IT & Acceptable Use
Holiday Left
{{contact.holiday_remaining}} / 28
WFH Used
{{contact.wfh_used_this_week}}
Sick Days
{{contact.sick_days_taken}}

The Herd - IT & Acceptable Use Policy

At The Herd, access to technology, systems, and data is essential to doing great work for clients. This policy sets clear boundaries on how company IT and data should and should not be used, so that people, clients, and the business are protected.

This policy applies to all employees and contractors who use The Herd's devices, systems, or data, whether in the office, at home, or elsewhere.

1. Purpose and scope

The aims of this policy are to:

  • Protect client and company information from loss, damage, or misuse.
  • Set clear expectations for how devices, systems, and accounts are used.
  • Provide a basis for action if someone misuses IT, data, or social media.

This policy sits alongside The Herd's Disciplinary & Grievances Policy, Sickness & Absence Policy, Holiday Policy, Employee Handbook, and any Data Protection/GDPR guidance issued by the company.

2. Devices, accounts, and access

2.1 Company devices and accounts

  • Laptops, phones, tablets, software licences, and logins are provided for work and remain the property of The Herd.
  • Limited personal use is permitted where it does not:
    • Interfere with your work or others' work
    • Break the law
    • Breach this or any other Herd policy
    • Damage The Herd's reputation

You must not:

  • Install unauthorised software or apps on Herd devices
  • Disable or bypass security tools (for example, anti-virus, endpoint protection, MDM)
  • Share your accounts or passwords with anyone, inside or outside the company
  • Allow family members or friends to use Herd devices or accounts
  • Use Herd devices, systems, accounts, or paid working time to run side businesses, freelance work, or other personal commercial activity

Side businesses or freelance work must be carried out only on personal devices, using personal accounts, and outside contracted working hours, unless expressly authorised in writing by The Herd.

2.2 Personal devices (BYOD)

If you use your own device for work (for example, to check email or access project tools), you must:

  • Use a strong screen lock (PIN, password, or biometric)
  • Keep the operating system and security software up to date
  • Only access Herd systems via approved tools (for example, VPN, official apps, password manager)
  • Accept that company data may be removed from your device (for example, by remote wipe of a work profile) if required for security, if the device is lost, or when you leave

You must not store Herd data permanently on personal devices or personal cloud storage unless explicitly authorised and appropriately secured.

3. Security, passwords, and data handling

  • Use strong, unique passwords for all Herd systems and enable multi-factor authentication (MFA) wherever offered
  • Never share passwords or allow anyone else to use your login; you are responsible for actions taken under your account
  • Store client and company information only in approved systems (for example, Herd email, shared drives, project tools, HR and finance systems)
  • Do not forward work emails to personal email accounts or copy work data into personal storage unless explicitly authorised for a legitimate business reason

You must report the following immediately to your manager (and the named IT/Data contact):

  • A lost or stolen device with access to Herd systems
  • A suspected data breach, phishing attempt, or compromised account
  • Any unauthorised access to systems or files

4. Internet, email, and messaging

4.1 Work use

When using the internet, email, or messaging tools via Herd systems, you must not:

  • Access, create, store, or share pornographic, hateful, extremist, discriminatory, or otherwise offensive content
  • Use Herd systems for illegal activity (including piracy, fraud, or unlawful downloads)
  • Harass, bully, or discriminate against anyone
  • Run side businesses, freelance work, or personal commercial activity
  • Misrepresent yourself or your role at The Herd

You are expected to:

  • Use professional and appropriate language
  • Check recipients carefully before sending information
  • Be cautious with links, attachments, and unexpected messages

4.2 Personal use

Reasonable personal browsing and messaging is permitted mainly during breaks and outside core working time, provided it:

  • Does not breach this policy
  • Does not affect performance or network security
  • Does not involve high-risk activities such as gambling, speculative trading, or similar activities

Personal financial trading, cryptocurrency speculation, or similar activity must not be carried out on Herd devices.

5. Social media and public content

5.1 Personal social media

On personal social media, employees must not:

  • Share confidential or commercially sensitive information about The Herd, clients, or partners
  • Post content that could reasonably be seen as bullying, harassing, or discriminatory towards work-related contacts
  • Post content that brings The Herd into disrepute, including:
    • Publicly attacking clients or colleagues
    • Sharing inside information
    • Using Herd branding to promote offensive or inappropriate views

Herd email addresses must not be used for personal social media accounts. Privacy settings do not remove responsibility for posted content.

5.2 Social media for work

Where authorised to manage Herd or client accounts:

  • Follow agreed brand, tone, and approval processes
  • Do not present personal opinions as company or client views
  • Do not buy followers, fake engagement, or manipulate reviews
  • Protect shared account credentials and limit access appropriately

6. Remote and hybrid working

When working remotely:

  • Position screens to prevent unauthorised viewing
  • Avoid discussing confidential matters in public spaces
  • Use secure networks and approved VPNs
  • Follow this policy exactly as if working in the office

7. Monitoring and privacy

The Herd may monitor IT systems to:

  • Maintain security and reliability
  • Investigate suspected misuse or breaches
  • Meet legal, regulatory, and client obligations

Monitoring may include access logs, security alerts, and usage metadata. Content will only be reviewed where there is a legitimate reason to do so.

8. Breaches and consequences

Breaches of this policy may result in disciplinary action up to and including dismissal for gross misconduct.

Serious breaches include (non-exhaustive):

  • Disclosure of confidential data
  • Serious misuse of systems
  • Running side businesses using Herd resources
  • Disabling security controls or ignoring security instructions

Where required, matters may be reported to authorities or affected clients.

9. Review and updates

This policy will be reviewed periodically to reflect changes in technology, security risks, client expectations, and UK law. Updates will be communicated and reflected in the Employee Handbook and onboarding materials.

The Herd

3 The Quadrant, Coventry, CV1 2DY

Tel: 02477 752703