It must be the responsibility of the Chief Officer or each CHC to ensure that all of these protocols are adhered to. Failure to do so may result in disciplinary action.

Index. 

These protocols are designed to ensure the smooth running of the personal computers (PCs) by encouraging users to care for and maintain their computers properly.

1. General computer care

An audit must be carried out annually by the Chief Officer with the assistance of the IT Support Officer. This Audit will consist of the following checks:

1. that all software on the machines is licensed and functioning properly
2. that all the disks for purchased software are still in the office
3. that all purchased hardware (e.g. printers, scanners etc.) is still in the office
4. that all essential data is either removed or backed up from the computer’s hard disks onto floppy disks or other suitable removable media
5. that all important and confidential floppy disks are in working order and that they are kept in a safe place.

Help is available from the IT Support Officer in how to do this.

An inventory must be kept and should be maintained. It is the Chief Officer’s responsibility to ensure that the above checks are done and to take any necessary action if these checks uncover irregularities.

1. The PCs (personal computers) should be positioned away from direct sunlight, out of sight from the public and where accidental damage risk is minimal.
2. PCs and associated equipment should be placed in a position where it may be hazardous to staff in accordance with Health & Safety regulations. All cables must be kept tidy to avoid accidents and damage.
3. Anti-theft devices are recommended such as internal alarms and cages.
4. The PCs should be kept clean and free from dust. The keyboard, mouse and case can be cleaned with a mild detergent and a lint-free cloth. A special anti-static cleaning solution and a soft cloth should be used to keep the monitors’ screens clean.
5. Eating, drinking or smoking must not be allowed near to the computers.
6. Users must sit at their computer in a comfortable position to avoid health risks (guidelines available on ergonomics). Users should not work at the rear of a monitor.
7. All data must be saved to floppy disks whenever possible and back-ups should be made of important floppy disks. These disks must then be kept in a safe place. The original and back-up disk sets must be kept in different places to minimise the chances of both sets being damaged.
8. Back-ups must also be made of essential files (e.g. Autoexec.Bat, Config.sys etc.) onto a floppy disk. This disk should then be kept in a safe place.
9. When moving a PC or printer, great care must be taken to avoid damage. A computer must not be moved while switched on. Printers or other peripherals should not be disconnected from a computer while it is switched on. Care should also be taken when lifting computers as they are heavy.
10. In the event of a thunder storm all PCs should be switched off and disconnected from the mains supply. If the PC is connected to a telephone line then you should also disconnect this cable from the telephone socket.
11. In the event of a suspected hardware fault in a personal computer it must be turned off immediately and a repair arranged.
12. No hardware repairs must be undertaken - consult a technician.
13. Software and drivers must only be installed by a sufficiently skilled person.
14. Only a sufficiently skilled person must alter any settings in the PC’s BIOS (Basic Input Output System), MSDOS and Windows.
15. It is strongly recommended that CHCs obtain a hardware maintenance contract with a reputable company to ensure that computers can be repaired quickly and reliably. The IT Support Group has arranged this for you.
16. It is also strongly recommended that any software technical support offers be taken up with new software. This support if usually free and all that is required is that the registration cards are returned to them.
17. When a new member of staff joins your office they must be made aware of these protocols and they must understand and agree to abide by them.
18. All computer and other electrical devices must be checked annually for hazards by a reputable company

2. Care of PC hard drives

1. The PC must never be switched off while the hard drive is being read (the drive light is lit).
2. The PC should not be switched off before Windows is closed down, to prevent data loss and damage to Windows.
3. Essential files must be backed up to floppy disks or other suitable removable media

Files that should be backed up: Autoexec.bat, config.sys, win.ini, system.ini and control.ini. Windows 95 users should also back up reg.dat and user.dat files ( Windows 95 included a utility that does this automatically).

Monthly All TMP (temporary files) should be deleted from the DOS directory (and the Windows\temp directory in Windows 95).

