Management system policy statements

UK FARMCARE LTD

MANAGEMENT SYSTEM POLICY STATEMENTS

Doc No
Rev 3
Date 06/01/2021

ISO 9001 - Quality Policy Statement

The management and staff of UK Farmcare Limited are fully committed to the provision of quality assured, consistent and cost-effective delivery systems for livestock health management support services and in particular, bovine tuberculosis (TB) surveillance, which takes due account of relevant legislation, animal health and welfare, customer requirements and the need to maintain high levels of national confidence with regard to services and the assurance that outcomes are valid and reliable.   All staff are aware of this policy and commit to fully comply with its requirements.   The implementation of BS EN ISO 9001 throughout the organisation will serve as a framework for the achievement of this vision and ensure continual improvement of the effectiveness of the quality management system.

QUALITY OBJECTIVES

  • to ensure conformity to customer and applicable statutory and regulatory requirements through the effective application of this quality system
  • to enhance customer satisfaction through the application of associated procedures to review and improve the quality system
  • to effectively manage the availability of resources, information and training and development necessary to support the operation, monitoring and review of these processes


The policy is available to the public via the Company’s website.

ISO 14001 - Environmental Policy Statement

The management and staff of UK Farmcare Limited are fully committed to protecting the environment, and the policy and procedures contained in this document which details its compliance with applicable legal and other requirements preventing pollution and improving environmental performance. UK Farmcare Limited recognises the need for sustainable development and to plan, implement, monitor review and evaluate its activities so as to minimise resultant potential adverse effects on the environment. UK Farmcare Limited takes matters concerning the environment very seriously. It aims to meet and where possible, exceed all relevant legal requirements that apply to its activities under the scope of this document. The Directors of UK Farmcare Limited are fully committed to the Environmental Management System and will encourage employee environmental awareness and responsibility through staff training and development, communication and active participation. The Directors of UK Farmcare Limited will include environmental consideration in their strategic planning thus ensuring adequate financial, human and physical resources are available to maintain and increase capacity to respond flexibly to revised environmental targets and changing legislation.

The Directors of UK Farmcare Limited will provide for effective use of resources by;

  • promoting the efficient use of resources, energy and fuel throughout the company’s operations
  • minimising waste by reusing or recycling resources as appropriate

UK Farmcare Limited will work closely with suppliers, sub-contractors and customers to publicise its commitment to environmental issues and to promote a joint approach to environmental impact reduction and continual improvement.

This environmental policy will be reviewed annually unless circumstances dictate otherwise.

The policy is available to the public via the Company’s website.

BS ISO 45001 - Occupational Health and Safety

UK Farmcare Ltd (the Employer) takes health and safety issues seriously and is fully committed to protecting the health and safety of our staff and those who could be harmed by our activities.

To achieve this commitment the Company has implemented a management system designed to meet the requirements of ISO 45001 and all legal and other requirements. The system has been fully implemented and all personnel have been made aware of their duties and responsibilities. All personnel have read only or read/write access to the latest revision of management system documentation.

Foreseeable risks have been identified and actions taken to mitigate them have been documented and made known to all necessary persons. The management system has been designed to promote continual improvement by review and monitoring. Quarterly meetings are held with all staff affording them the opportunity to have input to health and safety performance/improvement. Achieving a healthy and safe workplace is a collective task shared between the employer and staff. This policy and the rules contained in it apply to all staff, irrespective of seniority, and consultants. This statement of policy, which is available to the public via the Company’s website, may be amended by the Employer at its absolute discretion.

The policy is available to the public via the Company’s website.

ISO/IEC 17020 - Conformity Assessment

UK Farmcare Ltd is committed to good professional practice and the continual improvement of processes and services to achieve ongoing customer satisfaction. It is therefore our policy to:

  • Consistently provide quality in-service audits that conform to customer and regulatory requirements
  • Ensure that all personnel are competent and qualified for the tasks they perform, and that all personnel familiarise themselves with management system documentation in order to implement the policies and procedures in their work
  • Professionally and effectively perform in-service audits to produce accurate and precise results
  • Consistently comply with ISO/IEC 17020 through compliance with the management system to ensure quality in-service auditing, and to continually improve the effectiveness of the Management System
  • It is UK Farmcare Ltd's goal to encourage active participation of all employees in quality planning and continual improvement efforts to meet all quality and service
  • Comply with all legal and other requirements that apply to the organisation’s operations
  • Determine, meet and, where possible, exceed the requirements of customers and other interested parties
  • Ensure the protection of customer confidential information and proprietary rights, including the electronic storage and transmission of results


The policy is available to the public via the Company’s website.

