Bright World

Email (Microsoft Office 365) Usage Policy

The purpose of this policy is to ensure the secure and appropriate use of Bright World Guardianships’ Microsoft Office 365 email system. This policy sets expectations for communication, data protection, and acceptable use.

Scope

This policy applies to all employees, contractors, temporary staff, and any individuals granted access to the organisation’s Microsoft Office 365 email accounts.

Policy

1.1 Acceptable Use

Email accounts must be used for legitimate Bright World Guardianships business only.

Personal use should be minimal and must not interfere with work duties.

Sending, receiving, or storing offensive, discriminatory, illegal, or inappropriate content is strictly prohibited.

External communication must reflect the organisation’s professional standards.

1.2 Security Requirements

Users must protect their email accounts and never share passwords with any other individual.

Multi-factor authentication (MFA) must be enabled and used at all times.

Email must not be forwarded automatically to personal accounts.

Sensitive or confidential data must be encrypted when shared externally.

Staff must remain vigilant against phishing, suspicious attachments, or unusual login alerts.

1.3 Data Handling

Only secure, company-approved storage systems (OneDrive, SharePoint, Dropbox, Hubspot) may be used for attachments and document sharing.

Personal data, including information about students, host families, and partners, must be handled in compliance with GDPR and company safeguarding procedures.

1.4 Email Retention & Archiving

Staff must not delete emails that relate to safeguarding, compliance, or regulatory matters unless authorised.

Office 365’s automatic retention and archiving features must not be disabled.

1.5 Monitoring & Privacy

Bright World Guardianships may monitor email activity for security, compliance, and operational purposes.

The organisation reserves the right to access mailboxes during investigations or when employees are unavailable.

1.6 Breaches

Any suspected compromise of an email account or accidental disclosure of information must be reported immediately to James Foster.

We are committed to reviewing our policy and good practice annually.

This policy was last reviewed on: 6th April 2025

Signed: Lana Foster, CEO, DSL

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment