• Intellectual Property

    by HR HR | Aug 31, 2022

    All rights, copyright, title, interest in, information, data, reports, documents, inventions, trademarks, designs, publications and generally all items of work produced by employees during the course of their employment, together with any other intellectual property rights arising out of the provision of employment with the Institute, are owned by the Institute. This includes all global rights.

  • Travel Insurance (UK)

    by HR HR | Aug 31, 2022

    Annual Travel (holiday) Insurance

    CISI offer permanent employees after one years service the option to join the Annual Travel (holiday) insurance scheme, currently with Pulse. CISI will pay your annual premium, and you will pay tax on the value of your premium (this is included on your annual P11d form).

    Premiums:

    2022-2023
    Single cover£84.00
    Couple/ Single parent/ Family cover£145.60

    Travel insurance - Pulse policy wording - from 1 April 2022

     

    Pulse Insurance - Covid Guidance Note - 2022


    Part time staff are asked to make a contribution to towards the premiums.

    Staff are required to complete the necessary application forms, as staff are not automatically covered by the scheme.  Staff are responsible for informing the provider of any additional dependants to be covered and of any change of address or personal details.

    Please note that exclusions do apply and that staff are urged to familiarise themselves with the policy documentation (provided when confirmation of cover is received) which also explains how to make a claim.  Further details are available from HR.

    If you would like to join the scheme please email HR@cisi.org with the following information:

    • Your Name
    • Date of birth
    • The cover you require eg single, couple, single parent or family (the policy only covers children up to 25 years of age)
    • Date you would like the cover to start (1st of a month)

  • Discretionary Bonus Scheme

    by HR HR | Aug 31, 2022

    Each year the Board may allocate an amount to be paid as discretionary bonuses to individuals who are considered to have made an exceptional contribution to the Institute in the preceding 12 months.

    No employee has the right to expect a bonus in any circumstances. The payment of a bonus does not give any right or imply that any future bonuses will be paid. They will be considered entirely at the discretion of the Board, as advised by the Chief Executive.

  • Travel and London Office Allowance

    by HR HR | Aug 30, 2022

    Overview 

    Permanent employees who have completed their probation period and are required to attend the London office, are eligible for the Travel and London office allowance benefit.

    For employees who are based in the London office, their nominal annual travel cost (travel element) will be calculated on their direct journey to the London office for 2 days a week (full time employees) for 50 weeks a year, if this element is under £2,500 per annum, they may also receive a monthly allowance.

    Employees who work four or five days a week in the office will be eligible for an annual travel ticket, subject to the criteria below.

    Benefit

    There are two elements to the travel and London office allowance, which combined, has a minimum value of £2,500pa.

     


    This means that full-time employees, if they attend the London office two days a week, can receive a minimum benefit of £2,500 per annum.

    Please note that all travel reimbursements require a valid receipt. Please refer to the Finance page on the Intranet if you are unsure what qualifies as a valid receipt.


    1. Nominal annual travel cost (travel element)

    • For the purposes of calculating the cost of travel when visiting the London office, the journey is the most direct route from the employee’s nearest home train/ tube to the nearest train/ tube within reasonable walking distance of 20 Fenchurch Street.
     
    • There is now no maximum distance limitation
    • The nominal annual travel element is based on the cost of visiting the office for two days a week, for 50 weeks a year, 100 days in total (full time employees).
    • Employees will be reimbursed for the cost of travel when visiting the London office, up to maximum of £4,200 per annum.
    • The Tax and NIC liability for this element is subject to HMRC rules, please see below.
    • For employees who have purchased their own season ticket e.g. a weekly or monthly ticket, which they use on the days they travel to the London office, we will apportion an element to calculate the daily rate, as follows:
    - The cost of the ticket will be divided by the number of days the ticket covers, for example the cost of a weekly ticket will be divided by seven days to give a daily rate.
    - For example, if a zone 1-4 weekly travelcard costs £50.50, divided by seven days gives a daily cost of £7.21. This amount will be reimbursed gross and the Tax and NIC liability for this amount is subject to HMRC rules, please see below.
    • Employees who have purchased a ‘Flexi ticket’ can submit a claim when the ticket is purchased. The amount reimbursed is to cover the cost of the employee’s next eight journeys to the office, regardless of whether the ‘Flexi Ticket’ is used for the next eight journeys.
    • If you have purchased a card which gives you discounted travel, you will be reimbursed for the actual price of the ticket you have purchased not the cost before the discount.
    • If an employee regularly cycles to visit the London office, they can claim a mileage allowance of 20p a mile which is paid tax free if their place of work is designated as their home address (please contact HR@cisi.org).

    2. Allowance element

    • To calculate your allowance element, we will use your nominal travel cost based on the information you provide regarding your normal journey to the London office.
    • The allowance element is the difference between the minimum Travel and London office allowance of £2,500 pa and the employee’s annual nominal travel cost (travel element).
    • The allowance is paid as a monthly amount via the payroll and is subject to deductions for tax and NIC.
    Notes:

    • The Travel and London office allowance is pro-rata for part-time employees and the travel element is calculated on the pro-rata number of working days they will visit the office.

    • Maternity – employees on maternity leave are entitled to their terms and conditions of employment, apart from salary, and will receive the allowance element, where applicable, of the Travel and London office allowance.
    • The scheme applies to employees who are required to visit the London office.
    • The two elements will be recalculated annually.


    3. Employees who are based in the London office

    Those employees whose place of work is the London office, which they attend for 4 or 5 days a week, can apply for an annual travel ticket for their direct journey from home to work. The ticket does not cover additional items, eg a first class seat, car park tickets or an underground travel card if their direct journey is within reasonable walking distance of the office.

    The maximum value of the travel ticket will be £4,200 pa, and the tax and NIC will be paid on the value of the ticket via the payroll. If the cost of the annual travel ticket is under £2,500 pa, the balance will be paid as a monthly allowance and subject to deductions for tax and NIC.

    The cost of the annual travel ticket can be claimed via the expenses system, and please tick ‘HR approval’ in Webexpenses. Please contact HR@cisi.org for further information.

    4. Travel via different journeys or free annual travel card

    For employees who use different methods of travel, a non-standard journey, eg walk, bus, tube or who do not pay for their annual travel ticket, there is the option to receive the allowance of £2,500 per annum, rather than claiming for different journeys. The allowance will be paid monthly via the payroll and subject to deductions for tax and NIC.
    Please note, as the calculation of the Travel and London Office allowance is personal to you. If there are any subsequent changes, eg you move or change your journey you will need to inform HR immediately so we can ensure you receive the correct allowance element.
    If you do not inform us and receive a higher amount than you are entitled to, this may lead to disciplinary action.

    Nominal annual travel cost (travel element) - reimbursement

    Reimbursement of the following can be made via the expenses system:

    • Travel tickets:
    - By submitting a valid receipt (see: https://www.cisi.org/cisiweb2/intranet- new/departments/finance)
    - Claims for a proportion of a ticket eg weekly, monthly, annual which the employee is using to travel into the office. The daily rate is calculated by dividing the cost by the number of days eg a weekly ticket cost divided by 7 days to give a daily rate.
    • Claims for a ‘Flexi ticket’ can be submitted with the receipt when the ticket is purchased. The amount reimbursed is to cover the cost of the employee’s next eight journeys to the office, regardless of whether the ‘Flexi Ticket’ is used for the next eight journeys.
    • Cycling claims – the mileage allowance for cycling to visit the London office

    • Claims for travel should be made each month and authorised by your manager, and the Finance department will reimburse the amount into your bank account.

    • Employees may have a future tax and NIC liability on the amount reimbursement for travel to the London office, subject to the HMRC rules, please see below.

    Tax and NIC liability

    HMRC rules
    The current HMRC rules on reimbursing travel expenses are as follows:

    HMRC rules say - If the employee comes in for meetings, training, activities they can only do in the office, ad hoc reasons, that are not normal contractual / substantive duties - for less than 40% of their contractual days and the London office is their temporary place of work then travel can be reimbursed tax free.