ISO/IEC 17024 - Conformity Assessment

The management and staff of UK Farmcare Limited are fully committed to the provision of quality assured, consistent and cost-effective delivery systems compliant with the internationally recognised standard ISO/IEC 17024 – Conformity assessment – General requirements for bodies operating certification of persons. The management system has been set up to assess the competence of persons who carry out testing for bovine TB in compliance with the EU Directive 64/432/EEC, APHA SOP, the Practice Operational Manual and the TB QA Manual.

All staff shall be made aware of this policy and commit to fully comply with its requirements.

The implementation and accreditation of ISO/IEC 17024 throughout the organisation will serve as a framework for the achievement of this vision and ensure continual improvement of the effectiveness of the quality management system.

Compliance with the requirements of all elements of the management system including ISO9001, ISO14001, OHSAS18001, ISO/IEC17020 ISO/IEC 17024 and ISO/IEC 17025 are an absolute requirement for all personnel


Quality Objectives

To ensure conformity to customer and applicable statutory and regulatory requirements through the effective application of this quality system. The needs and expectations of interested parties are also considered To enhance customer satisfaction through the application of associated procedures to review and improve the quality system. To effectively manage the availability of resources, information and training and development necessary to support the operation, monitoring and review of these processes.

The policy is available to the public via the Company’s website.

ISO/IEC 17025 - Testing & Calibration Laboratories

UK Farmcare Ltd is committed to good professional practice, the quality of its testing services and the continual improvement of processes and services to achieve ongoing customer satisfaction. It is therefore our policy to:

  • Consistently provide quality testing services that conform to customer and regulatory requirements
  • Ensure that all personnel are competent and qualified for the tasks they perform, and that all personnel familiarise themselves with management system documentation in order to implement the policies and procedures in their work
  • Professionally and effectively perform testing services to produce accurate and precise results
  • Consistently comply with ISO/IEC 17025 through compliance with the management system to ensure quality testing services, and to continually improve the effectiveness of the Management System
  • It is UK Farmcare Ltd's goal to encourage active participation of all employees in quality planning and continual improvement efforts to meet all quality and service requirements.
  • Comply with all legal and other requirements that apply to the organisation’s operations
  • Determine, meet and where possible exceed the requirements of customers and other interested parties
  • Ensure the protection of customer confidential information and proprietary rights, including the electronic storage and transmission of results

The policy is available to the public via the Company’s website.

Impartiality

One of UK Farmcare Ltd’s core values is its commitment to impartiality. It is therefore essential for UK Farmcare Ltd to manage any potential conflict of interest to safeguard impartiality in all of its activities. The Company offers no financial or other incentives to personnel involved in the certification process. UK Farmcare Ltd have in place safeguards that mitigate or eliminate threats to impartiality including procedures and risk assessment. UK Farmcare Ltd fully understands the importance of impartiality in carrying out its management system and certification activities and its policies and procedures are designed to manage any conflict of interest and to ensure the objectivity of our management system and certification activities. Impartiality During Certification of a person, Auditing and Testing Activities is based on objective evidence obtained through a fair, valid reliable assessment and shall not be influenced by other interests or by other parties. Impartiality is extended to candidates and certified persons and is not restricted or compromised on the grounds of financial or other limiting conditions. An impartiality assessment is carried out and recorded prior to every assessment for certification of a person Threats to impartiality shall not be tolerated and any auditor/tester/assessor who feels threatened shall immediately terminate the activity and report the facts to the Business Manager and/or the Veterinary Services Manager who shall carry out an investigation and act on the findings.

