Information Technology (IT) and Cybersecurity Policy
| Revision | 1.0 |
| Adopted | September 2025 |
| Last Reviewed | First Issue |
| Review Period | Annually |
Document Control: Rev 1.0 September 2025
Acceptable Use of IT Resources and Email
Introduction
Hemswell Parish Council (PC) recognises the importance of effective and secure information technology (IT) and cybersecurity (1), including email usage in supporting its business, operations, and communications. This policy outlines the guidelines and responsibilities for the appropriate use of IT resources and email by PC members, employees, volunteers, and IT contractors. Hemswell PC clerk is responsible for implementing and monitoring this policy, but may delegate that responsibility to another officer where appropriate. This policy should be read in conjunction with Hemswell PC Data Protection Policy, Data Breach Policy, Communications and Media Policy and Document Retention and Disposal Policy.
All council members, staff, volunteers and other IT users must be aware of the increasingly sophisticated scams and risks posed to cybersecurity. The clerk can provide guidance and resources on IT security best practices, privacy concerns, and technology updates. All councillors will receive training on email security and best practices as and when required.
All council members, staff and other IT must be familiar with and abide by the PC’s ‘Data Protection Policy’ See: https://hemswell.parish.lincolnshire.gov.uk
All IT users are reminded that deliberate any unauthorised use, destruction, alteration, or interference with computer systems, software or data is a breach of this policy and in some circumstances may be a criminal offence under the Computer Misuse Act 1990. Breach of this Policy may result in the suspension of IT privileges and further consequences as deemed appropriate.
This policy applies to all individuals who use Hemswell PC’s IT resources, including the authority-owned domain (hemswellparishcouncil.org.uk), computers, networks, software, devices, data, and email accounts and to personal devices used by staff and members for PC-related information.
All members and staff will be provided with a dedicated authority-owned email address, e.g, CllrX@hemswellparishcouncil.org.uk, which must be used for all PC-related business.
Any email sent or received in the capacity as staff or a member of Hemswell PC is regarded as information which may have to be disclosed following requests under the Data Protection Act or Freedom of Information Act. This includes emails sent or received via personal accounts when acting as a member of Hemswell PC.
4. Acceptable Use of IT Resources and Email
Hemswell PC email accounts are to be used for official council-related activities and tasks. Email accounts provided by Hemswell PC are for official communication only. Emails should be professional and respectful in tone. Confidential or sensitive information must not be sent via email unless it is encrypted. All users must adhere to ethical standards, respect copyright and intellectual property rights, and avoid accessing inappropriate or offensive content.
Members must be familiar with and abide by the PC’s ‘Communication and Media Policy’. See: https://hemswell.parish.lincolnshire.gov.uk
Be cautious with attachments and links to avoid phishing and malware. Verify the source before opening any attachments or clicking on links.
Emails should be retained and archived in accordance with legal and regulatory requirements and Hemswell PC ‘Document Retention and Disposal Policy’. See. https://hemswell.parish.lincolnshire.gov.uk. IT users must regularly review and delete unnecessary emails and review spam/junk mailboxes to maintain an efficient and organised email account.
5. Password and Account Security
Members and staff must ensure that any personal devices, including portable devices such as tablets/mobile phones used to access PC systems (including email, websites and data) are password-protected and access is restricted solely to the member. This can be by passwords, passcodes or other biometric measures as applicable. Passcodes must be appropriate for the device and the level of risk that unauthorised access poses to the PC; where devices can access PC data or other systems, passcodes must be unique and strong (i.e., minimum of 8 characters including symbols).
Members and staff are responsible for maintaining the security of their accounts and passwords. Passwords should be strong and not shared with others. Regular password changes are encouraged to enhance security, and different passwords should be used for different devices and accounts.
Particular care must be taken when using removable media to transmit data, as such media are easily lost or intercepted. Any sensitive information (including personal data, confidential documents or data which could impact the rights or reputation of any person or organisation, including Hemswell PC), that is contained on removable media must be password-protected or encrypted.
All suspected email or IT security breaches or incidents, such as lost devices, risks arising from phishing emails/websites, password sharing, etc., should be reported immediately to the clerk for investigation and resolution. Members and staff must be familiar with and adhere to the PC Data Breach Policy. See: https://hemswell.parish.lincolnshire.gov.uk
Related Documents – available via Hemswell PC website: https://hemswell.parish.lincolnshire.gov.uk
Data Protection Policy
Data Breach Policy
Communications and Media Policy
Document Retention and Disposal Policy
1. Cybersecurity is the practice of protecting internet-connected systems, devices, networks, and data from digital attacks, unauthorised access, theft, or damage. It encompasses technologies, processes, and controls designed to reduce the risk of cyberattacks and safeguard information by ensuring its confidentiality, integrity, and availability.