Monthly All temporary Internet files should be deleted from the directories Windows\History and Windows\Temporary Internet Files if Guard Dog has not been set to do this for you.

Quartely SCANDISK should be run to check hard disk integrity.

Yearly DEFRAG should be run to ensure hard disk efficiency.

Help and advice are available on this.

3. Hard disks must be protected against the threat of viruses (see Virus Protection Protocols)

3. Floppy Disk Care

1. Floppy disks should be kept in a cool, dry place away from strong magnetic fields (from speakers for instance). Care should be taken if purchasing a fire safe. Ensure that it is suitable for disks before purchasing
2. Unreliable and old floppy disks should not be used. Only use reputable brands to ensure integrity. Only 1.44Mb HDD disks should be used to ensure reliability.

3. Floppy disks must be protected against the threat of viruses (see Virus Protection Protocols). They should not be passed around to other people unless you can be sure that they there is not a virus threat.

In accordance with the Data Protection Act 1974 and the forthcoming new Act 1998, it is required that CHCs ensure that confidential information is kept safe whilst ensuring that information is accurate and available at all times to the person to whom the information relates.

Therefore the following steps should be taken:

No person who is not a member of staff shall use computers that have sensitive information on them. If an unauthorised person is found using such a computer than they must be stopped immediately and this use must be reported.

1. No-one who is not a member of staff must know any passwords relating to the computer systems and software. In the event of a non-staff member discovering a password it must be changed immediately.
2. When a member of staff is no longer employed at your office you must change all passwords.
3. Never keep passwords where they can be easily seen - and therefore copied.
4. Whilst working on confidential data the computer must not be left unattended. The computer’s monitor display should also not be able to be read by anyone who is not cleared for seeing such confidential data - especially members of the public.
5. Copies of all data (preferably on paper or reliable electronic storage system) and correspondence should be kept so that the data is available for inspection by the owner of the information (the client for example)
6. Data must be as accurate as possible and checked regularly for accuracy and consent of usage. The new Act will also require that paper based documents are handled in the same manner.
7. A central store should be set up for current and old passwords and this must be kept in a safe place. Such a store could simply be a database or Word document that is itself password protected by a master password. This store must also be kept either by the Chief Officer or their Deputy and not by junior member of staff.

1. Confidential data must not be kept on the computer’s hard drive unless totally necessary due to software constraints. All such data must be stored on removable disks (floppy disks, Zip or tape drives). Data should be removed as soon as it is no longer required and you should not have more data than is required for your job.
2. If data is to be stored on a computer’s hard disk encryption technology or a hard drive lock utility must be installed. Passwords to such encryption and hard drive locks must be kept secret.

3. Data and floppy disks

1. All data should be kept on floppy disks. These disks should then be kept locked away.
2. If the data is to be sent to another office on floppy disk then this data must be encrypted. Passwords to such encryption utilities must be kept secret.

4. Data and Networks/the Internet

1. Great care should taken when sending data across local networks. It must be ensured that copies of the data are not stored on the client PC’s hard drive.
2. Under no circumstances must confidential data be sent across the Internet. If this is necessary then high security data encryption should be used. Passwords to such encryption utilities should be kept secret.
3. Only encryption methods recommended by the IT Support Group and the NHS should be used.

It is essential for everyone using the Internet and/or NHS.net to recognise their responsibility in having access to their vast sites, services, systems and to fellow users.

Now that an Internet connection has been established within each West Midlands CHC and it is planned to possibly connect to NHS.Net at some stage, it is advised that the Chief Officer and support staff agree on the terms of the its usage.