    If employees wish to change their contractual place of work to their designated home address, please complete this form. 


    • At the end of the year (01 March to 28 February) the average percentage of contractual days the employee has visited the London office will be calculated and their tax and NIC liability will be calculated.
    • If there is a tax liability, the Employee will pay tax and NIC on the total amount that has been reimbursed during the year. The total value of amount reimbursed in the year will be added to the March payroll and the employee will pay tax and NIC on the total amount that has been reimbursed during the year.

    1 It is an employee’s personal responsibility to monitor the number of days they attend the London office. The 40% attendance rule is effectively an “all or nothing” consideration. If an employee breaches it for instance by 1 day, travel costs for the entire tax year become liable to tax and NICs at the end of the year.
    2 An annual travel ticket must be purchased upfront in order for the tax and NI to be deducted from the amount reimbursed monthly via payroll.

    Leaving CISI
    When an employee leaves the Institute, if they have visited the London office for more than an average of 40% of their contractual days since the start of the tax year, tax and NIC is due on the value of the travel which has been reimbursed. This amount will be included in their final salary calculation.
     

    Q&A


    Q - How is the 40% calculated?
    A – It is 40% of your contracted working time/hours. For example, if you work 5 days a week 40% is 2 days a week/ average of 104 days in the 12-month period (1 March to 28 February), if you work 3 days – 40% is 1.2 days a week/ average of 62 days in the 12 month period

    Q – Are Bank holidays included in the number of working days each year?
    A - Yes as technically a bank holiday is a working day, and we are paid for the day.

    Q - How will the 40% average number of days be calculated if I leave CISI?
    A – it is 40% of the number of days you have worked from the start of the period to your last day of employment.

    Q- How will the 40% average number of days be calculated as I joined CISI during the period?
    A – it is 40% of the number of days you have worked since being eligible for the allowance to the end of the period.

    Q - How does the policy apply to me as I do not pay for my travel as I have a 60+ London Oyster photocard, London Freedom Pass or Disabled Person's Freedom Pass.
    A – Where the pass allows the employee to travel to the office free of charge, they will receive the allowance element, which will be subject to tax and NIC. This should be claimed via HR.

    Q – If I have purchased a card which gives me discounted travel, does this mean I could receive a higher allowance?
    A – yes, provided the cost of the discounted travel is less than £2,500pa, when calculated on visiting the London office for 2 days a week for 50 weeks a year.

    Q - Why is the travel and London Office allowance calculated on 100 days?
    A – This is calculated on the basis of 2 days a week for 50 weeks a year. It is not calculated on the actual number of days because we do not wish for there to be any incentive or disincentive to come to the office.

    Q – If my place of work remains as the London Office but I am planning to attend the office for a different number of days each week (more than two and less than 5 days a week), how is my travel calculated?
    A - We would calculate your nominal annual travel cost based of 2 days a week for 50 weeks a year, and if this is under £2,500 pa, you will receive the balance as an allowance. You will be able to claim for your travel tickets, and at the end of the year the total value of amount reimbursed in the year will be added to the March payroll, so you pay the tax and NIC due.

    Q- I have been reimbursed for the cost of my travel tickets, when will I pay the tax and NIC?
    A – The tax liability depends on the percentage of days you have visit the office. If this is more than 40% of your working days, you will pay the tax and NIC on the total value of the tickets which have been reimbursed, irrespective of your place of work. This amount will be included in the March payroll each year.
    You may wish to monitor the number of days you attend the London office. The 40% attendance rule is effectively an “all or nothing” consideration. If an employee breaches it for instance by 1 day, travel costs for the entire tax year become liable to tax and NIC.

  • Wellness Allowance

    by HR HR | Aug 30, 2022

    The Wellness Allowance is available from August 2022. It replaces the no unplanned absence vouchers and the sports allowance, building on both to provide a holistic wellness benefit.

    Wellness is the experience of overall health. It encompasses good mental, physical, financial, and social health. Examples of activities and items that come under the umbrella of wellness and the Wellness Allowance are shown in the appendix of this policy.

    There are two pre-requisites to the scheme: the benefits employees purchase must be for themselves, and they must be something that employees can specifically set a goal for and report back on their progress.

    This policy operates on the principle of trust and places the onus on employees to track their own progress. Therefore, no proof of payment will be required.

    All permanent employees are eligible for the allowance from day one of their employment. 

    How to Apply

    To receive the allowance, employees must complete the Wellness Application Form on the Cascade HR Portal. The form requires employees to plan out how they will use the Wellness Allowance over a 12-month period. It is mandatory for the employee to complete all questions on the form.

    Once the application form is submitted HR will review the application and, if approved, the employee will receive the wellness allowance for up to 12-months.

    If the employee requires the allowance for less than 12-months, it is the employee’s responsibility to inform us that the payment should end earlier. Please note that the monthly allowance is a fixed amount of £30 (or local equivalent), therefore if you are claiming the allowance, it is the employee’s responsibility to ensure that the money is spent as this policy intends.

    Forms must be submitted on or before the 1st of the month to receive the allowance starting from that same month. If submitted after the 1st of the month, the allowance will be paid from the following month. Payments will not be backdated.

    One month before the allowance ends employees will receive a notification to reapply for the allowance. Employees will then need to submit a new form.

    If the new form is not submitted on time the allowance will stop until the form has been submitted. Payments will not be backdated.

    Allowance

    The Wellness Allowance is paid via payroll and is subject to any local taxes. The allowance is the same for all employees, based on location, regardless of which wellness activities they engage in. Please see the table below for the allowance for each office. 

     UKSri LankaIndiaUAEPhilippines
    Monthly Allowance30 GBP3,000 LKR1,200 INR150 AED700 PHP

    * Allowance is not pro-rated for part-time employees

    This is a monthly allowance and any balance for the year will not be paid if an employee leaves CISI, nor at the end of a 12-month period if the employee has not claimed the full allowance.

    If an employee’s circumstances change and they will no longer use the allowance as planned, they should inform HR immediately.

    Wellness Activity Examples

    Examples of activities and items that the wellness allowance could be used for:

    • Addiction assistance
    • Chiropractic / Osteopathic care
    • Evening classes
    • Financial advice
    • Fitness app(s)
    • Fitness classes
    • Fitness equipment
    • Gym membership
    • Health / wellness coaching
    • Health magazines / books
    • Healthy meal kits / dietary supplements
    • Life coaching / therapy
    • Massage
    • Meditation – guided meditations can be purchased as standalone classes or through subscription products like Headspace, Calm and Unplug.
    • Personal trainer
    • Private medical check-up
    • Recreational sports leagues
    • Stress / sleep / relaxation apps
    • Yoga classes

     This is not an exhaustive list but gives guidance on what can be considered a wellness activity.

    Wellness Plan Examples

    Please do not provide personal details in your answers.

    Please note that your form may contain a combination of multiple purchases and goals to explain how you plan to use the allowance. Below are some examples of what level of detail is and isn’t required.

    Q&A

    Q. I am due my no unplanned absence vouchers, will I still receive them?
    A. The final no unplanned absence vouchers will be paid for the period July to December 2022.

    Q. I forgot to apply by the deadline, can I backdate my allowance?
    A. No, the wellness allowance payments will not be backdated.

    Q. I am currently receiving the sports allowance, will I automatically get the wellness benefit.
    A. No, you will need to apply for the wellness benefit. We encourage all employees currently receiving the sports allowance to transfer to the wellness allowance by 1 August 2022 to receive the allowance in the August payroll.


     

  • UK Pension Allowance

    by HR HR | Aug 30, 2022

     

    UK employees with five years’ service who receive pension contributions at 12.5% can, if they wish to, ask CISI to convert up to 3.5% of their employer pension contribution to a pension allowance. 

