Viberts_Logo
Home Services People News & Insights About Us Our Company Culture Community Partnerships Client Service Charter Careers Contact
+44 (0)1534 888666
Corporate Law Employment Law Data Protection Law Family Law Dispute Resolution Private Client Property Law Trusts Notarial Services
Banking and Finance Commercial Contracts Companies and Corporate Governance Competition Law Insolvency and Restructuring Investment Funds Mergers and Acquisitions Regulatory Relocation Services
Business Licensing, Housing and Employment Rights, Relocation Business Sales and Reorganisation Compromise Agreements Consultancy Arrangements Director Services Agreements and Directors’ Duties Discrimination Employment Contracts and Handbooks Employment and Discrimination Tribunal and Royal Court Representation Family Friendly Rights and Flexible Working Managing Capability, Conduct and Sickness Restrictive Covenants, Confidentiality and Intellectual Property Termination of Employment: Unfair and Constructive Dismissal; Redundancy Workplace Investigations
Divorce, Separation & Financial Statements Children Relationship Agreements Resolution Outside of Court Injunctions Civil Partnerships 'Family Aid' at Viberts High Net Worth Divorce
Banking and Finance Commercial Disputes Construction Disputes Contentious Regulatory Advice Contentious Trusts Criminal Law Fraud, Asset Recovery & White Collar Crime Insolvency Personal Injury & Clinical Negligence Planning & Property Disputes
Estate Planning & Wills Probate Lasting Power of Attorney Professional Executorship Services Inheritance Disputes Delegations Registration of Documents
Residential Commercial Relocate to Jersey
Charity Law Contentious Trusts Cross Border Succession Planning Foundations Partnerships Trusts for the Consumer Trusts for the Provider
Notarial Services for Individuals Notarial Services for Businesses
Coronavirus (COVID-19) update Viberts announces its expansion with nine new employees joining the firm Partner Jamie Orchard recognised in Citywealth’s Future Leaders Top 100 list Property law specialist Paul Harben joins Viberts as partner Viberts recognised in latest Legal 500 UK 2021 rankings Viberts Partner, Rose Colley appointed as President of ‘The Law Society of Jersey’ Vote for Jamie Orchard, Partner who has been shortlisted for ‘Family lawyer of the year, Partner’ in the Future Leaders Awards 2020 Senior Conveyancing Manager, Chris Duverger celebrates 50 years in the role Julia Smirnova qualifies as an English Solicitor Viberts Associate, Eleanor Colley has been listed in the 2020 eprivateclient Channel Islands Top 35 under 35 Jersey Private Funds COVID-19 and the Jersey property market ‘Foreclosure’ bankruptcy Reasonableness and residential tenancies - an update for residential tenants and landlords New law comes into force for executing wills during the Coronavirus pandemic Unhappy in your marriage during the lockdown? Commercial landlords and tenants: Reasonableness is key Alexandra Cohen qualifies as an English Solicitor Espresso update: Government of Jersey’s support for businesses Coronavirus and construction contracts Child contact issues/shared residence in lockdown - an update (Un)happy families and Covid-19 Payment of child maintenance and the Coronavirus Commercial tenants - proactive measures to consider Wedlock-deadlock: How your insurance can help you if COVID-19 turns your big day into a big dud Coronavirus and the issues it raises about contact for separated parents COVID-19: A force majeure event How to protect your marriage from COVID-19 Pandemic practical advice for businesses and individuals Spring 2020: Corporate governance and looking forward Viberts appoints Solicitors, Oliver Hughes and Emily Paris-Hunter Promotions announced at Viberts Wills & Estates in Jersey Employment law expert Vicky Milner to join Viberts as Partner Dismissals deemed to have been unfair do not always seem unfair Drawing up a Lasting Power of Attorney What is a Calderbank offer? What to expect when you attend voluntarily for interview at the police station Recent developments that apply to the granting of bail in Jersey Viberts Partner, Jamie Orchard acts in landmark family law case Viberts Partner, Rebecca Morley-Kirk represents defendant in landmark mental health case Viberts helps commemorate 250th anniversary of Jersey Reform Day Experienced family lawyer returns to Viberts Digital Wills Beneficial Ownership Presumed Consent has arrived Six things you should never forget when buying a property Green Funerals What happens if you don't make an LPA? Litigation risk and the “Chinese Tiger” Keeping divorce costs down A helping hand through the door Brexit: EU citizen living in Jersey? Family Law and those new year blues Employee Benefit Trustees await developments Parents: Let’s talk about sex Registration of charities