Threats include:
  • self-interest threats: threats that arise from a person or body acting in its own interest to benefit itself
  • subjectivity threats: threats that arise when personal bias overrules objective evidence
  • familiarity threats: threats that arise from a person being familiar with or trusting of another person, e.g. an examiner or certification body personnel developing a relationship with a candidate that affects the ability to reach an objective judgement
  • intimidation threats: threats that prevent a certification body or its personnel from acting objectively due to fear of a candidate or other interested party
  • financial threats: the source of revenue for a certification body can be a threat to impartiality


The Company promotes a culture that stresses the expectation that staff will act in the wider interest and the importance of impartiality. The maintenance of effective policies and procedures is reviewed at least annually as part of the management review. Significant changes to the management system, company organisation or interested parties shall be assessed to determine continuing impartiality and when necessary actions to address the findings shall be implemented and verified. All personnel shall be made aware of this policy and the importance of impartiality and what actions to take in the event of a threat. The policy is available to the public via the Company’s website.

Confidentiality

The purpose of this Policy statement is to ensure that everyone working on behalf of UK Farmcare Ltd is aware of their responsibilities when using confidential information. The principle underpinning this Policy statement is that no employee shall misuse any information or allow others to do so. The Policy statement has been written to support staff in compliance with the following legal requirements and best practice guidance:

  • Data Protection Act
  • Human Rights Act
  • GDPR


This Policy statement applies to all personal identifiable information, whether written, computerised or visual, or simply held in the memory of a member of staff. It applies equally to staff on permanent, temporary or voluntary placement. Information about staff, which is processed for the purpose of their employment should be treated as confidential. Confidentiality should only be breached in exceptional circumstances and with appropriate justification. All staff should ensure that the following principles are practised: When you are responsible for confidential information you must make sure that the information is effectively protected against improper disclosure when it is received, stored, transmitted or disposed of confidential information must only be accessed by you if it is appropriate to the job that you are employed to undertake; If you are required to disclose information outside the team that could have personal consequences for an individual, you must obtain their consent. If the individual withholds consent, or if consent cannot be obtained for whatever reason, disclosures may be made only where they can be justified in the public interest or if they are required by law or by order of a court If you are required to disclose confidential information you should release only as much information as is necessary for the purpose; You must make sure that the persons to whom you disclose information understand that it is given to them in confidence which they must respect; If you decide to disclose confidential information, you must be prepared to explain and justify your decision. If you have any doubts discuss them with your line manager. Any queries concerning this policy statement should be brought to the attention of your line manager in the first instance. Your contract of employment includes a commitment to confidentiality. Breaches of confidentiality could be regarded as gross misconduct and may result in serious disciplinary action up to and including dismissal. Any failure to maintain confidentiality shall be recorded on a nonconformity report and immediately escalated to Senior Management who will:

  • determine and implement action to resolve the issue
  • investigate and determine the root cause
  • determine actions necessary to prevent recurrence
  • feedback to interested parties
  • ensure that any actions taken have been fully and effectively implemented


  The policy is available to the public via the Company’s website.

Security of Information

Documentation (internal and external) that relates to the fulfilment of the management system standards is stored either electronically or in hard copy. The documentation held electronically is stored locally on all PCs and laptops. When an individual logs in to a PC or laptop, it is automatically synchronised with OneDrive. When a document is updated locally, it automatically synchronises with OneDrive, thus ensuring that the latest revision of a document is available to all necessary personnel. All documents are marked Uncontrolled Copy When Printed. The Company has achieved and will maintain Cyber Essentials Certification to further enhance its security arrangements. When expired or no longer needed, electronic documents and records will be archived or deleted at the discretion of the Business Manager and/or Veterinary Services Manager. At the discretion of the Business Manager and/or Veterinary Services Manager expired or obsolete hard copies shall be shredded and sent for recycling.

Security Statement

The Company shall:
  • put measures in place to ensure that awareness of data protection will enable breaches to be reported more easily
  • issue guidance on how to report PII breaches for analysis, categorisation and response
  • provide resource to analyse reported PII breaches to identify those that are incidents requiring a structured response
  • assemble breach response teams with a defined responsibility assignment matrix, as required, to contain and recover from security incidents
  • ensure that its contemporaneous logs of incidents are kept
  • hold periodic post resolution lessons learned meetings to focus on trends and improvements to reduce the likelihood and impact of recurrence, as appropriate

  The Company recognises that in some instances PII breaches are beyond its reasonable control and the importance of being prepared for such eventualities. The Company shall ensure that it reacts appropriately to any actual or suspected PII breaches. UK Farmcare Ltd recognises that a structured response to PII breaches has a number of clear benefits to it including:
  • Improving overall PII security
  • Reducing adverse business impacts
  • Strengthening the PII breach prevention focus
  • Strengthening prioritisation
  • Strengthening evidence collection and custody arrangements
  • Contributing to budget and resource justifications
  • Improving updates to information governance risk assessment and risk management
  • Providing PII security awareness and training material
  • Providing input to PII security policy reviews via lessons learned.