1. The usage of the Internet and/or NHS.Net must comply with the Service Provider’s own regulations and guidelines. Usage must also comply with the Data Protection Act 1984 and the Computer Misuse Act 1990.
2. It shall remain the Chief Officer’s responsibility for any communications/actions made on the Internet/NHS.Net and must therefore ensure that these protocols are adhered to.
3. Any Chief Officer /staff member found to be misusing the Internet/NHS.Net may be subject to disciplinary action.
4. The time on-line (i.e. connected to the Internet/NHS.Net) must not exceed the agreed maximum time allowed per day.
5. Whenever possible, Internet/NHS.Net usage must be monitored by the Chief Officer. No junior member of staff, CHC Member, outsider or volunteer should be allowed access without permission and monitoring by the Chief Officer or a senior member of staff.
6. Staff must not visit World Wide Web Sites containing material that is offensive in any way - sexist, racist or containing obscene images/text. Any such activity will result in disciplinary action.

1. E-mail must not be used to send messages that are offensive, obscene or derogatory. Any e-mail containing such text from CHC staff, CHC Member or volunteer must be reported. This may result in disciplinary action.
2. E-mail must be sent in accordance with the office’s and CHCs' policies for ordinary mail.
3. E-mail should be checked at least daily and hard copies must be kept of important correspondence.
4. If the software does not do so automatically all read messages should be removed from the server.
5. Others may be able to read your e-mail. In the ordinary course of business confidential information must never be sent over the Internet.
6. If in extraordinary circumstances confidential information must be sent then data encryption software must be used.
7. Any attached programs or files must be scanned for viruses IMMEDIATELY upon receiving and BEFORE using the program or file.

1. CHCs must not use Usenet newsgroups. This is because, generally, they contain technical or obscene information of no value to CHCs.

 

 

Internet Relay Chat and conferences Protocols

 

1. Chat and conference systems must not be used for purposes other than communication between CHCs, or between CHCs and NHS organisations.
2. Staff must not use chat systems or conferences containing material that is offensive in any way - sexist, racist or containing obscene or derogatory conversations. This may result in disciplinary action.
3. As there is a large cost involved in conferencing and usage should be kept to a minimum.

It is essential that CHCs connected to the Internet and/or NHS.Net are aware of the threat of viruses. If CHCs share or receive data on disks then protocols must be in place to prevent viruses and to recover from a viral infection.

Viruses can only be spread if allowed to. If care is taken then no virus should be able to infect your PC.

1. Do not allow people to bring into the office and use floppy disks/CD-ROMS that have not been checked for viruses by a good scanner. Do not just take their word for it - assume that their disk may have a virus on it. Before using any program or file on the suspect disk you must check it with a good virus scanner to locate and remove the virus.
2. It is not recommended that a cleaned disk should still be used if you are in any doubt as to whether the virus has been destroyed. Some viruses are polymorphic and can appear destroyed, only to reappear later.
3. Staff must not download any programs or files without ensuring that they are free of viruses (if in doubt-leave it out).
4. Any downloaded programs or files must be scanned for viruses IMMEDIATELY upon downloading and BEFORE using the program or file.
5. Virus scanners such as Dr Solomon's or Norton must be installed on all PCs and the software should be updated regularly to ensure protection. Guard Dog must remain installed on the Apricot Network PC.
6. Do not reboot or turn on a PC if it has a floppy disk in the drive - remove the disk first. Boot-sector viruses can only be spread when you boot( start up the PC) from the infected disk.

1. The infected disk (be it hard disk, floppy or CD-ROM) should be "quarantined". Data should be considered infected and not used.
2. The infected disk should be cleaned with a good virus checker. Be aware that some viruses (polymorphic) can appear destroyed but may reappear later as a new, different virus.
3. If the virus cannot be destroyed by staff a professional must be consulted as soon as possible.
4. Notify the IT Support Officer and any one or who is of risk of infection (such as someone you have given a floppy disk to) of the virus infection immediately.

It is important that the staff or the CHCs have sufficient understanding of information technology so as they can perform the tasks necessary efficiently and effectively.

These protocols last updated 20/06/1999.

West Midlands IT Support Group.

C/o Wolverhampton Community Health Council

45 Queen Street,

Wolverhampton,

WV1 3BJ.

Tel: 01902 828992 Fax: 01902 569356