    The employee will receive the pension contribution less the employer’s national insurance contribution (NIC) as a pension allowance with their monthly salary and this is subject to all statutory deductions.

    Further information is available from HR.

    This is an option CISI is offering to employees and you may wish to get financial advice if you have any questions regarding changing your pension contributions or your pension arrangements.

    Q&As

    Question: Am I able to convert some of my pension contributions to a pension allowance if I do not have 5 years service and am not receiving pension contributions at 12.5%?

    Answer:  Only UK employees with five years’ service who receive pension contributions at 12.5% can, if they wish to, ask CISI to convert up to 3.5% of their employer pension contribution to a pension allowance, as the minimum level of contributions required by CISI’s scheme is 9%.

    Question: How do I apply to convert up to 3.5% of my employer pension contributions to a pension allowance?

    Answer: Please complete the form with your instructions and return it to HR.

    Question: I am currently required to make 1.5% pension contribution under the salary exchange scheme as part of contract of employment, will this change?

    Answer:  The 1.5% pension contribution you are making under the salary exchange scheme can continue.  It has the advantage that you do not pay tax and NIC on these contributions.  If you wish to stop making contributions via salary exchange, please complete the form with your instructions and return it to HR.

    Question: Can I decide the amount I would like to convert to a pension allowance?

    Answer: Yes, you can convert any amount up to 3.5%

    Question:  Is there the option to change the amount I convert?

    Answer:  Yes, you can make two changes to the amount you convert each year, and you have the option to cancel the pension allowance and revert to 12.5% employer pension contributions.

    Question: How can I calculate what I would receive as a pension allowance?

    Answer: If you are converting 3.5%, you can calculate 3.5% of your annual basic salary and then divide it by 12, to get the monthly amount, employer’s national insurance is deducted and you are paid the net amount as a pension allowance, which is subject to all statutory deductions.

    Please download the Pension Allowance Form here

  • Salary Exchange - Pension

    by HR HR | Aug 30, 2022
    What does “Salary Exchange” mean?

    Salary Exchange means giving up the right to receive part of your cash salary in exchange for a benefit. 

    Salary exchange is a tax efficient way of making payments into your pension plan.  You will receive tax relief at your highest marginal rate and an employee National Insurance saving.  In addition, CISI currently enhance your payment by 13.8% which represents the Company’s National Insurance saving.   Please note that payment of this enhancement is at the company’s discretion.

    Salary exchange is a legal arrangement, changing your contract of employment, whereby you agree to a reduction in your contractual salary in exchange for a contribution of equivalent value into the CISI pension scheme.  

    What is my Nominal salary?
    Your nominal salary (before the Salary Exchange) will be used when calculating your pension
    contributions and payments under the staff insurance policies where benefits are calculated on your
    annual salary e.g. life insurance and income protection. In the event of a claim under the income
    protection policy, the Salary Exchange arrangement will stop. Your nominal salary will also be used as
    the reference point for any changes or payments related to salary including any future salary raises,

    redundancy payment and bonuses.

    What is the advantage in paying the pension contribution I make via salary exchange?
    It is an advantage as you will not pay tax and national insurance on the proportion of your salary you are

    ‘exchanging’.

    Will I be able to claim additional tax relief on this contribution to my pension?
    You are unable to claim tax relief on this contribution as this is classed as an employer contribution.

    However you will have saved the tax and national insurance on this amount.

    I already make a personal contribution to my pension, what do I have to do?
    If you wish to enhance your pension contributions under a Salary Exchange arrangement, and are
    currently making employee contributions, you will need to cancel the monthly amount you pay, and then

    the Salary Exchange can be set up.

    Employers NIC
    At CISI’s discretion it may enhance the amount you are paying in to your pension via salary exchange by

    adding the employers NIC to your contribution. This is discretionary and may be changed.

    What happens if I leave the Institute?

    If you leave the Institute, the Salary Exchange arrangement will end.

    Effect of Salary Exchange on benefits
    With a Salary Exchange arrangement, your gross pay is affected, which in turn can impact upon the
    amount of tax and National Insurance Contributions you will pay. Some state benefits are based on the
    amount of national insurance contributions you have paid, for example statutory maternity pay, child tax
    credits and the state pension. While the effect of entering a Salary Exchange arrangement is likely to be
    small, it will depend on your individual circumstances. Further information is available on the HMRC

    and Government websites.

    Salary Exchange in to Pension

    For employees who joined before 28 April 2014
    If you wish to make an additional contribution to your pension via salary exchange, please complete and return to HR the attached form, agreeing to vary your contractual salary for the period the Salary Exchange arrangement is in place.

    Employees who joined on or after 28 April 2014
    As set out in your employment contract, 1½% of your basic salary is collected from your salary via salary exchange, and paid with the Institute’s contribution in to your pension. After five years’ continuous service with the Institute, the Institute’s contributions increases to 12½% of your basic salary and you may choose if you wish to continue to contribution 1½% of your basic salary via salary exchange. Please see your contract of employment for further information.

    You can also increase the amount that you contribute by salary exchange by completing and returning the attached form.

    What is the maximum amount I can contribute to my pension via salary exchange?
    You can sacrifice a maximum of 60% of your salary, but you must remember that this will impact on the amount of money you will take home each month.

    What happens when I go on maternity leave? Statutory maternity pay (SMP) is classed as a statutory payment and cannot be reduced by Salary Exchange schemes. Therefore the Salary Exchange arrangement will need to end when you are approx. 30 weeks pregnant. If you are contractually required to make a contribution to your pension, this will still be deducted each month via the payroll.

    What do I need to do to cancel or change my Salary Exchange arrangement?
    If you would like to cancel or change your Salary Exchange arrangement, you may do so at any time giving at least one month’s notice. See question regarding maternity leave. However any contractual contributions via salary exchange cannot be cancelled.

    Example of the advantages of contributing to your pension via salary exchange (this does not include any contractual contributions)

    Please click here to download the Salary Sacrifice Request form

  • Sri Lanka Induction Procedure

    by HR HR | Aug 24, 2022

    As the new employee's line manager, you have a key role to ensure your new team member has a productive introduction to the Institute.  Please use this information, which can be adapted, to produce an Induction programme, you can involve members of the team or the 'Buddy' to help you.  

    Prior to Employee Joining

    Complete the Staff Leaver / Mover / Joiner Form which goes to IT and Facilities, when you know that an employee will be joining, your team.   IT can then start setting up the required hardware and software.

    • Arrange the following:
      • Door Access - An appointment with IT / Facilities for the employee to get their door access on their first day, and for their photo to be included in the Who’s Who section of the Intranet.
      • Arrange an appointment with IT for the employee to collect their laptop on their first day.  They are also usually given a short introduction to CISI’s systems
      • Arrange an appointment with Facilities ideally for the employee’s first day.  This will cover the location of fire exits, evacuation point and procedures, lockers, stationery, health & safety and they can collect their ID card
      • Identify a 'Buddy' and agree with the person and their manager, that they will be the new employee's buddy.  Set up a meeting for the employee to meet their buddy on their first day (this can be online). Also arrange the buddy lunch for the employee’s first week. (See Annex B – Buddy Scheme Guidelines, and provide a copy of these guidelines to the buddy)
      • Send HR the name of the employee’s buddy
      • Allocate a desk for the new employee for their first day in the office
      • Arrange to be in the office to meet new employee on their first day (or for another member of the team to come in)
      • Send an email to Dataprotection@cisi.org to book the employee on to the next Data protection & Cyber Security briefing session for new staff,
      • See Annex A- Meeting Colleagues, and arrange the appropriate meetings eg with their Executive Director, the Chief Executive etc.  Wherever possible please arrange for the new starter(s) to see ET/ Department Managers (outside of your department) at the same time as other new people, which may mean co-ordinating diaries.   Similarly, if you are asked to see a new starter, see if there are other new starters you can invite to the same meeting. 
    • Review the job description and make any necessary amendments to ensure that it reflects the job and return this to HR;
    • Prepare an induction pack for the new employee to include:
      • Their Induction Programme
      • Job Description
      • An organisation chart (available from HR)
    • Order from Customer Support Centre a copy of the Fundamentals of Financial Services workbook (Level 2 Award) (unless not appropriate) 