  Any failure to maintain security shall be recorded on a nonconformity report and immediately escalated to Senior Management who will:
  • determine and implement action to resolve the issue
  • investigate and determine the root cause
  • determine actions necessary to prevent recurrence
  • feedback to interested parties
  • ensure that any actions taken have been fully and effectively implemented

Equipment Acceptable Use Policy

Welcome to the UK Farmcare Ltd Acceptable Use Policy.  This Acceptable Usage Policy covers the security and use of all UK Farmcare Ltd’s information and IT equipment. It also includes the use of email, internet, voice and mobile IT equipment. This policy applies to all UK Farmcare Ltd’s employees, contractors and agents (hereafter referred to as ‘individuals’). This policy applies to all information, in whatever form, relating to UK Farmcare Ltd’s business activities worldwide, and to all information handled by UK Farmcare Ltd relating to other organisations with whom it deals. It also covers all IT and information communications facilities operated by UK Farmcare Ltd or on its behalf.  

Computer Access Control – Individual’s Responsibility
Access to the UK Farmcare Ltd IT systems is controlled by the use of User IDs and passwords. All User IDs and passwords are to be uniquely assigned to named individuals and consequently, individuals are accountable for all actions on the UK Farmcare Ltd IT systems. Individuals must not:
  • Allow anyone else to use their user ID and password on any UK Farmcare Ltd IT system.
  • Leave their user accounts logged in at an unattended and unlocked computer.
  • Use someone else’s user ID and password to access UK Farmcare Ltd IT systems.
  • Leave their password unprotected (for example writing it down).
  • Perform any unauthorised changes to UK Farmcare Ltd IT systems or information.
  • Attempt to access data that they are not authorised to use or access.
  • Exceed the limits of their authorisation or specific business need to interrogate the system or data.
  • Connect any non- UK Farmcare Ltd authorised device to the UK Farmcare Ltd network or IT systems.
  • Store UK Farmcare Ltd data on any non-authorised UK Farmcare Ltd equipment.
  • Give or transfer UK Farmcare Ltd data or software to any person or organisation outside UK Farmcare Ltd without the authority of UK Farmcare Ltd.
Line managers must ensure that individuals are given clear direction on the extent and limits of their authority with regard to IT systems and data.  

Internet and email Conditions of Use
Use of UK Farmcare Ltd internet and email is intended for business use. Personal use is permitted where such use does not affect the individual’s business performance, is not detrimental to UK Farmcare Ltd in any way, not in breach of any term and condition of employment and does not place the individual or UK Farmcare Ltd in breach of statutory or other legal obligations. All individuals are accountable for their actions on the internet and email systems. Individuals must not:
  • Use the internet or email for the purposes of harassment or abuse.
  • Use profanity, obscenities, or derogatory remarks in communications.
  • Access, download, send or receive any data (including images), which UK Farmcare Ltd considers offensive in any way, including sexually explicit, discriminatory, defamatory or libellous material.
  • Use the internet or email to make personal gains or conduct a personal business.
  • Use the internet or email to gamble.
  • Use the email systems in a way that could affect its reliability or effectiveness, for example distributing chain letters or spam.
  • Place any information on the Internet that relates to UK Farmcare Ltd, alter any information about it, or express any opinion about UK Farmcare Ltd, unless they are specifically authorised to do this.
  • Send unprotected sensitive or confidential information externally.
  • Forward UK Farmcare Ltd mail to personal email accounts (for example a personal Hotmail account).
  • Make official commitments through the internet or email on behalf of UK Farmcare Ltd unless authorised to do so.
  • Download copyrighted material such as music media (MP3) files, film and video files (not an exhaustive list) without appropriate approval.
  • In any way infringe any copyright, database rights, trademarks or other intellectual property.
  • Download any software from the internet without prior approval of the IT Department.
  • Connect UK Farmcare Ltd devices to the internet using non-standard connections.
 