in Jersey The Limited Liability Partnerships (Jersey) Law 2018 Conveyancing: It’s about far more than just property The devil is in the detail A reconciliation contract – an alternative to divorce? GDPR action plan A guide to the new Lasting Power of Attorney law Appeal court examines the necessary elements required for an indecent assault Providing for pets in a will Tout tel under scrutiny Jersey's HSS failures contribute to death of resident Child contact at Christmas: make a clear plan DIY divorce Setting up a small business Where are your assets located? Cohabitation: you may not get back what you put in to a property Contract of purchase found to be binding in boundary dispute between neighbours The electric vehicle revolution - is this the calm before the storm? The foreshore: where do you draw the (water)line? Marriage vs. cohabitation No ring? No inheritance rights Making a claim for a holiday ruined by illness New building levy in Jersey Acting as an executor Dividing the marital assets in a divorce Property planning appeals - how long have I got? The issue of parking when buying property Boundary dispute Travel contracts: United Airlines' ejection Rejecting a buy out offer in a quasi-partnership company not necessarily fatal to securing a just and equitable winding up No post-resignation implied duty of confidentiality in director’s contract Failure to make a declaration of directors’ conflicts of interest Which of multiple breaches of the proper purpose rule matters? Art 125 scheme to move a Jersey company to England Subjective and objective views of directors’ duties How long have you got to sue a dishonest director? Commercial disappointment & failure of substratum not the same Generous view of fund directors’ duties It's not you, nor me: is the concept of 'no fault divorce' on the cards? Inherent jurisdiction invoked to plug an inconvenient gap in (Manx) company law Directors’ wrongful trading clearly defined Jersey's succession laws & your family finances The "boomerang generation" & divorce Leaving a bequest to charity in your will Charitable gift of Jersey land in a will and possible conflict that can arise Tax changes for non-dom UK property owners Parental Responsibility - have you got consent for travelling as a single parent with children? Rules to determine fair value payable for shares in a company merger Guidance for preparing statements of solvency Social media & relationship breakdown How not to seek a just and equitable winding up Board deadlock and shareholder intervention It’s time to push back against “Jersey, United Kingdom” because it’s got out of hand Who is liable for storm damage to property? Clear contracts avoid murky waters for land owners Family Law jargon buster Litigation jargon buster Non-executive director: just a touch of class? “Not in front of the children!” - Trust administration Victory for Viberts’ client after six year trust battle Brexit, Jersey and the sequel to Protocol 3 Declaratory relief in the context of regulatory supervision Winding up of Jersey companies Setting aside trusts on the grounds of mistake as to tax consequences - S & T Trusts Winding up of companies Re Monarch Investments Ltd. Sickness in the workplace Legal expenses insurance: what’s it all about? Constructive unfair dismissal Avoiding the christmas party from hell Bullying & harassment in the workplace Workplace dress code: why can’t I wear this to work? Social media: the need for clear guidelines The new housing and work law legislation has arrived A modern workplace: diverse, family friendly and flexible. Bullying & harassment in the workplace: how to tackle it as an employer Bullying & harassment in the workplace: how to handle it as an employee Age discrimination: retirement age can no longer be stipulated by employers When is a PILON clause correctly exercised? Transgender discrimination case Can spousal maintenance ever be forever? Top tips for keeping divorce costs down Divorce d-day Parental responsibility, residence & contact - Children Law in Jersey Inherited assets & dividing these in a divorce Divorce: what about the children? Divorce with dignity Fast cars, hiding assets, expensive new partners... Has divorce law now gone too far in favour of women? No more rummaging in bins! Should the law change be changed for unmarried couples - gay or heterosexual? The impact on children when a relationship breaks down Delays in law drafting can be damaging The pre-nuptial agreement comes of age Interesting developments regarding financial matters on divorce Keeping the family together: the collaborative approach to family law I love you - but what about a pre-nup? In the dark about divorce? Separated: Let the whole family have a happy Christmas Child maintenance: defining a ‘parent’ Harassment remedies - domestic abuse Divorce it isn’t