    Day 1

    • Please welcome the new employee and introduce them to the team.
    • Settle them at a desk and take them to IT / Facilities to get their door access (at the pre-arranged time)
    • The pre-arranged meeting with IT should take place today for them to collect their laptop and headphones
    • The pre-arranged meeting with their Buddy and a meeting with the Country Head should take place today.
    • Introduce the new employee to all staff in the office (N.B. this is for the new employee to 'show their face' to staff rather than them to remember everyone).
    • Ensure they are shown the fire exits from the building, the evacuation assembly points and the emergency procedures if they are working alone in the office or during ‘out of hours.
    • Ensure that are aware of keys or access arrangements and everything else relating to Health & Safety within the office
    • Meet with employee to cover an overview of the induction process, their job role, overview of organisational structure, job description, buddy, and important items relevant to their job or department e.g., whether there are team meetings or one to one meetings and their frequency.  Discuss any specific IT training that will be required.
    • Show them how to access the intranet and the staff handbook
    • The HR induction meeting will take place either when they arrive on their first day or over their first couple of days.
    • Start IT training: which may involve shared drives, outlook, e-days, overview of systems and Databases, and telephone training.  Discuss any specific IT training that will be required

    Week 1

    • Explain the operational priorities for the team, CISI’s objectives for the current year, and how these link to team objectives and their individual objectives.
    • Explain CISI’s mission statement, which can be found on the intranet, and its purpose which is: “To champion lifelong learning and integrity, raising individual standards of knowledge, skills and behaviour globally to enhance public trust and confidence in financial services.
    • The pre-arranged meeting with the department Executive Director.  This can take place online
    • Speak to the CEO’s PA regarding to arrange a meeting with the CEO.  This can take place online
    • Agree initial Personal Objectives, which may focus on learning the job and put the objectives on the employee's Performance Management Form for the current year.
    • Allocate time for the employee to look at Intranet and Website to gain a better understanding of CISI’ s Services and read Employee Handbook and other CISI brochures
    • The ‘Buddy’ Lunch should be held this week.
    • Continue training the employee on department relevant IT systems (continuous throughout Induction period)
    • Allocate half a day during the first week for the employee to take and pass Integrity Matters
    • Allocate half a day during the first week for the employee to take and pass Cyber Security: How to Keep You and the CISI Safe
    • A meeting with Finance should take place during this week, if relevant
    • Plan for the employee to take the Fundamentals of Financial Services (Level 2 Award) exam by the end of their induction programme. NOTE - New employees with less than five years
    • relevant industry experience should pass the ‘Fundamentals of Financial Services’ to learn about the Financial Services Industry.  If you feel it is not appropriate, please inform their director and HR, during the first week of their employment.
    • Discuss the job description with the employee and return a signed copy to HR by the end of this week.

    Week 2

    Continue on the job training and meetings as set out in the Induction Programme

    Allocate half a day for the employee to take and pass:

    • The General Data Protection Regulation Professional Refresher
    • Diversity and Inclusion Professional Refresher

    Week 3

    Continue on the job training and meetings as set out in the Induction Programme

    Allocate half a day for the employee to take and pass:

    • UK Bribery Act Professional Refresher or in week 2

    Week 4 - to end of probation

    • Week 4 – Mid Induction Review - At the end of the first month a meeting should be held to review the employee's induction to date.  The line manager should check how the employee is settling in and that the induction programme is on track, discussing any other assistance they need to help them settle into their new job.  They should check that the employee has passed the three Professional refreshers and Integrity Matters.
    • Week 8 - 12 – ongoing review of Induction programme
    • If the employee’s role requires authorisation to commit the CISI to financial expenditure, this should be discussed with HR.
    • If there are any concerns regarding the employee's performance the line manager should contact HR and their Director as early as possible 

    End of Induction / Probation Period

    • As you come to the end of the employee’s end of probation, please review their performance and values.  If you are happy to confirm the employee’s end of probation, please confirm with your line manager or ET member.
    • If you have any concerns regarding the employee's performance or their probation period, your Director and HR should be contacted immediately before the meeting takes place
    • You should meet with the employee before the end of the probationary period to:
      1. Review their probationary period
      2. Ensure that the induction programme has been completed (using the Induction & Probation Plan)

        Check they have completed their personal objectives for the Induction period which includes passing the professional refreshers, Integrity Matters and Fundamentals of Financial services.  Their probation period may be extended if the employee has not passed all of these.

    • Set their personal objectives* until the end of the appraisal year and add these to their Appraisal and Objectives screen in the HR portal (* employees need to complete the Professional Refreshers annually in line with the Staff CPD Scheme, which runs from 1 February until 31 January each year)
    • After the meeting you should complete the probation review form on the HR portal with your recommendation, this should be checked by the Director / Assistant Director before HR can authorise the passing of probation.

    Moving to a New Department

    A revised induction programme should be planned using the information above and must include:

    • Before the Employee moves department, complete and send a Staff Leaver / Mover / Joiner Form to IT so they can move the employee to different email groups and set up any new software etc required
    • A formal introduction to the new team, and the arrangements regarding days in the office;
    • Meeting with the new Department Director/Assistant Director.

    On the first day and during week one, you should meet with the employee to cover an overview of their new job role, objectives job description, overview of department structure and important items relevant to their job or department e.g. whether there are team meetings or one to one meetings and their frequency. Discuss any specific IT training that will be required.

    For employees returning from maternity leave – please see the maternity checklist 

     

     

     

     

     

     

  • Buddy Scheme Guidelines

    by HR HR | Aug 24, 2022

    A buddy scheme is where a colleague is selected to act as a guide to a new employee.

    The buddy system provides an informal contact point for all kinds of queries and is intended to assist the employee as they settle in to working at the Institute.

    The Role of the Buddy:

    The role of the Buddy is to support the new starter, offering advice and assistance. They should help the new starter feel welcome by making sure they meet other colleagues, find the location of key facilities, and support their settling into the Institute. They can also signpost the new starter to relevant employees when they have questions. They should also maintain ongoing regular contact, approximately biweekly, checking in with the employee.

    The new starter should feel able to approach the Buddy for support on their general induction, specific areas such as policies, and any general questions they have to help them adapt to their new role and CISI.

    The selection of a Buddy:

    When selecting a Buddy, the line manager should look for a Buddy who is:

    • Available
    • Approachable and friendly
    • Willingness to listen
    • Able to appreciate the challenges facing a new employee
    • Confidential and discreet  

    The Buddy is not meant to take the role of the line manager, who should also be providing support, but can be a valuable additional source of information or way of clarifying queries the new starter may have.

    The Buddy will normally be:

    For new employees who are not a member of the Executive Team or a Manager:  the preference is for the Buddy to be outside the team, unless not practical.

    For Managers or Head of Department: a Manager or Head of Department

    For a member of the Executive team: a member of the Executive Team

    The Buddy should not be the line manager of the new starter.

    Meetings / lunch

    The line manager will arrange for the New Starter to meet with their Buddy ideally on their first day of employment, either face to face or via teams.

    There is also a Buddy lunch usually during the employee’s first week, which is paid for by the Institute.  The cost can be claimed with a valid receipt, via the expenses system.

    The lunch can last up to 1½ hours. 

    The allowance for lunch is:

    • UK - up to £25 a head
    • Sri Lanka - up to Rs 5,000 for two people
    • International offices - please contact HR

  • Meeting other CISI Colleagues

    by HR HR | Aug 24, 2022

    These meetings may be phased over the first month of employment, and the manager should decide which are relevant and the priority depending on job level of the new employee and their interaction with other colleagues and teams. Priority meetings should take place in the first week.