Clear Desk and Clear Screen Policy
In order to reduce the risk of unauthorised access or loss of information, UK Farmcare Ltd enforces a clear desk and screen policy as follows:
  • Computers must be logged off/locked or protected with a screen locking mechanism controlled by a password when unattended.
  • Care must be taken to not leave confidential material on printers or photocopiers.
  • All business-related printed matter must be disposed of using the shredder.
 

Working Off-site
It is accepted that laptops and mobile devices will be taken off-site. The following controls must be applied:
  • Equipment and media taken off-site must not be left unattended in public places and not left in sight in a car.
  • Laptops must be carried as hand luggage when travelling.
  • Information should be protected against loss or compromise when working remotely (for example at home or in public places). Laptops should require an individual to login with a username and password and must be logged off/locked or protected with a screen locking mechanism controlled by a password when not in use.
  • Individuals must not allow any unauthorised devices to be connected to the laptop when working off-site, nor should they give, transfer or allow to be taken any UK Farmcare Ltd data or software from the laptop.
  • Particular care should be taken with the use of mobile devices such as laptops, mobile phones, smartphones and tablets. They must be protected at least by a password.
 

Mobile Storage Devices
Mobile devices such as memory sticks, CDs, DVDs and removable hard drives must be used only in situations when network connectivity is unavailable or there is no other secure method of transferring data. Only UK Farmcare Ltd authorised mobile storage devices with encryption enabled must be used, when transferring sensitive or confidential data.  

Software
Employees must use only software that is authorised by UK Farmcare Ltd on UK Farmcare Ltd’s computers. Authorised software must be used in accordance with the software supplier's licensing agreements. All software on UK Farmcare Ltd computers must be approved and installed by a member of UK Farmcare Ltd staff who has been granted Admin Account access rights. Individuals must not store personal files such as music, video, photographs or games on UK Farmcare Ltd IT equipment.  

Viruses
UK Farmcare Ltd has installed anti-virus software with automated virus detection and virus software updates on all UK Farmcare Ltd’s PCs. All PCs have antivirus software installed to detect and remove any virus automatically. Individuals must not:
  • Remove or disable anti-virus software.
  • Attempt to remove virus-infected files or clean up an infection, other than by the use of approved UK Farmcare Ltd anti-virus software and procedures.
 

Telephony (Voice) Equipment Conditions of Use
Use of UK Farmcare Ltd voice equipment is intended for business use. Individuals must not use UK Farmcare Ltd voice facilities for sending or receiving private communications on personal matters, except in exceptional circumstances. All non-urgent personal communications should be made at an individual’s own expense using alternative means of communications. Individuals must not:
  • Use UK Farmcare Ltd’s voice equipment for conducting private business.
  • Make hoax or threatening calls to internal or external destinations.
  • Accept reverse charge calls from domestic or International operators, unless it is for business use.
 
Actions upon Termination of Contract
All UK Farmcare Ltd equipment and data, for example laptops and mobile devices including telephones, smartphones, USB memory devices and CDs/DVDs, must be returned to UK Farmcare Ltd at termination of contract. All UK Farmcare Ltd data or intellectual property developed or gained during the period of employment remains the property of UK Farmcare Ltd and must not be retained beyond termination or reused for any other purpose.  

Monitoring and Filtering
All data that is created and stored on UK Farmcare Ltd computers is the property of UK Farmcare Ltd and there is no official provision for individual data privacy, however, wherever possible UK Farmcare Ltd will avoid opening personal emails. IT system logging will take place where appropriate, and investigations will be commenced where reasonable suspicion exists of a breach of this or any other policy. UK Farmcare Ltd has the right (under certain conditions) to monitor activity on its systems, including internet and email use, in order to ensure systems security and effective operation, and to protect against misuse. Any monitoring will be carried out in accordance with audited, controlled internal processes, the UK Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice Interception of Communications) Regulations 2000. This policy must be read in conjunction with:
  • Computer Misuse Act 1990
  • Data Protection Act 1998
It is your responsibility to report suspected breaches of security policy without delay to the relevant line manager or a member of senior management. All breaches of information security policies will be investigated. Where investigations reveal misconduct, disciplinary action may follow in line with UK Farmcare Ltd’s disciplinary procedures.

