you are doing.
  • Meaningful learning opportunities – We will ensure you have the appropriate technical skills to meet our operational needs now, and in the future. We will also provide you with appropriate soft skills training and knowledge dissemination to ensure you have all the skills you need to carry out your role to the best that you can.


When your expectations aren’t met


Informal process: We would hope that most complaints can be dealt with informally. If you want help mediating a conflict, speak to your manager or HR. If your complaint concerns your manager, speak to their manager or the talent and organisational excellence team.

We follow the ACAS code of practice for formal grievances. Please find further information here.


If you wish to make a protected disclosure, you can find further advice what that means and what protection it offers you here. We would hope that you would be able to inform a member of the exec team, or a trustee, before going outside of the organisation. If you make a protected disclosure, as set out on the website, we will ensure that you are not put at a detriment.


When our expectations aren't met

Misconduct & gross misconduct

We follow the ACAS code of practice on disciplinary and grievance procedures, which sets out what we must do to ensure the process is fair. Further information can be found here

The definitions we use to distinguish misconduct from gross misconduct are as follows:

Misconduct: where an employee’s actions are such that they fall outside of what is generally, and reasonably agreed to be acceptable standards.

Gross misconduct: where an employee behaves in such a way that we cannot reasonably be expected to allow that behaviour or action to be repeated, for example, Illegal activities, serious breach of our policies, gross negligence, serious insubordination, or offensive behaviour.

Performance management

Unfortunately, if your performance doesn't meet the level required for your role, and informal attempts to help your performance improve don't work, you will be subject to the performance management process.

This closely follows the three-step process under the misconduct procedure, but with performance review meetings, and first and final warnings being replaced with improvement notices. As with misconduct meetings, you will have the right to be accompanied by a work colleague or trade union representative.

The time between reviews will vary depending upon the nature of the improvements needed, but will ensure sufficient time to put into action any remedial action, and to demonstrate improvement.

If there is no improvement following the final improvement notice, it may result in dismissal due to poor performance. If this occurs, an appeal to the decision will be offered.

Sickness management

If your absence levels are deemed unreasonable, you will be notified of the need to improve. If your absence levels continue to be unsatisfactory, or a pattern emerges, we will begin the absence management process.

The absence management process mirrors the three-step disciplinary process, in that there are formal meetings at which you can be accompanied by a work colleague or trade union rep.

If you are dismissed because of poor absence, you may appeal this decision.


If you are unable to undertake the role you have been hired to do due to either continued ill health or incapacity, we will ensure we have exhausted any possible reasonable adjustments before making any decision to dismiss.

You will be given the right to be accompanied by a trade union rep or work colleague during formal review meetings. The number of review meetings needed will be dependent upon the circumstances of the case, however we will do what we reasonably can to help you retain employment with Eduserv.

You may be required to attend either an occupational health review, or will be asked for permission for Eduserv to contact your GP. If we do not have sufficient medical information, we would be required to make a decision without all of the facts, which ultimately may be to your detriment.

You may appeal any decision to dismiss due to capability.