    Wherever possible please arrange for the new starter(s) to see ET/ Department Managers (outside of your department) at the same time as other new people, which may mean delaying to co-ordinating diaries.

    Similarly, if you are asked to see a new starter, see if there are other new starters you can invite to the same meeting.

    If the new employee is not a member of the Executive Team or a Manager the following meetings should be arranged as part of their Induction Programme

    • Meeting with HR in their first week, for their HR Induction.
    • Meeting with IT on their first day for basic training on essential software and programmes
    • Meeting with Buddy (if appropriate – within first two days) and lunch with Buddy (within first week);
    • Meeting with the Chief Executive (within first week)
    • Meeting with their Assistant Director/ Director (within first week)
    • Meeting with Finance to learn about: - expenses claims, correct coding for invoices, and other relevant finance training, if this will be part of their job;
    • Meetings with any relevant colleagues, or managers who they will have daily contact with as part of their job and meetings with a representative of each department within CISI to learn what that department does. 

    If the new employee is a Manager the following meetings should be arranged as part of their Induction Programme 

    • The meetings listed above;
    • Meetings with relevant Executive Directors from other departments to gain an understanding of CISI's Products & Services, which are relevant to their job;
    • Meetings with any other relevant Heads of Departments, who they will have daily contact with (this may have been covered in the meetings with representatives of each department).

     If the new employee is a member of the Executive Team the following meetings MUST be arranged as part of their Induction Programme

    • The meetings listed above;
    • Meetings with all members of the Executive Team. 

  • Probation Procedure

    by HR HR | Aug 24, 2022

    As the employee’s Line Manager you are responsible for ensuring that the following Probationary Period Procedure is followed.

    • Contracts of Employment with the CISI are issued subject to the satisfactory completion of a probationary period (UK - usually three months or six months for senior jobs / Sri Lanka – 6 months). 
    • During the probationary period all aspects of the employee’s performance should be monitored.  There should be regular discussions regarding their progress.

    End of probation

    • You should meet with the employee before the end of their probationary period, for a formal End of Probation Review meeting. This is to ensure that the induction programme has been completed (see Induction Procedure) and to review the probationary period.
    • After the meeting you need to complete the form on the HR Portal with your recommendation and confirm you have discussed with their Director / Assistant Director for authorisation. When you submit the form it is sent to HR for approval.
    • A formal letter will be sent to the employee, by HR, confirming their appointment and informing them of the benefits they are now eligible to receive.  If relevant they will also receive a letter confirming their level of financial expenditure authority.

    Where there are concerns

    • If the employee is not performing their job at the required standard or you have any concerns regarding their performance, ability or their probation period, their Director and the Head of HR should be contacted before the meeting takes place, as this must be dealt with before the end of their probationary period.
    • The options are:

      -       their probationary period can be extended to allow the employee a longer trial period

      -       their appointment will not be confirmed and their employment will be terminated

      the form in the HR Portal should be completed giving the reasons for the decision

    • If the decision is to terminate the employee’s employment, there is a formal process to follow and a formal meeting should be held to inform the person.  They may be asked to work their notice period (usually one week). 
    • During the probationary period, the CISI’S full disciplinary policy will not apply. 

    Please note,the HR team are available to provide advice and support and should be kept informed at all stages of the probationary period. 

  • UK Induction Procedure

    by HR HR | Aug 24, 2022

    As the new employee's line manager, you have a key role to ensure your new team member has a productive introduction to the Institute.  Please use this information, which can be adapted, to produce an Induction programme, you can involve members of the team or the 'Buddy' to help you.  

    Prior to Employee Joining

    Complete the Staff Leaver / Mover / Joiner Form which goes to IT and Facilities, when you know that an employee will be joining, your team.   IT can then start setting up the required hardware and software.

    • Arrange the following:
    • ID card - An appointment with Facilities for the employee to get their CISI ID Card on their first day, and for their photo to be included in the Who’s Who section of the Intranet and the Staff Photo Board
    • Arrange an appointment with IT for the employee to collect their laptop on their first day.  They are also usually given a short introduction to CISI’s systems
    • Arrange an appointment with Facilities ideally for the employee’s first day.  This will cover the location of fire exits, evacuation point and procedures, lockers, stationery, health & safety and they can collect their ID card
    • Identify a 'Buddy' and agree with the person and their manager, that they will be the new employee's buddy.  Set up a meeting for the employee to meet their buddy on their first day (this can be online). Also arrange the buddy lunch for the employee’s first week. (See Annex B – Buddy Scheme Guidelines, and provide a copy of these guidelines to the buddy)
    • Send HR the name of the employee’s buddy
    • Book a desk for the new employee for their first day in the office
    • Arrange to be in the office to meet new employee on their first day (or for another member of the team to come in)
    • Send an email to Dataprotection@cisi.org to book the employee on to the next Data protection & Cyber Security briefing session for new staff,
    • See Annex A- Meeting Colleagues, and arrange the appropriate meetings eg with their Executive Director, the Chief Executive etc.  Wherever possible please arrange for the new starter(s) to see ET/ Department Managers (outside of your department) at the same time as other new people, which may mean co-ordinating diaries.   Similarly, if you are asked to see a new starter, see if there are other new starters you can invite to the same meeting. 
    • Review the job description and make any necessary amendments to ensure that it reflects the job and return this to HR;
    • Prepare an induction pack for the new employee to include:
      • Their Induction Programme
      • Job Description
      • An organisation chart (available from HR)
    • Order from Customer Support Centre a copy of the Fundamentals of Financial Services workbook (Level 2 Award) (unless not appropriate) 

    Day 1

    • Please welcome the new employee and introduce them to the team.
    • The pre-arranged meeting with IT should take place today for them to collect their laptop and headphones
    • The pre-arranged meeting with facilities should take place today to cover location of fire exits, evacuation procedures, lockers, stationery, health & safety and collect their ID card
    • The pre-arranged meeting with their Buddy should take place today (via teams if buddy is not in the office)
    • Introduce the new employee to all staff in the office during their first week (N.B. this is for the new employee to 'show their face' to staff rather than them to remember everyone). Please ensure that the employee is introduced to all the Executive Team over the first week.
    • Meet with employee to cover an overview of the induction process, their job role, overview of organisational structure, job description, buddy, and important items relevant to their job or department e.g. whether there are team meetings or one to one meetings and their frequency
    • Show them how to access the intranet.
    • HR will arrange to see the new employee for the HR induction meeting during the employees  first couple of days.
    • Start IT training: which may involve shared drives, outlook, e-days, overview of systems and Databases, and telephone training.  Discuss any specific IT training that will be required

    Week 1

    • Explain the operational priorities for the team, CISI’s objectives for the current year, and how these link to team objectives and their individual objectives.
    • Explain CISI’s mission statement, which can be found on the intranet, and its purpose which is: “To champion lifelong learning and integrity, raising individual standards of knowledge, skills and behaviour globally to enhance public trust and confidence in financial services.’
    • The pre-arranged meeting with the department Executive Director should take place this week
    • Agree initial Personal Objectives, which may focus on learning the job and put the objectives on the employee's Appraisal Form for the current year on the HR portal.
    • They will meet with the Chief Executive and other new employees who join around the same time, please contact the CEO’s EA to arrange the meeting.
    • Allocate time for the employee to look at Intranet and Website to learn about CISI’ s Services and products, and read the Employee Handbook and other CISI brochures
    • The ‘Buddy’ Lunch should ideally be held this week.
    • Continue training the employee on department relevant IT systems (continuous throughout Induction period)
    • Allocate half a day during the first week for the employee to take and pass Integrity Matters
    • Allocate half a day during the first week for the employee to take and pass Cyber Security: How to Keep You and the CISI Safe
    • A meeting with Finance should take place during this week, if relevant
    • Plan for the employee to take the Fundamentals of Financial Services (Level 2 Award) exam by the end of their induction programme. NOTE - New employees with less than five years relevant industry experience should pass the ‘Fundamentals of Financial Services’ to learn about the Financial Services Industry.  If you feel it is not appropriate, please inform their director and HR, during the first week of their employment.
    • Discuss the job description with the employee and return a signed copy to HR by the end of this week.