all about the parents Getting re-married? What you need to consider Happily living together? Protect your interests Settling your family disputes outside court Counting the cost of your divorce Planning some changes? Buying your first home together Two generation homes Land transfer tax New year, new you, new business Have you got a will? Business leases - MOT before you start the journey A property snap shot Putting down roots: business leases & security of tenure Strawberry fields forever? Seymour Villa & Seymour Cottage - a planning tale Tenants’ deposits: are they now “safe as houses”? Shaky completions in Jersey's Royal Court New leases - what a landlord now needs to know Is court that bad? The role of the arbitrator Making home improvements? Do your homework first The quirkiest restrictions found in Jersey property deeds Incapacity: Who will manage my affairs if I become incapable? Death is a taxing matter: Have you considered the stamp duty implications of making a will? Brussels IV: Own property abroad? Have you got the will to make a will? New mental health law aims to bring peace of mind Obtaining probate in Jersey & the advantages of having a separate Jersey Will Where there is a will there is a way! Modernisation of Jersey's inheritance laws To will or not to will? Selling the reversionary interest in your home: the pros & cons A guide to mental capacity & lasting powers of attorney in Jersey Digital life after death A reform of the tutelle system; minors inheriting property Liability when an airline crashes? David & Goliath - round 3 the battle between the developer, the planning department and the home owner Royal court decision empowers the court to order damages for a neighbours’ encroachment Privacy - an issue for all levels of society Turning an injury into compensation The customer is always right: returning faulty goods What is privilege? Do you need planning permission? How to appeal a planning decision Expert medical reports: to disclose or not to disclose? Do I have a case? Don't get caught with your pants down Above your neighbour’s land? You’re not above the law when it comes to neighbourly duties Breach of an illegal contract: enforceable or not? Viberts' relocation guide for HNW individuals Discovery of documents in litigation proceedings Legal privilege client guide Viberts Property Brochure Jersey wills jargon buster Probate jargon buster Corporate Law jargon buster Commercial law brochure Family Law Brochure Litigation brochure Jersey resident will questionnaire Non Jersey resident will questionnaire Property savvy buyers guide Property moving checklist Property family moving guide Types of asset holding structures in Jersey How to appeal against a Royal Court decision Bringing a personal injury claim How to respond to employee claims Getting divorced in Jersey How to apply for foreign probate The process of applying for probate in Jersey Beware of using social media during a break up Cohabiting couples: the legal rights in Jersey Buying a property in Jersey Buying share transfer property in Jersey Making a will in Jersey How to apply for fast track probate in Jersey Who to appoint as an executor of a Jersey will Is there a future for trust work in Jersey, post Panama? Have trusts lost the advantage of privacy? What does the future of trust work in Jersey look like? How can trustees minimise the impact of legal action brought by beneficiaries? How can lawyers best advise trustees? Are trusts fit for purpose? How "confidential" is a settlor's letter of wishes? What approach should trustees take to investing? Interview: The classification of beneficiaries: why it matters What are the challenges facing trusts? Channel Island trusts - a safe haven, not evasion. 1 of 13: Can you act for both parties in a fixed fee divorce? 2 of 13: Divorce - Is it a case of the winner takes it all? 3 of 13: How do I get a straightforward divorce? 4 of 13: Have we got a high divorce rate in Jersey? 5 of 13: Is it worth signing a pre-nuptial? 6 of 13: Is the law different for gay couples who are cohabitating? 7 of 13: The difference between Jersey & UK divorce law 8 of 13: Top tips for separating couples on legal advice 9 of 13: What can I expect to pay for a divorce? 10 of 13: What do you need to do to get a pre-nuptial? 