Acceptable Use Policy

Document Owner: Pobl Tech Limited (T/A Pobl)

Overview

This policy defines how Pobl systems, devices, networks, and information assets should be used.

Its purpose is to ensure that all systems are used responsibly and securely, protecting the organisation, its team, and its clients from security risks, legal exposure, and operational disruption.

Scope

This policy applies to:

All employees, directors, contractors, and temporary staff
All devices owned or managed by Pobl
All systems, applications, networks, and services used as part of our operations

This includes remote working and access to third-party platforms where Pobl credentials or permissions are used.

Our approach

Pobl systems and resources must be used in a way that is:

Responsible
Secure
Aligned with business purposes

All users are expected to act professionally and to protect systems and information from misuse or unauthorised access.

Use of systems must comply with applicable laws, contractual obligations, and internal policies.

Acceptable use

Acceptable use includes:

Accessing systems and data required to carry out your role
Using approved software, tools, and services
Communicating professionally with colleagues, clients, and partners
Protecting login credentials and access methods
Following information security and data protection policies

Limited personal use may be permitted where it does not:

Interfere with work responsibilities
Introduce security risks
Breach any policies or obligations

Unacceptable use

Unacceptable use includes, but is not limited to:

Sharing passwords or authentication details
Accessing systems or data without authorisation
Installing unauthorised software or tools
Circumventing security controls or monitoring
Using systems for illegal, offensive, or inappropriate activities
Introducing malware or weakening system security
Using personal storage or messaging tools to handle business data without approval

Any activity that risks the confidentiality, integrity, or availability of systems or data is not permitted.

Device and account security

All users are expected to:

Use secure authentication methods where available
Lock devices when unattended
Keep systems and software up to date
Report lost or stolen devices immediately
Ensure personal devices used for work meet agreed security standards
Email and internet use

Email and internet access must be used responsibly.

Users should remain alert to:

Phishing attempts
Suspicious links or attachments
Unusual or unexpected communications

Any potential threats should be reported promptly.

Remote working

When working remotely:

Access must be through approved and secure methods
Work environments should maintain confidentiality
Devices and screens should not be visible to unauthorised individuals

Monitoring and logging

System usage may be logged and monitored for:

Security
Operational performance
Compliance

Monitoring is carried out proportionately and in line with legal requirements.

Reporting concerns

Any suspected misuse, security concerns, or policy breaches should be reported promptly in line with incident reporting procedures.

Reports are handled fairly and without retaliation.

Breach of policy

Failure to comply with this policy may result in:

Access being restricted or removed
Internal action in line with company procedures

Serious breaches may result in further action where required.

Review and maintenance

This policy is reviewed regularly to ensure it remains effective and appropriate.

Governance

The owner of this policy is Senior Management, Pobl Tech Ltd.

Responsibilities

The Document Owner is responsible for:

Ensuring the policy remains accurate and up to date
Approving updates and changes
Ensuring the policy is communicated and applied

Approval

This policy has been reviewed and approved by senior management.

Approval confirms that the policy:

Reflects current working practices
Aligns with legal and contractual obligations
Is appropriate for the scale and nature of services delivered

Review schedule

This document will be reviewed:

At least annually
Following significant changes to systems, services, or regulatory requirements
Following major incidents or material changes in risk
Distribution

This policy is available to relevant staff and can be provided to clients or auditors where required.

Final note

Responsible use of systems is a shared responsibility.

By following this policy, we help ensure that the platforms we rely on remain secure, reliable, and fit for purpose for both our team and our clients.