    Week 2

    Continue on the job training and meetings as set out in the Induction Programme

    Allocate three half days for the employee to take and pass:

    • The General Data Protection Regulation Professional Refresher
    • UK Bribery Act Professional Refresher
    • Diversity and Inclusion Professional Refresher

    Week 3 - 12

    • Week 4 – Mid Induction Review - At the end of the first month a meeting should be held to review the employee's induction to date.  The line manager should check how the employee is settling in and that the induction programme is on track, discussing any other assistance they need to help them settle into their new job.  They should check that the employee has passed the Professional refreshers and Integrity Matters.
    • Week 8 - 12 – on going review of Induction programme
    • If the employee requires authorisation to commit the CISI to financial expenditure, this should be discussed with HR.
    • If there are any concerns regarding the employee's performance the line manager should contact HR and their Director as early as possible 

    End of Induction / Probation Period

    • As you come to the end of the employee’s end of probation, please review their performance and values.  If you are happy to confirm the employee’s end of probation, please confirm with your line manager or ET member.
    • If you have any concerns regarding the employee's performance or their probation period, your Director and HR should be contacted immediately before the meeting takes place
    • You should meet with the employee before the end of the probationary period to:
      1. Review their probationary period
      2. Ensure that the induction programme has been completed (using the Induction & Probation Plan)

        Check they have completed their personal objectives for the Induction period which includes passing the professional refreshers, Integrity Matters and Fundamentals of Financial services.  Their probation period may be extended if the employee has not passed all of these.

    • Set their personal objectives* until the end of the appraisal year and add these to their Appraisal and Objectives screen in the HR portal (* employees need to complete the Professional Refreshers annually in line with the Staff CPD Scheme, which runs from 1 February until 31 January each year)
    • After the meeting you should complete the probation review form on the HR portal with your recommendation, this should be checked by the Director / Assistant Director before HR can authorise the passing of probation.

    Moving to a New Department

    A revised induction programme should be planned using the information above and must include:

    • Before the Employee moves department, complete and send a Staff Leaver / Mover / Joiner Form to IT so they can move the employee to different email groups and set up any new software etc required
    • A formal introduction to the new team, and the arrangements regarding days in the office;
    • Meeting with the new Department Director/Assistant Director.

    On the first day and during week one, you should meet with the employee to cover an overview of their new job role, objectives job description, overview of department structure and important items relevant to their job or department e.g. whether there are team meetings or one to one meetings and their frequency. Discuss any specific IT training that will be required.

    For employees returning from maternity leave – please see the maternity checklist 

     

  • Employment Security Policy & Procedure

    by HR HR | Aug 24, 2022

    Purpose

    The purpose of this policy is to set out the background checks which are undertaken on employees to give the Institute a level of assurance as to their trustworthiness when they join CISI on a contract or permanent contract of employment.

    Depending on the role the employee is undertaking, the CISI operates a two-tier Pre-Employment Security policy:

    • Standard Pre-Employment Checks
    • Enhanced Pre-Employment Security Checks

    All employees will be subject to the standard pre-employment checks and, if the role requires it, enhanced pre-employment security checks will also be undertaken. 

    Risk Management

    Managers must also employ a risk management approach, ensuring that security controls are in place to reduce the risk of damage, loss, or compromise of the integrity and reputation of CISI.   The Department Director should be informed of any breaches or threats to this.

    They should also ensure that employees are aware of the confidential nature of some of the information to which they may have access, and that they are required to bring to the attention of their line manager any incidents that might be considered a threat to the security and confidentiality of such information.  This includes but is not limited to personal and professional relationships with third parties, conflicts of interest and situations where undue influence could arguably be brought to bear.

    Standard Pre-Employment Checks

    The following standard pre-employment checks are undertaken for all staff:

    • Employment references to cover previous two roles (this may be extended if the previous two roles do not cover up to 5 years employment).
    • If this is the employee’s first or second job and / or they have been studying, volunteering, or not working (during the past 5 years) character and academic references can be provided.
    • ID check (ideally passport or ID card, as this is also required to check the person can work in the Country, or birth certificate with a further document to verify they have the right to work in the Country)
    • Verification of address(s) (e.g. original utility bill, credit card bill showing their address, not more than three months old)
    • Where relevant: membership of a professional bodies and academic qualifications
    • Completion of the Conviction Declaration Form
    • Completion of the Social Media Declaration (See Appendix 1).   This is referred to in the UK contract of employment, relevant letter in other countries, and sent to all employees (and relevant Consultants) to sign before they join CISI
    • Satisfactory Medical Report (where a third-party provider is available to provide this service, UK Only)

    Enhanced Pre-Employment Checks

    • These are in addition to the above standard pre-employment checks. Employees who fall under one or more of the following three categories will be subject to an enhanced check: Employees that are granted ‘access all areas’, senior employees that must be seen as above reproach and/or employees that hold legal accountability at CISI.  Employees in these categories have the potential to affect the integrity and reputation of CISI. This group will include, but is not limited to staff in the following posts:
    • All members of the Executive Team
    • Country Heads (overseas offices)
    • HR department
    • Finance employees with unrestricted access to process payments
    • IT employees
    • Website development Manager  

    In addition to the standard pre-employment checks, an enhanced pre-employment security check will also include:

    • A Credit Check: which in the  
      • UK – credit report which will include checking for County Court Judgements
      • Sri Lanka - Credit information Bureau of Sri Lanka ‘CRIB’ report
      • or where available a local Government credit report
    • Police Report:
      • UK - DBS
      • Sri Lanka - Police report (English Translation) and Gramasevaka Certificate – reference (English Translation)
      • Or local police report
    • Extended reference requirements covering more than 5 years of employment history if applicable to the role.
    • HR will conduct a search of the social media pages in addition to the Social Media Declaration.

    Unsatisfactory Security Reports

    Prospective employees are informed that references and security checking will be undertaken and must be satisfactory in the Institute’s opinion, or they may not be employed, or their employment may be terminated.

    A commonsense approach will be taken on the receipt of the checks / report, with where necessary the Director of Finance & HR making a final decision, or Chief Executive for Senior roles.

    Prospective employees are not eligible to appeal against the Institute’s decision to not employ them due to the results of the security checking.  However, they may, if they feel they have received an unfair reference from a previous employer, be able to challenge this through legal avenues with their previous employer.

    Current Employees

    Promotion / Moving to a new role

    If an employee is offered a promotion or moved to a role which requires an enhanced security check, they must agree to all of the enhanced checks before the position can be confirmed.

    Ongoing Security Management

    As the pre-employment checks only provide a snapshot of an individual record at a particular time, for good practice, employees that are subject to enhanced security checks, will have these repeated every five years, including re-signing the social media declaration.  Employees are required to complete the required documents within three weeks of receiving the request.

    Issues which arise when employees are asked to complete a check or with the report CISI receives will be dealt with individually with the employee.  In extreme cases this may involve the employee moving to a less sensitive role, or where redeployment is not possible leaving the Institute.

     

     

  • Employment of Relatives

    by HR HR | Aug 24, 2022

    The Institute in principle has no objection to the employment of relatives or where employees are in a relationship.  However this should be avoided in manager/ subordinate, or Head of Department / team member situations. The employment of relatives is subject to agreement of the Chief Executive Officer.

  • Internal Vacancies

    by HR HR | Aug 24, 2022

    The Institute may advertise vacancies internally to encourage existing employees to apply, and may also or exclusively place the advert externally.