11 of 13: What is collaborative law good for? 12 of 13: Why do lawyers letters cost so much? 13 of 13: Why it is so important to get your financial claims dismissed? Transparent guide to divorce process & fees The future of employment: Explosive times No jab, no job? Trapped - the impact of Covid on relationship breakdowns A guide to buying your next property 'off-plan' Viberts helps ten-year-old William raise money for charity with ‘Magic Reindeer Food’ Viberts announces three promotions NOM! Viberts strengthens its Employment Team with new appointment New stamp duty rates on property purchases Viberts Écrivain sworn in as Jersey Advocate Has COVID-19 interrupted your business? Espresso briefing: New Financial Disclosure Law Viberts shortlisted in the 2021 Citywealth IFC Awards for ‘Law Firm of the Year – Jersey’ Separated families and Christmas 2020 – What are the rules in Jersey? Viberts to host webinar with Integritas Wealth Partners Covid vaccinations and the law Espresso update: Government of Jersey's support for businesses update Viberts Family Law Partner, Jamie Orchard has been recognised in the 2019 Channel Islands Top 35 Under 35 Post Brexit – How EU nationals obtain permission to continue living in Jersey Espresso briefing: Update on a challenge to new transparency and disclosure laws Why prenups aren’t just for the rich and famous Recent judgment clarifies new capacity law What are compromise agreements? Assessing mental capacity: Who is the best person for the job? A brief explanation of Jersey work permits Gary Burgess interviews Viberts’ Rose Colley and Eleanor Colley Jersey tribunal case comment: Estelle Burns v Voisin Law Case Note: Royal Court judgment 8 April 2021: de Than v Institute of Law [2021]JRC098 Case Note: Royal Court judgment on costs, 11 May 2021: de Than v Institute of Law [2021]JRC134 Construction contracts and COVID-19 Viberts Family Law team Holding Court – The Jersey law podcast – Episode 2: Financial settlements Holding Court – The Jersey law podcast – Episode 1: Divorce and separation It’s coming home…. potentially with personal liability for the alleged perpetrator Residential status - Do you qualify for buying property? Types of property ownership in Jersey The G7's Global Corporate Tax Rate: A good thing for Jersey? Costs of buying/selling property in Jersey Buying property - Checks we undertake Six ways to ensure successful communication during a divorce Parental responsibility: What is it? Who has it? And what are the implications? Getting divorced in Jersey – what you need to know Divorce: an A to Z guide of legal terms A guide to managing a delayed property possession Buying a 'fixer-upper' property Viberts Corporate Associate, Advocate Eleanor Colley named one of the Channel Islands Top 35 Under 35 for the second time Case note: Royal Court judgment 28 May 2021 Dix v Sigma Group Limited [2021]JRC159 Buying a property for the first time? Holding Court – The Jersey law podcast – Episode 3: Silver splitters Holding Court – The Jersey law podcast – Episode 4: Cohabitation Update - Jersey business interruption insurance, COVID-19 Claims Viberts awarded Lexcel accreditation for the 10th consecutive year Share transfer properties: seven commonly asked questions Viberts shortlisted in the 2022 Citywealth IFC Awards for 'Law Firm of the Year - Jersey' Case note: Royal Court judgment 29 July 2021: Pritchard v AG [2021]JRC119 Human error, working from home and data protection Case note: Jersey Employment and Discrimination Tribunal judgment on staying proceedings, de Than v Institute of Law [2019]TRE203B Holding Court – The Jersey law podcast – Episode 5: Children Holding Court – The Jersey law podcast – Episode 6: tips & traps of social media Splitting from your partner - what about the family pet? Workplace investigations: Taking a bird's-eye view A guide to Jersey residential leases Employment law changes: increase to minimum wage from January 2022 A summary of Jersey law on redundancy Case Note: Pallot v Jersey Heritage Trust [2021] TRE 041; Discrimination in the workplace and Covid-19 Viberts bursary student interview: Rebecca De Freitas, Trainee English Solicitor Case note: Clinical negligence Family law expert Emma Hollywood joins Viberts as a Senior Associate Viberts Corporate team advises on the sale of Omega to TEAM Viberts celebrates Senior Partner Charles Thacker’s 50 years at the firm Viberts announces ten firm wide promotions A profession emerges fit for the post-pandemic world A foot is 11 inches long. Alice in Wonderland? No, in Jersey it's perfectly true Viberts helps eleven-year-old William raise money for charity with ‘Magic Reindeer Food’ Fixed fee legal opinions and Form 7 certificates for HM Land Registry Espresso briefing: Updates to Jersey limited partnership legislation Viberts Employment Law breakfast seminar - The Employment Life Cycle - 'New Joiners' Putting a stamp on things Public Health pitfalls for Jersey landlords Viberts Family team win Corporate INTL 2022 award – Jersey Family Law Firm of the Year Conduct outside the workplace: paws for thought Car-on-bike collisions in Jersey: A legal update Compromise agreements explained Viberts Dispute Resolution team wins ‘The Global 100’ - ‘Litigation Law Firm of the Year - Jersey’ Case note: Royal Court decision on costs [2022]JRC016 Murray v Camerons Limited Viberts' staff raise £8,000 for four local charities Espresso briefing: Amendments to the Electronic Communications (Jersey) Law 2000 Reach Magazine interviews Rebecca De Freitas, Viberts Trainee English Solicitor Legal aid in Jersey has changed. What are the alternatives? The recent P&O redundancies highlight why it is critical to follow a fair process P&O Ferries and offshore employment Toxic ‘forever chemicals’ polluting the Jersey Water Supply P&O Ferries: settlement payments and sailing too close to the wind Contractual Interpretation – The Importance of making your intentions clear to all Connect Magazine interviews Viberts Partner Giles Emmanuel for its 'Time out with' series The Sandwich Generation Case Note: Dowling v Concentric Analytics Limited [2021] TRE 107; Tribunal decision on unfair dismissal Viberts launches Client Service Charter Stamp duty and buying for the first time in Jersey MONEYVAL visit update - next assessment is scheduled to take place in 2023 Viberts Associate Alexandra Cohen has been shortlisted in the Jersey Finance 2022 Rising Stars Awards Help! My parents need care Viberts Employment Law breakfast seminar - The Employment Life Cycle - 'Managing Sickness Absence' A pre-nuptial agreement: Insurance for your marriage An overview of Jersey’s 2022 election Case note: Royal Court decision [2022] JRC077 Falle v Russell & Russell Long Covid through the looking glass How would the will issues in the latest Downton Abbey film be resolved if it were set in Jersey? Viberts achieves an eleventh year of LEXCEL re-accreditation How a recent change in Jersey case law has impacted the calculation of child maintenance payments Viberts Employment Law breakfast seminar - The Employment Life Cycle - 'Misconduct' Bank of England scraps mortgage affordability test Top 5 Jersey divorce and separation myths Viberts lawyer shortlisted as future leader Case note: Royal Court decision on statutory annual leave accrued during sick leave Viberts announces three-year sponsorship of major Jersey Schools initiative Make Jersey great again for US investors Viberts recognised in latest Legal 500 UK 2023 rankings Viberts recognised in latest Legal 500 UK 2022 rankings Jersey Legal Opinions A guide to buying off-plan Viberts Employment Law breakfast seminar - The Employment Life Cycle - 'Leavers' Space for confusion Is a nest best? Medical mistakes – the rise of clinical negligence claims Viberts bursary student interviews: Isaac du Val and Ella Harrison World Cup fever – how to avoid getting caught offside Christmas and the workplace: no need to ‘Claus’ a scene Good Divorce Week - Ending the Family Court Crisis Child contact at Christmas: making a clear plan Viberts Private Client lawyer sworn in as Jersey Advocate Viberts announces promotions Viberts helps eleven-year-old William Highfield raise money for charity with ‘Magic Reindeer Food’ United we stand Viberts Employment Law breakfast seminar - Employment in a changing world - 'Challenges of the workplace' Case note: Royal Court decision on authorisation to administer vaccinations to person without mental capacity Jersey: Home to the world’s first “Data Trust” Trustees – Go green or go home Case Note: Court Decision [2015] JCA109 Rep of Otto Poon Trust Rebecca De Freitas qualifies as an English Solicitor Espresso Briefing – Guidance concerning the disqualification of a person from acting as a director Viberts Family Law lawyer sworn in as Jersey Advocate The cost of living crisis and relationship breakdown One year on – The new creditors' winding up procedure in Jersey Rebecca Gueno qualifies as an English Solicitor Viberts Employment Law breakfast seminar 28 June 2023 - Employment in a changing world - 'Managing Change' How Lasting Powers of Attorney can help you plan for the future Viberts Associate Sara Brady has been shortlisted in the Jersey Finance 2023 Rising Stars Awards Legal update: changes to the Control of Housing & Work (Jersey) Law 2012 Update on toxic 'Forever Chemicals' polluting the Jersey water supply Legal Update: Zero Hour Contract Review Philip Livingstone joins Viberts Legal 500 Jersey Litigation Comparative Guide Giles Emmanuel adds STEP to his professional qualifications Case note: Royal Court decision on application for leave to apply for judicial review: Greechan v States Employment Board [2023] JRC116 Is Covid to blame for family breakdown? Or is it the cost of living crisis or both? Viberts discusses potential legal action of residents affected by PFAS in BBC documentary Reinstating your Jersey company, what you need to know What if Barbie and Ken lived in Jersey? A shocking discovery: potential prescription error compensation for rheumatology patients in Jersey Jessie Filipponi qualifies as an English Solicitor
Home
Call +44 (0)1534 888666
Home Services People News & Insights About Us Careers Contact

