Physical & Everyday

Using Company Systems

Foundational

Company devices, accounts, and systems are provided for work, and using them sensibly keeps everyone safe and the company on the right side of the rules. The principles are common sense: use them for their purpose, keep your conduct professional and lawful, and don't try to get around the protections that are there for a reason.

This isn't about catching people out — it's about a shared understanding of how we use the tools we're given. Company systems carry sensitive data and represent the company, so misusing them creates risk for all of us. Most of this is what you'd expect; the parts worth highlighting are around keeping work and personal separate, and not undermining security.

A reasonable amount of personal use is usually fine — check your team's norms — but the systems remain company property and may be monitored for security and compliance, as the law allows.

Use systems responsibly

DoUse company systems and accounts mainly for work, and keep your conduct professional, lawful, and respectful — as you would in any work setting.
DoKeep work data in work systems and personal data in personal ones; don't blur the two.
DoFollow company policies on email, messaging, and social media when acting in connection with work.
ConsiderThat company systems may be monitored for security and compliance, so there's limited expectation of privacy on them.

Don't misuse them

Do notUse work systems for anything illegal, harassing, or that you wouldn't want associated with the company.
Do notTry to bypass security controls, access things you're not authorised to, or "test" what you can get into.
NeverUse your access to company systems or data for personal gain, curiosity, or any purpose outside your job.
NeverDeliberately disable, evade, or defeat security or monitoring controls on company systems.

Ask yourself

AskIs this a reasonable, professional use of a company system?
AskAm I keeping work and personal sensibly separate?
AskAm I trying to get around a control or access something that isn't mine to access?

Why it matters: Company systems hold sensitive data and carry the company's name, so how we use them affects our security, our compliance, and our reputation. Using them responsibly — for their purpose, lawfully, and without undermining their protections — keeps that shared resource safe for everyone who depends on it.