    The Institute would usually expect an employee to have served a minimum of 1 year in a post before being considered for an internal vacancy.  If you have been in your current role for less a year, you will need your Director’s sign off before your application is accepted.

    To apply for a vacancy, an employee should submit an application to the HR, together with a copy of their most recent appraisal and inform their manager of their application.  

  • References from the Institute

    by HR HR | Aug 24, 2022

    The Institute does not issue open references or testimonials to employees who leave but provides information on a confidential basis to prospective employers at their request, unless you have specifically withdrawn your authorisation for this purpose, in writing, on leaving employment. 

    Only HR and Directors should provide authorised references on the Institute's behalf.  Any other member of staff who is asked to provide a reference should make it clear to the recipient that their reference is given on a personal basis and not on behalf of the Institute.

     

  • Chinese Walls Policy

    by HR HR | Aug 17, 2022

    This policy covers the steps taken by the Chartered Institute for Securities & Investment and its subsidiary companies to manage potential conflicts of interest arising from its examining and training operations. The aim of the Policy is to protect the integrity of the Institute’s examinations.

    1. The Institute has implemented a number of structural and procedural measures to establish proper division of duties between examinations and training activities.

       

    2. Barriers to the flow of confidential examination information have been established between all relevant department functions.  Information technology security has been enhanced to ensure data security and integrity.

       

    3. Procedures and working practices are communicated to new staff and Invigilators during induction. Procedures are communicated in the form of written guidance notes and line management/Executive Director supervision.

       

    4. Confidentiality agreements have been established for all staff, Invigilators and exam practitioner working groups.

       

    5. Exam question papers are transmitted to the printer/distributor by secure means. Exam question papers are delivered from the printers in sealed packages either direct to exam venues or to the Institute. The printer/distributor contracted to undertake this work has signed a confidentiality agreement.

       

    6. The exam delivery and course delivery functions are managed and directed under the control of separate Executive Directors.

       

    7. Secure areas have been designated for authorised Exams dept. staff under restricted card-key access.

       

    8. No information regarding exam paper content is communicated to unauthorised personnel. No examination paper is sent by external e-mail, with the exception of password-restricted e-mails, which are sent to the printer/distributor.  Any examination paper sent to a Senior or Chief Examiner is sent by secure means

       

    9. A physically separate secure storage area has been assigned for all confidential exam documentation.

       

    10. Information technology systems have restricted access controls to prevent unauthorised access to exam data. Passwords are changed frequently.

       

    11. Exam question papers that are returned from venues in sealed packages are received directly by the Exams dept. staff and are either immediately shredded in confidential waste bins or locked in the secure exams area, pending secure disposal.

       

    12. Exams dept. staff are not permitted to access all exam question banks. Exams department managers have access to only part of the question bank that they compile the exam for.  

       

    13. The procedures within this policy and their effectiveness are reviewed by the Executive Directors.

  • Data Protection - Personal Data

    by HR HR | Aug 17, 2022

    All information of a personal nature held on your personal file is confidential and will only be processed in accordance with the the General Data Protection Regulation (“GDPR”) and the Data Protection Act 2018 (“DPA”), and any successor legislation to the GDPR or the DPA.

    You may see the information held on your file, with the exception of information provided on a confidential and privileged basis, for example, employment references.

    Requests to see your personal file should be made to HR in the first instance.

    For more information on what the CISI collects on you please refer to the Employee Privacy Policy.

  • Security of Documents

    by HR HR | Aug 17, 2022

    Desks should be cleared of all sensitive information each evening.

    In addition, all outstanding work, and especially any important / irreplaceable documents, should be locked away at the end of each working day.

    All employees should ensure that papers are not left in meeting rooms after meetings.

    Non-confidential papers to be destroyed should be torn up before putting them into a wastepaper basket.  All confidential papers should be shredded.

    Employees shall, upon termination of employment, deliver to the Institute all documents, papers and other property belonging to the Institute or its Members, which may be in their possession, or under their control, and shall not retain any copies thereof, unless the written consent of an Executive Director or the HR Department has been obtained.

    Please also refer to the Acceptable use policy.

  • Acceptable Use Policy

    by HR HR | Aug 17, 2022

    1.1          Introduction

    1.1               This Acceptable Use Policy (AUP) for IT Systems is designed to protect CISI, our employees, customers and other partners from harm caused by the misuse of our IT systems and our data. Misuse includes both deliberate and inadvertent actions.

    The repercussions of misuse of our systems can be severe. Potential damage includes, but is not limited to, malware infection (eg, computer viruses), legal and financial penalties for data leakage, and lost productivity resulting from network downtime.

    Everyone who works at CISI is responsible for the security of our IT systems and the data on them. As such, all employees must ensure they adhere to the guidelines in this policy at all times.  Should any employee be unclear on the policy or how it impacts their role they should speak to their manager or the Head of IT.
    This policy has been reviewed and updated in 2018 ahead of the EU General Data Protection Regulation (GDPR) coming into force.

    1.2          Definitions Used

    Users - Everyone who has access to any of CISI’s IT systems. This includes permanent employees and also temporary employees, contractors, agencies, consultants, suppliers, customers and business partners.

    Systems - All IT equipment that connects to the corporate network or accesses corporate applications. This includes, but is not limited to, desktop computers, laptops, smartphones, tablets, printers, data and voice networks, networked devices, software, electronically-stored data, portable data storage devices, third party networking services, telephone handsets, video conferencing systems, and all other similar items commonly understood to be covered by this term.

    CISI computers - All CISI-built desktop PCs and laptops. It does not include CISI-owned Apple devices, such as iPhones or iPads.

    Work time - Employee working hours as per contract of employment or any formal change agreed with CISI.

    1.3          Scope

    This is a universal policy that applies to all Users and all Systems. For some Users and/or some Systems where a more specific policy exists: in such cases the more specific policy has precedence in areas where they conflict, but otherwise both policies apply on all other points.

    This policy covers only internal use of CISI’s systems, and does not cover use of our products or services by customers or other third parties.

    Some aspects of this policy affect areas governed by local legislation in certain countries (eg, employee privacy laws): in such cases, the need for local legal compliance has clear precedence over this policy within the bounds of that jurisdiction. In such cases local teams should develop and issue users with a clarification of how the policy applies locally.

    Staff members at CISI who monitor and enforce compliance with this policy are responsible for ensuring that they remain compliant with relevant local legislation at all times.

    2.0          Computer Access Control – Individual’s Responsibility

    2.1          Access to the CISI IT systems is controlled by the use of User IDs, passwords and/or tokens. All User IDs and passwords are to be uniquely assigned to named individuals when joining and consequently, individuals are accountable for all actions on CISI IT systems.

    Individuals must not:

    • Allow anyone else to use their username and password on any CISI IT system.
    • Leave their user accounts logged in at an unattended and unlocked computer.
    • Use someone else’s username and password to access CISI’s IT systems.
    • Leave their password unprotected (for example writing it down).
    • Perform any unauthorised changes to CISI’s IT systems or information.
    • Attempt to access data that they are not authorised to use or access.
    • Exceed the limits of their authorisation or specific business need to interrogate the system or data.
    • Physically connect any non-CISI authorised device to the CISI network or IT systems.
    • Store CISI data on any non-authorised CISI equipment.
    • Give or transfer CISI data or software to any person or organisation outside CISI without the authority of CISI.

    2.2          Line managers must ensure that individuals are given clear direction on the extent and limits of their authority with regard to IT systems and data. Please see Appendix A for further details.

    3.0          Password Strength Policy

    3.1          All CISI domain user accounts will require the use of ‘strong’ passwords to ensure the security and integrity of the CISI network.