Admin Account Access Control

Welcome to the UK Farmcare Ltd Admin Account Access Policy.  This policy covers the process for UK Farmcare Ltd’s employees, contractors and agents (hereafter referred to as ‘individuals’) to be granted access to the XLAdmin account on UK Farmcare Ltd’s information and IT equipment.  It also covers the procedures individuals must follow once granted XLAdmin account access.

Admin Account Access Control
Access to the XLAdmin account on UK Farmcare Ltd’s IT systems is controlled by the use of a User ID and password. The same User ID and password is used by all individuals accessing the XLAdmin account, however, individuals are accountable for their actions taken on the UK Farmcare Ltd IT system whilst logged into this account. When logged into the XLAdmin account, individuals must not:

  • Leave the XLAdmin account logged in at an unattended and unlocked computer.
  • Leave the password to the XLAdmin account unprotected (for example writing it down).
  • Perform any unauthorised changes to UK Farmcare Ltd IT systems or information.
  • Attempt to access data that they are not authorised to use or access.
  • Exceed the limits of their authorisation or specific business need to interrogate the system or data.
  • Connect any non- UK Farmcare Ltd authorised device to the UK Farmcare Ltd network or IT systems.
  • Store UK Farmcare Ltd data on any non-authorised UK Farmcare Ltd equipment.
  • Give or transfer UK Farmcare Ltd data or software to any person or organisation outside UK Farmcare Ltd without the authority of UK Farmcare Ltd.
  • Access or make use of any email accounts, regardless of whether or not they are UK Farmcare Ltd email accounts or personal email accounts.

Line managers must ensure that individuals are given clear direction on the extent and limits of their authority with regard to IT systems and data.

Conditions of Use
Use of the XLAdmin account is intended for business use only. Personal use is not permitted under any circumstances. All individuals are accountable for their actions when logged into the XLAdmin account. Individuals must follow the UK Farmcare Ltd IT Equipment Acceptable Use Policy whilst logged into the XL Admin account.

Working Off-site
Individuals should not login to the XLAdmin account when working off-site.

Mobile Storage Devices
Mobile devices such as memory sticks, CDs, DVDs and removable hard drives must not be used whilst an individual is logged into the XLAdmin account.

Software
Employees must use only software that is authorised by UK Farmcare Ltd on UK Farmcare Ltd’s computers. Authorised software must be used in accordance with the software supplier's licensing agreements. All software on UK Farmcare Ltd computers must be approved and installed by a member of UK Farmcare Ltd staff who has been granted Admin Account access rights.

Individuals must not store personal files such as music, video, photographs or games on UK Farmcare Ltd IT equipment.

Viruses
UK Farmcare Ltd has installed anti-virus software with automated virus detection and virus software updates on all UK Farmcare Ltd’s PCs. All PCs have antivirus software installed to detect and remove any virus automatically.

Individuals must not:

  • Remove or disable anti-virus software.
  • Attempt to remove virus-infected files or clean up an infection, other than by the use of approved UK Farmcare Ltd anti-virus software and procedures.



Telephony (Voice) Equipment Conditions of Use
Use of UK Farmcare Ltd voice equipment is intended for business use. Individuals must not use UK Farmcare Ltd voice facilities for sending or receiving private communications on personal matters, except in exceptional circumstances. All non-urgent personal communications should be made at an individual’s own expense using alternative means of communications.
Individuals must not:

  • Use UK Farmcare Ltd’s voice equipment for conducting private business.
  • Make hoax or threatening calls to internal or external destinations.
  • Accept reverse charge calls from domestic or International operators, unless it is for business use.


Actions upon Termination of Contract
All UK Farmcare Ltd equipment and data, for example laptops and mobile devices including telephones, smartphones, USB memory devices and CDs/DVDs, must be returned to UK Farmcare Ltd at termination of contract.
All UK Farmcare Ltd data or intellectual property developed or gained during the period of employment remains the property of UK Farmcare Ltd and must not be retained beyond termination or reused for any other purpose.

