IT Policy & Guidelines

This page is for Lime Tree House staff only. Please enter the staff access password to continue.

Incorrect password. Please try again or contact the Administrator.

IT Policy & Guidelines

For Lime Tree House staff — please read and follow these guidelines to keep our systems and patient data safe.

Threat Awareness

Report Immediately

Suspected virus, ransomware, unknown device plugged in, lost USB drive, suspicious email clicked, or any data breach involving patient information.

Report Same Day

Unexpected pop-ups, slow system behaviour, unknown software installed, suspicious email received but not clicked, forgotten to scan a USB.

Good Practice

Regular password changes, logging out when leaving a workstation, locking screens, keeping Vipre updated, checking USB before use.

🛡️ Vipre Antivirus

All Lime Tree House computers are protected by Vipre antivirus software. Vipre runs automatically in the background and updates itself regularly. You do not need to do anything to keep it running — but please be aware of the following:

  • Never disable or pause Vipre protection, even temporarily
  • If Vipre displays a warning or alert, do not dismiss it — note what it says and contact the Administrator immediately
  • If Vipre appears to have stopped running (no icon in the system tray) report it immediately
  • Do not install any software that claims to be antivirus or security software — Vipre is the only approved product
  • Vipre scans all USB devices automatically when plugged in — wait for the scan to complete before opening any files

⚠️ If you think you have a virus

Stop what you are doing immediately. Do not try to fix it yourself.

  • Do not turn the computer off — leave it on so the Administrator can investigate
  • Disconnect the network cable or turn off Wi-Fi if you can
  • Do not use the computer for anything else
  • Call the Administrator straight away on the number below

IT Policies

🔌 USB Drives & External Devices

  • All USB drives must be scanned by Vipre before any files are opened
  • Only use USB drives provided or approved by the Administrator
  • Never plug in a USB drive found anywhere — hand it to the Administrator
  • Do not use personal USB drives on Lime Tree House computers
  • If a USB drive is lost or stolen report it immediately — it may contain sensitive data
  • Do not connect personal phones, tablets or cameras via USB without permission

🔑 Passwords

  • Passwords must be at least 10 characters long
  • Use a mix of uppercase, lowercase, numbers and a symbol
  • Never share your password with anyone — including colleagues
  • Never write your password on a sticky note or leave it visible
  • Change your password every 90 days or immediately if you think it has been compromised
  • Do not use the same password for work systems and personal accounts
  • If you forget your password contact the Administrator — do not attempt to reset it yourself

📧 Email Vigilance

  • Never click a link in an email unless you are certain it is genuine
  • Never open an attachment from an unknown sender
  • Be suspicious of urgent requests for passwords, bank details or personal information — even if they appear to come from someone you know
  • If in doubt, call the sender directly to verify before clicking anything
  • Report suspicious emails to the Administrator before deleting them
  • Never use your work email address to sign up for personal websites or services

🖥️ Workstation Security

  • Always lock your screen when leaving a workstation — press Windows + L
  • Log out fully at the end of your shift
  • Never leave patient records or sensitive information visible on screen
  • Do not allow visitors or family members to use Lime Tree House computers
  • Do not install any software without permission from the Administrator
  • Report any damage to hardware immediately

🌐 Internet Use

  • Internet access on Lime Tree House computers is for work purposes
  • Do not visit unfamiliar or untrusted websites on work computers
  • Do not download files from the internet without permission
  • Do not use work computers to access personal social media accounts
  • Be aware that internet activity on work systems may be monitored

📱 Personal Devices

  • Do not connect personal phones or tablets to the Lime Tree House network without permission
  • Do not photograph or screenshot any patient records, files or computer screens
  • Do not transfer work files to personal devices
  • If you need to work remotely speak to the Administrator about approved methods

Synology DS1525+ — Intranet & File Server

What is the Synology?

The Synology DS1525+ is our internal file server and intranet. It stores shared documents, policies, forms and records that staff need access to. It is only accessible from within the building on our internal network, or via the secure QuickConnect address provided to you by the Administrator.

📁 Using the File Server

  • Only access folders you have been given permission to use
  • Do not move, rename or delete files without authorisation
  • Do not store personal files on the file server
  • Save all work-related documents to the correct shared folder — not to the desktop of the local computer
  • Do not share the QuickConnect address or your login credentials with anyone outside the organisation
  • Report any access problems to the Administrator immediately
  • The file server is backed up automatically — if you accidentally delete something contact the Administrator who may be able to restore it

Patient Data & GDPR

⚠️ Patient data is sensitive personal data under UK GDPR

Mishandling patient information is a serious matter and could result in disciplinary action, regulatory investigation by the ICO, and damage to the reputation of Lime Tree House.

🔒 Handling Patient Information

  • Never discuss patient information in public areas or where it could be overheard
  • Never photograph, print or copy patient records without authorisation
  • Never email patient information to a personal email address
  • Always log out of any system containing patient records when you have finished
  • If you receive a request from anyone — including family members — for patient information, refer them to the Registered Manager
  • Report any suspected data breach immediately to the Administrator and Registered Manager — we have a legal obligation to report certain breaches to the ICO within 72 hours

🚨 IT Incident — Who to Contact

IT Administrator
Steven Brearley
admin@limetreehouse.org.uk 0161 973 7956
Registered Manager
Julie Brearley
admin@limetreehouse.org.uk 0161 973 7956
Data Protection / ICO
Information Commissioner's Office
ico.org.uk 0303 123 1113
IT Support
Steven Cole | IT Administrator
steve@resolveit.me.uk 0303 123 1113

This policy was last reviewed May 2026. If you have any questions about any of the above please speak to Steven Brearley, Administrator.