Information Security and Data Governance

Information Security

What you need to know

This document details the information security principles that apply to all persons employed by, or contracted to, Viberts.

Failure to adhere to the guidance contained herein or to any policy/control referred to in this document (or provided to you as a part of your employment) may result in disciplinary action.

1. Introduction and your responsibilities at Viberts
2. Scope
3. Security of information and assets
4. Passwords and User Identifiers
5. Password requirements
6. Reporting of information security incidents
7. Acceptable use of company assets
8. Use of email
9. Special or privileged rights or access
10. Bring your own device (BYOD)
11. Remote working
12. Return of assets
13. Information and its classification
14. How data classifications are defined
15. Level 0: Public
16. Level 1: Internal
17. Level 2: Confidential (default for legal matters)
18. Level 3: Strictly confidential
19. Personal Data
20. How we secure confidential information
21. iManage Share
22. Clear desk policy

 

Introduction

Your responsibilities to Viberts
As an employee/contractor or third party of Viberts, you are bound by certain controls and obligations relating to the security, integrity & confidentiality of the firm’s information assets.

This document is concerned with both the security of Viberts information and the systems that contain, create & distribute said information. Its purpose is to support our legal, regulatory & compliance obligations in terms of both Viberts intellectual property and client/employee personal data.

Scope
This document is provided in addition to the HR handbook and associated policies, and is designed to clarify the requirements for information security relevant to all Viberts employees. It is also applicable to certain third parties, whether they are explicitly bound (e.g. by contractual terms & conditions) or implicitly bound (e.g. by generally held standards of acceptable behaviour).

The statements made within this Standard refer to the minimum obligations required by Viberts of its staff.

Security of information and assets

Passwords and User Identifiers
All users of Viberts systems are given a unique identifier (User ID) for their personal use. This ensures that the systems can identify users and can ensure auditability. As far as possible, these will be system-wide; however, some applications may require an additional user identifier.

User IDs must never be shared, as they act not only as an access method but also serve to digitally sign and mark all system-based actions (including email, document authoring and transactions within applications).

To prevent unauthorised access, in addition to your User ID, we use passwords or passphrases. Good practice dictates that these must be changed whenever you suspect that they may have been compromised. In addition, passwords and passphrases must never be shared with work colleagues.

If you forget your password, the Operations team will change it for you. You will then be required to change the password on your next sign in. This should be undertaken as soon as possible.

Please note that your passwords should never be written down.

Password requirements
All passwords used for Viberts-related activities should:

  • Be a minimum length of 8 characters
  • Always use a combination of alphabetic & numeric characters
  • Not be a repeat of any of your previous ten passwords.

(Should you forget a password, your account will be locked after three incorrect sign-in attempts.)

Please make passwords difficult to guess; never use simple dictionary words and don’t use a sequence of passwords such as password1, password2, password3.

Setting a secure password needn’t be difficult. Rather than using a dictionary word, consider using a phrase. When combined with special characters, this can create an extremely complex password. Here is an example of a complex password that is easy to remember:

R1.Tpiu! = Rule1.Thispasswordisunhackable!

Reporting of information security incidents
Viberts requires that all employees assist in the security of the business as a part of their everyday activities. As such, all employees are required to report any incident which they consider may be a security issue. This report should be made to the Operations team or to a Partner / line manager. This is especially important if you believe that a password has been compromised, if personal data has been accessed or if there is any evidence of malware.

Employees are also reminded that they must notify the Operations team as soon as possible if any portable device (laptop, external hard drive, USB key, smart device, phone etc.) is lost or stolen.

Acceptable use of company assets
Computer systems, email accounts, telephones (including mobile phones), voicemail boxes and other similar resources are the property of Viberts and are supplied to assist in the performance of your daily activities. Whilst some limited personal use is permitted, you should be aware that:

Viberts reserves the right to access all equipment and systems used to perform work functions (even if not owned by Viberts) for operational support and/or the protection of its information assets and the protection of client data.

All Viberts IT resources are provided solely for Viberts business use. Using any Viberts-provided resource to conduct another business is not permitted.