Monitoring and Filtering
All data that is created and stored on UK Farmcare Ltd computers is the property of UK Farmcare Ltd and there is no official provision for individual data privacy, however, wherever possible UK Farmcare Ltd will avoid opening personal emails.
IT system logging will take place where appropriate, and investigations will be commenced where reasonable suspicion exists of a breach of this or any other policy. UK Farmcare Ltd has the right (under certain conditions) to monitor activity on its systems, including internet and email use, in order to ensure systems security and effective operation, and to protect against misuse. Any monitoring will be carried out in accordance with audited, controlled internal processes, the UK Data Protection Act 1998, the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice Interception of Communications) Regulations 2000.
This policy must be read in conjunction with:

  • Computer Misuse Act 1990
  • Data Protection Act 1998

It is your responsibility to report suspected breaches of security policy without delay to the relevant line manager or a member of senior management.
All breaches of information security policies will be investigated. Where investigations reveal misconduct, disciplinary action may follow in line with UK Farmcare Ltd’s disciplinary procedures.

The Password Policy

Password Policy



Welcome to the UK Farmcare Ltd Password Policy.  Employees at UK Farmcare Ltd must access a variety of IT resources, including computers and other hardware devices, data storage systems, and other accounts. Passwords are a key part of UK Farmcare Ltd’s IT strategy to make sure only authorised people can access those resources and data.
All employees who have access to any of those resources are responsible for choosing strong passwords and protecting their log-in information from unauthorised people.
The purpose of this policy is to make sure all UK Farmcare Ltd’s resources and data receive adequate password protection. The policy covers all employees who are responsible for one or more account or have access to any resource that requires a password.

Password Creation
  • All passwords should be reasonably complex and difficult for unauthorised people to guess. Employees should choose passwords that are at least eight characters long and contain a combination of upper- and lower-case letters, numbers, and special characters. These requirements will be enforced with software when possible.
  • In addition to meeting those requirements, employees should also use common sense when choosing passwords. They must avoid basic combinations that are easy to crack. For instance, choices like “password,” “password1” and “Pa$$w0rd” are equally bad from a security perspective.
  • A password should be unique, with meaning only to the employee who chooses it. That means dictionary words, common phrases and even names should be avoided. One recommended method to choosing a strong password that is still easy to remember: Pick a phrase, take its initials and replace some of those letters with numbers and other characters and mix up the capitalisation. For example, the phrase “This may be one way to remember” can become “TmB0WTr!”.
  • Employees must choose unique passwords for all of their company accounts and may not use a password that they are already using for a personal account.
  • All passwords must be changed regularly, with the frequency varying based on the sensitivity of the account in question. This requirement will be enforced using software when possible.
  • If the security of a password is in doubt – for example, if it appears that an unauthorised person has logged in to the account – the password must be changed immediately.
  • Default passwords – such as those created for new employees when they start or those that protect new systems when they’re initially set up – must be changed as quickly as possible.


Protecting Passwords

  • Employees may never share their passwords with anyone else in the company, including co-workers, managers, administrative assistants, IT staff members, etc. Everyone who needs access to a system will be given their own unique password.
  • Employees may never share their passwords with any outside parties, including those claiming to be representatives of a business partner with a legitimate need to access a system.
  • Employees should take steps toavoid phishing scams and other attempts by hackers to steal passwords and other sensitive information. All employees will receive training on how to recognise these attacks.
  • Employees must refrain from writing passwords down and keeping them at their workstations. See above for advice on creating memorable but secure passwords. If a password is required to be written down for any reason, the password must be stored in the locked petty cash draw with prior permission from the relevant line manager.
  • Employees may not use password managers or other tools to help store and remember passwords without prior permission from the relevant line manager.

Drugs and alcohol at Work

Introduction
This policy sets out the company’s aims in reducing and managing alcohol and drug problems in the workplace.

Aim
To clearly state the company’s position on alcohol and drugs within the workplace.

Objectives
To ensure the company complies with appropriate legislation To minimise the risks associated with alcohol and drugs in the workplace To have clear rules regarding alcohol and drugs in the workplace To encourage the early identification of employees who may be experiencing alcohol or drug problems To provide support for employees experiencing alcohol and drug problems To provide training and support to line managers to ensure they are equipped to support employees experiencing problems

Definitions
Alcohol problem - An alcohol problem is defined as any drinking, either intermittent or continual which interferes with a person’s health and/or social functioning and/or work capability or conduct. Drugs - Any drug, whether illegal, prescribed or over the counter or solvents such as glue, butane, etc. In the case of prescribed and over the counter drugs, their possession and use by the employee is acknowledged as legitimate. Drug problem - The use of illegal drugs, the deliberate use of prescribed or over the counter drugs (when not for a medical condition) and the use of solvents, either intermittent or continual which interferes with a person’s health and/or social functioning and/or work capability or conduct.

Legal
The Health and Safety at Work Act 1974 requires employers to protect the health, safety and welfare of their employees and others who may be affected by their activities, as far as is reasonably practicable. The Management of Health and Safety at Work Regulations 1999 requires employers to carry out a risk assessment to identify hazards in the workplace and put measures in place to minimise these risks. The Misuse of Drugs Act (1971) is the main legislation covering drugs and categorises them as classes A, B and C. These drugs are called controlled substances and class A drugs are considered to be the most harmful under this act. It is illegal for anyone, whether at work or not to produce, supply or be in possession of illegal drugs. Employers may be liable if they knowingly allow dispensing, manufacturing, possession, using or selling on their premises.

Policy Rules
The company requires all employees to report for duty free from the effects of alcohol and drugs. It is not acceptable to be under the influence of alcohol or drugs at work or consume alcohol or drugs during hours of work - this includes paid and un-paid breaks. Employees found in possession of illegal drugs or using illegal drugs whilst at work will normally be reported to the police. In some cases the legitimate use of prescribed drugs can affect a person’s ability to do their job. In such instances employees should inform their line manager.

Implementation of the Policy
Identification of a problem: Alcohol and drug problems may become apparent through a number of means, for example the following (particularly in combination) may result in a problem being suspected: Persistent short-term absence Unauthorised absence Poor time keeping Reduced work performance Poor working relationships Deterioration in appearance
However, it must be remembered that these factors can have a number of other causes. Employees experiencing alcohol or drug problems may first become apparent to their colleagues. If a member of staff suspects an alcohol or drug problem in a colleague, they should either: Encourage the person to seek help from support agencies: www.alcohol-focus-scotland.org.uk/local-services Report the matter to a manager (particularly if the person is involved in a safety critical job).

Misconduct
This policy is primarily concerned with ongoing alcohol and drugs problems which are classed as capability issues, i.e. where the problem impacts on the person’s ability to do their job.
One-off cases where the rules of this policy are breached, such as someone reporting for work clearly under the influence of alcohol or drugs or suffering from the effects of alcohol will be classed as a conduct issue and will be dealt with under the normal disciplinary procedures as outlined in the company hand book.
Very serious incidents such as violence at work whilst under the influence of alcohol or drugs or dealing illegal drugs at work will be deemed serious misconduct justifying summary dismissal.
In some instances of misconduct where the employee admits to having an alcohol or drug problem, disciplinary proceedings may be held in abeyance subject to successful outcome of treatment.
In instances of serious misconduct where the employee subsequently admits to having an alcohol or drug problem, the support route and the disciplinary route may be implemented in tandem.

Voluntary Referral for Support
Employees who suspect or know they have a drug or alcohol problem are encouraged to seek support at an early stage.

Referral by Management
Employees suspected of having an alcohol or drug problem will be offered support by their manager. The flowchart in Appendix 1 will be followed. Where the problem has become apparent through deterioration in work performance, the employee will have to demonstrate satisfactory completion of a programme of support and an improvement in work performance or disciplinary action will be taken. Employees will be given the opportunity of attending treatment within work time. Alternatively, if employees require to be absent from duty normal sick pay arrangements will apply.

Confidentiality
The company aims to ensure that the confidentiality of all employees experiencing alcohol or drug problems is maintained by appropriate people, for example, human resources, occupational health and line manager. Information regarding individual cases will not be divulged to third parties unless the safety of the person concerned, or others would be compromised by not doing so.

Equal Opportunities
This policy will apply equally to all staff regardless of grade, experience or role within the company.

Relapse
The company acknowledges that relapse is common with alcohol and drug problems. Employees will normally be supported through two relapses after treatment. Subsequent relapses will be reviewed on a case-by-case basis, taking into account the needs of the department affected and the business needs of the organisation. Employees should be aware that the disciplinary route might be followed after subsequent relapses.
Return to Work Following treatment the company will endeavour to ensure the employee returns to their existing job. If the employee is unable to fulfil those duties the company will consider alternative duties. Promotional prospects will be unaffected following treatment.

Monitoring and Review
The Health and Safety Committee is responsible for monitoring how this policy works in practice. If employees have concerns about this policy, they can be raised with the HR manager.