Everyone — Non-negotiable

The Golden Rules

These are the few rules that protect our customers, our company, and you. We will never compromise on them. Every one is a Never, and "never" means never: not for a manager, not "just this once", not because someone seemed to be in a hurry or in authority. They are gathered here automatically from across the handbook.

These are conditions of working here. Knowingly breaking one is a serious matter and, depending on the harm, can be grounds for dismissal as well as legal consequences. If a rule ever seems to get in the way of your work, that's exactly the moment to stop and ask — never to quietly break it.

41 zero-tolerance rules across 22 area(s). Each links back to its full topic.

Security Basics for Everyone

Zero ToleranceNever share your account, password, or login with anyone — not colleagues, not IT, not your manager. Your login is yours alone.
Zero ToleranceNever send customer or personal data to your personal email, personal cloud, or any unapproved place.
Zero ToleranceNever hand over a password, code, or sensitive information because someone asked by email, phone, or message — verify first, through a channel you trust.

Passwords & Passphrases

Zero ToleranceNever reuse a work password on a personal site, or a personal password at work.
Zero ToleranceNever tell anyone your password, or type it in because a message, email, or phone call asked you to.

Never Share Accounts or Logins

Zero ToleranceNever share your account, password, or login with anyone — a colleague, a new starter, your manager, or someone claiming to be IT.
Zero ToleranceNever use someone else's login, or log in "as" another person, for any reason.
Zero ToleranceNever keep using, or let others keep using, the login of someone who has left or changed roles — that access must end.

Multi-Factor Authentication (MFA)

Zero ToleranceNever read out, type in, or share an MFA code because someone asked — by phone, message, or email. A real colleague or IT will never need your code.
Zero ToleranceNever turn off, bypass, or "temporarily" skip MFA on a work account.

Phishing Emails

Zero ToleranceNever enter your password or an MFA code on a page you reached by clicking a link in an unexpected message.
Zero ToleranceNever act on an email asking you to move money or change bank/payment details without verifying it by phone on a number you already trust.

Social Engineering (Phone, Text & In Person)

Zero ToleranceNever give your password, an MFA code, or sensitive customer/company data to someone over the phone, by text, or in person because they asked.
Zero ToleranceNever buy gift cards, move money, or change payment details because of an urgent message or call, without verifying it independently first.

Links, Attachments & Downloads

Zero ToleranceNever enter your password or a code on a page you reached by clicking a link in an unexpected message.
Zero ToleranceNever install software, browser extensions, or apps from unknown or unapproved sources onto a work device.

Fraud Awareness

Zero ToleranceAlways independently verify any request to make a payment, change bank/payment details, or release funds — call the person or supplier on a known, trusted number (not one from the message) before acting.
Zero ToleranceNever make a payment, change payment details, or buy gift cards based on an email, text, or call alone, without independent verification.
Zero ToleranceNever bypass the normal payment-authorisation process because a request is urgent or appears to come from someone senior.

Handling Customer & Personal Data

Zero ToleranceNever send customer or personal data to your personal email, personal cloud storage, personal phone, or any unapproved app or device.
Zero ToleranceNever look up, access, or share someone's data out of curiosity or for any reason outside your job — including friends, family, or public figures.
Zero ToleranceNever take screenshots, photos, or copies of customer data to keep, send, or post — including in chats, tickets, or social media.

Using AI Tools Safely

Zero ToleranceNever put customer data, personal information, identity documents, passwords, secrets, or confidential company material into a public or unapproved AI tool.

When a Customer Asks About Their Data

Zero ToleranceNever send someone's personal data to a requester without verified identity and the proper process — a fraudster posing as the customer is exactly how data gets stolen.
Zero ToleranceNever delete or change customer records yourself in response to a request outside the proper process — regulated records have rules about what can be removed (see related engineering guidance).

Your Devices & Updates

Zero ToleranceAlways report a lost or stolen work device — or one accessing work data — to IT/security immediately, so it can be locked and wiped (see Report It).

Safe Web Browsing & Downloads

Zero ToleranceNever enter your work password on a page you reached by clicking a link in an unexpected message.

USB Sticks & Removable Media

Zero ToleranceNever copy customer or company data onto a personal USB stick, drive, or phone (see Handling Customer Data).

Using Your Own Devices (BYOD)

Zero ToleranceAlways use your own individual work login on a personal device — never a shared account (see Never Share Accounts or Logins).
Zero ToleranceNever save or copy customer/company data into personal apps, storage, or backups on a personal device (see Handling Customer Data).

Using Company Systems

Zero ToleranceNever use your access to company systems or data for personal gain, curiosity, or any purpose outside your job.

Social Media & Talking About Work

Zero ToleranceNever post customer data, identity documents, or anything confidential about our customers or their cases — anywhere, ever.

Anti-Bribery, Gifts & Conflicts of Interest

Zero ToleranceNever give or accept anything of value — money, gifts, hospitality, favours — intended to influence, reward, or secure an improper business advantage.
Zero ToleranceNever make a facilitation payment or any payment to improperly speed up or secure a decision.

Respect at Work

Zero ToleranceNever harass, bully, discriminate against, or demean anyone — in person, in writing, or online. It is never acceptable and is treated as a serious matter.
Zero ToleranceNever retaliate against someone for raising a concern in good faith — retaliation is itself a serious breach.

Leaving Well (Offboarding)

Zero ToleranceNever take company or customer data with you — files, documents, contacts, code — to a personal account, device, or a new employer (see Handling Customer Data).
Zero ToleranceNever keep using, or let others keep using, a leaver's login or access after they've gone — access ends when the role does (see Never Share Accounts or Logins).

Report It — Fast and Blame-Free

Zero ToleranceAlways report anything suspicious or any mistake immediately — a phishing email, a click you regret, a lost device, data sent to the wrong place, or just a feeling that something's off.
Zero ToleranceNever hide, delay, or fail to report a mistake, a suspected breach, or a security concern because you're worried or embarrassed — concealment is the one thing that turns a manageable problem into a serious one.

Speaking Up & Raising Concerns

Zero ToleranceNever stay silent about serious wrongdoing or risk because it's awkward, not your job, or involves someone senior — silence is how harm grows (see Professional Ethics & Integrity).

Why these matter so much: every rule here exists because breaking it has, somewhere, let a criminal in, leaked someone's personal data, or cost a company its reputation and its licence. Each one takes seconds to follow. When in doubt about any of them, stop and ask first — you will never be in trouble for checking.