The provision of limited personal use must comply with all restrictions outlined in this Standard; however, further controls & constraints may be imposed by Viberts management. In addition, the following guidance is given:

  • It is not permissible to use unauthorized personal devices for company business. Also, the connection of unauthorized personal devices to Viberts networks is prohibited. (Exceptions may be made at the discretion of the Operations Manager or relevant Partner.)
  • If employees are permitted to use a personal device for business purposes, the provisions of this Standard apply to both the device and to any information stored thereon. All Viberts data held on a personal device must be removed immediately if requested by a duly authorized manager or Partner, or when the employee leaves Viberts.

Use of email
The following rules relate to the use of Viberts email:

  • Email is provided for business use, and the language used within email should reflect that. Please refrain from jargon and text speak, and adopt a business approach to content and style (especially where communications may be forwarded either internally or externally).
  • Staff are advised that the content of email is disclosable, i.e. a client can request internal & external email as part of a Subject Access Request. Please, therefore, do not include anything in an email that you would not include in a written memo or similar.
  • Do not include any comments or content which could be considered as harassment (e.g. information that could be construed as bullying or which refers to racial or ethnic origins in a derogatory manner). Do not use swear words or include any offensive or inappropriate material.
  • Email will be retained for monitoring and other business reasons and may be made available to HR and/or Operations as required.

Special or privileged rights or access
As a function of your role, you will have been granted access to various systems and applications. Your permissions within these applications have been agreed with Viberts management and in line with your job role. In some cases, additional access is granted for managerial/technical/business reasons and staff will be made aware of this when the associated rights are granted. It should be understood that abuse of this privilege is a reportable offence.

Employees are advised that all changes to user privileges can only be completed with a duly authorised request. Permissions should never be created, changed or deleted without written authority from the system owner or from an authorised manager/Partner.

If you believe that you shouldn’t have access to a specific application, or are uncomfortable with your level of access, this should be raised in the first instance with your line manager.

Bring your own device (BYOD)
Where appropriate, staff can use their own devices for business activities. This is subject to approval and the application of appropriate controls.

Employees and contract staff who prefer to use their own IT equipment for work purposes must be explicitly authorised to do so and must secure all equipment & data to the same extent as it would be secured on Viberts IT network.

Remote working
Viberts offers a remote working capability, providing similar access to that available in the office.

Staff who work remotely must treat information as securely as they would in the office, and should prevent family members etc. from viewing confidential data.

Return of assets
All employees, contractors and other third-parties must return company assets upon termination of their employment or contract.

Information and its classification
At Viberts, dealing with confidential & private data is our business. To protect these information assets, Viberts requires that employees be aware of the sensitivity of information encountered during their employment and of the impact to individuals and the firm should that data be subject to inappropriate disclosure.

Information should be classified as follows:

Public

There is no risk to Viberts if inappropriately shared.

Internal

No risk to Viberts and can be shared openly within the organisation. Minimal risk if shared externally.

Confidential

Appropriate handling is expected. Documents cannot be distributed internally or externally except with authorisation.

Strictly Confidential

Special care must be taken to ensure that distribution is appropriate and that all recipients are approved by the document owner.

 

Viberts recommends that the distribution of strictly confidential information should be encrypted; however it may be transmitted over email or similar if this has been accepted as the normal means of communication for a given client, matter or business activity and agreed as such with a relevant Partner.

How data classifications are defined

Level 0: Public
Public information is information that is neither privileged nor protected (e.g. not classed as intellectual property, covered by data protection, privacy regulations). Information in this category is considered as having no impact if lost or stolen.

Classification criteria: Disclosure of this type of information does not carry any risk to Viberts. Public does not, however, imply that the information is intended to be an official communication to the public. Appropriate procedures for deciding which information is made available to the public must be followed.

Level 1: Internal
This is information that is defined as “for business internal use only”. It is typically required for normal day-to-day work. Information in this category is considered as low impact if lost or stolen.

Classification criteria: Access to Internal information must be granted on a need-to-know basis. This classification level also includes information exchanged between departments insofar as it does not contain content classified as confidential.

Level 2: Confidential (default for legal matters)
Confidential information is information that may only be accessed by a limited group of known individuals. Information in this category is considered as having a high impact if lost or stolen.

Classification criteria: Disclosure of confidential information may lead to a breach of the company’s data protection obligations. Improper or unauthorised use of such information may infringe upon the ability of the firm to carry out normal business operations. Significant financial loss and/or reputational damage may occur as the result of the disclosure of confidential information.

Level 3: Strictly confidential
Strictly confidential information is intended for a very restricted group of known individuals. Information in this category is considered as having a very high impact if lost or stolen.

Classification criteria: This classification level identifies data that, if disclosed, may provide access to vital business information. If revealed to unauthorised persons, significant losses could be incurred. Additional consequences may include reputational damage, operational impacts and legal action.

Personal data
Personal data is information that, when used alone or with other relevant data, can identify an individual (data subject).

Personal data will be assumed to carry the default classification of Confidential as a minimum.

Sensitive personal data is information that reveals (for example) a person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, social security details, criminal history, sex-life or health data.

Sensitive personal data should be classified as Strictly confidential. Any exceptions must be discussed with the Data Protection Officer or designate.

Note: In some cases, personal data may be classified as Internal. This would include contact details provided by a data subject, information found in public address books etc.

When handling classified information, care must be taken to ensure that the contents are not divulged to unauthorised persons. Typical failures include leaving confidential documents unattended on photocopiers or sending email to an unintended recipient.

How we secure confidential information
This section deals predominantly with information that is transmitted electronically; however, confidential information stored physically as paper files etc. should be secured following best practice for physical security, e.g. locked in a secure cabinet or office.

Where sensitive documents need to be sent electronically, we must ensure that the recipient’s contact details are correct. In order to do this, the client or other receiving party should be contacted to ensure that we have the correct details on file.

Where information is deemed to be of a low data protection risk, and when agreed with the receiving party, it is acceptable to send information via email. Consideration should be given however as to whether any documents should be password protected.

Where files contain information of a highly confidential nature, email can still be used; however, the information should always be password protected (and the password sent via an alternative channel, e.g. phone call).

A secure alternative to email that should be considered for collaboration with external parties (and in particular for highly confidential information) is the Viberts iManage Share platform …

iManage Share
iManage Share provides a secure, cloud-based sharing solution that ranges from secure email attachments to large file exchanges and shared collaboration folders. Its web interface allows you to access both your private and shared content. It also enables Viberts administrators to govern user access and firm content.

All Viberts staff have access to iManage Share and help & assistance is available from the Operations team.

Clear desk policy
Viberts has a clear desk policy. Its primary purpose is to ensure that confidential and sensitive information is not made available to unauthorised individuals. All employees should ensure that their desks are cleared, and any personal items appropriately secured, when leaving the office.

Over and above the principles stated in this document, all staff have a duty to colleagues & clients to ensure that every care is taken in guaranteeing the confidentiality and integrity of information.

APPENDIX A

Appendix A (Internal document control only)

Exception management

It is recognized that there may be circumstances that fall outside of the ability to comply with and/or conform to this Standard. In such instances, an exception shall be documented and approved.

This section defines the requirements to formally authorise exceptions where control cost is (temporarily) much greater than the risk represented from non-compliance, or where there are other mitigating or compensating circumstances that help obtain the same level of control.

Exceptions to the fundamentals of this Standard shall require the approval of the Viberts partners and/or their CISO or his delegate and may require ratification and/or the approval of the Data Protection Officer or manager.

Relevant stakeholders (e.g. the designated Data Protection Officer) must be consulted and involved at an early stage in exception management, and be part of the decision process, whenever such exceptions impact their areas of responsibility.

(Exceptions may occur because of certain legal, regulatory and/or contractual constraints, or the process of parts of this Policy may be suspended for a period because of internal or external factors. In such cases, documented exceptions must be identified in this Appendix and retained for internal risk reference.)


System

Details of deviation from Agreement

Agreed between Business and IT/IS (Y/N)

Risk assessment completed (Y/N)

Deviation approved (Y/N)

 

 

 

 

 

 

 

 

 

 

APPENDIX B

Appendix B (Internal document control only)

Department/Function applicability

Departments

Employees

Office

All

All

All

 

 

 
Document Control

Date

Author

Modifications

20/08/2019

IS Team

Draft

29/07/2020

AG, RM, NM

Update to all comments and template alignment

31/07/2020

Nick Miller

Minor changes

31/07/2020

Nick Miller

Updated post review

12/08/2020

Nick Miller

Addition of data location requirement

18/05/2021

Nick Miller

Removed password suggestion

14/06/2022

Nick Miller

Reviewed

05/04/2023

Nick Miller

Rewritten for clarity and iManage Share section added

 

View IT