    3.2          The password policy is set as a rule within Active Directory and requires all passwords to comply with the following requirements:

    • Must be at least 8 characters long
    • Contain at least 1 uppercase character
    • Contain at least 1 numeric
    • Contain at least 1 symbol, i.e. £ or $

    3.3          If not already in place, users will be prompted to strengthen their passwords when their existing password expires.

    4.0          Internet and email Conditions of Use

    4.1          Use of CISI’s internet and email is intended for business use. Personal use of the internet is

    permitted where such use does not affect the individual’s business performance, is not detrimental to CISI in any way, is not in breach of any term and condition of employment and does not place the individual or CISI in breach of statutory or other legal obligations. No personal web mail sites may be accessed via a standard CISI networked device. However, personal email may still be accessed on a personal device via the CISI WiFi outside of work time. All individuals are accountable for their actions on the internet and email systems.

    Individuals must not:

    • Use the internet or email for the purposes of harassment or abuse.
    • Use profanity, obscenities, or derogatory remarks in communications.
    • Access, download, send or receive any data (including images), which CISI considers offensive in any way, including sexually explicit, discriminatory, defamatory or libellous material.
    • Use the internet or email to make personal gains or conduct a personal business.
    • Use the internet or email to access betting sites.
    • Use the email systems in a way that could affect its reliability or effectiveness, for example distributing chain letters or spam.
    • Place any information on the Internet that relates to CISI, alter any information about it, or express any opinion about CISI, unless they are specifically authorised to do this.
    • Send unprotected, commercially sensitive or confidential information to an external email address. Even if the data has been password protected the target email addresses still need to be verified as legitimate.
    • Make unauthorised official commitments through the internet or email on behalf of CISI.
    • Download copyrighted material such as music media (MP3) files, film and video files (not an exhaustive list) without appropriate approval.
    • In any way infringe any copyright, database rights, trademarks or other intellectual property.
    • Download any software from the internet without prior approval of the IT Department.
    • Connect CISI devices to the internet using non-standard connections.

    Please see Appendix A for further details.

    5.0          Social Media Sites

    5.1          The CISI has a number of cyber security measures in place to help protect our systems from malicious external attacks, including antivirus software and firewall protection. Our antivirus software also provides an additional layer of security on all web browser activity without compromising the legitimate use of the internet.

    5.2              Social media sites should not be accessed during work time, unless your manager has authorised you to use them for business use.

    5.3              Under no circumstances should commercially sensitive information regarding the CISI be disclosed on personal and social media sites.

    5.4              Please remember you are personally responsible for the content you publish on social media sites and you need to be mindful that messages will be public for many years. What you find funny, may look different to others and seem inappropriate in the future. If you feel even slightly uneasy about something you are about to write, then chances are you should not do it. If inappropriate content is found to have come from CISI machines, further action will be taken.

    5.5          Our web filtering tool details the category of sites a user is able to access and a list of blocked categories. Blocked categories include using personal webmail accounts such as Hotmail, Gmail and Yahoo on CISI PCs.

    6.0          Clear Desk and Clear Screen Policy

    6.1          In order to reduce the risk of unauthorised access or loss of information, CISI enforces a clear desk and screen policy as follows:

    • Computers must be logged off/locked or protected with a screen locking mechanism controlled by a password when unattended.
    • Care must be taken to not leave confidential material on printers or photocopiers and employees should ensure papers are not left in meeting rooms after meetings.
    • All business-related printed matter must be disposed of using confidential waste bins or shredders.
    • All outstanding work, and especially any sensitive/irreplaceable documents, should be locked away at the end of each working day.

    7.0          Working Offsite

    7.1          It is accepted that laptops and mobile devices will be taken offsite. The following controls must be applied:

    • Equipment and media taken offsite must not be left unattended in public places and not left in sight in a car.
    • Laptops must be carried as hand luggage when travelling.
    • Information should be protected against loss or compromise when working remotely (for example at home or in public places). Laptop encryption must be used.
    • Particular care should be taken with the use of mobile devices such as laptops, mobile phones, smartphones and tablets. They must be protected at least by a password or a PIN and, where available, encryption.

    7.2          The Institute encourages and supports staff in maintaining an optimal work-life balance.

    Many staff have laptops and/or company provided software for their home computers which allow them to continue to work out of the office or at home.  However, it is not expected staff should work anymore, or any fewer, than their contracted and core hours.  Staff are also not expected to work whilst on holiday, and any non-business-related data or call fees incurred on company devices whilst on holiday may be charged back to the member of staff.

    8.0          Mobile Storage Devices

    8.1          Mobile devices such as memory sticks, CDs, DVDs and removable hard drives must be used only in situations when network connectivity is unavailable or there is no other secure method of transferring data. Only certain CISI staff who have registered with IT have access to USB ports on their Desktop PCs. All other users’ USB ports have been locked down and cannot be used for transferring data to mobile storage devices such as memory sticks and CDs.

    8.2          Data transported on mobile storage devices should be encrypted using a password.

    9.0          Software

    9.1          Employees must use only authorised software on CISI computers. Authorised software must be used in accordance with the software supplier's licensing agreements. All software on CISI computers must be approved and installed by the CISI IT department.

    Individuals must not:

    • Store personal files such as music, video, photographs or games on CISI computers.
    • Download unauthorised 3rd party software.

    10.0        Viruses

    10.1       The IT department has implemented centralised, automated virus detection and virus software updates within the CISI network. All CISI PCs and laptops have antivirus software installed to detect and remove any virus automatically.

    Individuals must not:

    • Remove or disable anti-virus software.
    • Attempt to remove virus-infected files or clean up an infection, other than by the use of approved CISI anti-virus software and procedures.

    11.0        Telephony (Voice) Equipment Conditions of Use

    11.1        Use of CISI voice equipment is intended for business use. Individuals should keep to a minimum the use of CISI’s voice facilities for sending or receiving private communications on personal matters. All non-urgent personal communications should be made at an individual’s own expense using alternative means of communications.

    Individuals must not:

    • Use CISI’s voice for conducting private business.
    • Make hoax or threatening calls to internal or external destinations.
    • Accept reverse charge calls from domestic or international operators, unless it is for business use.

    12.0        Smart and Mobile phone usage

    12.1        Individuals supplied with company mobile phones must abide by the following:

    • These devices remain the property of the Institute and this IT policy governing the use of applications and the internet still applies. These devices must be password protected at all times.
    • The individual should take care of the Smart or Mobile phone, and return it to the Institute in the condition in which it was issued (save normal wear and tear).  If it is lost or broken due to gross negligence, the member of staff may be asked to make a contribution towards its replacement.
    • An individual with a Smart or Mobile phone is neither expected, nor under any obligation, to initiate, read or respond to any message or email received on their device, outside the hours of 08:00 to 18:00 Monday to Friday (UK times or the equivalent if on business overseas).    
    • An individual is free to choose to operate their device outside these hours but that is their choice and not a requirement.
    • The Institute will only pay for the data bolt-on, when a member of staff is travelling aboard on business and you must ensure you inform the Operations Director when the trip is being planned.

    12.2        Company mobile phones may be used for personal use on condition:

    • The majority of the calls are made for business use.
    • They are not used as a mechanism for payment from the contract, i.e. texting donations, entering competitions, etc.
    • Usage thresholds are not breached. These are regularly monitored.

    13.0        Actions upon Termination of Contract

    13.1       All CISI equipment and data, for example laptops and mobile devices including telephones, smartphones, USB memory devices and CDs/DVDs, must be returned to CISI at termination of contract. This also applies to documents, papers and any other CISI property.

    13.2       All CISI data or intellectual property developed or gained during the period of employment remains the property of CISI and must not be retained beyond termination or reused for any other purpose.

    14.0        Monitoring and Filtering

    14.1       All data that is created and stored on CISI computers and CISI owned digital devices is the property. Wherever possible, CISI will avoid opening emails which appear to be of a personal nature and will need to seek authorisation from HR or the Chief Executive Officer in order to do so.

    14.2       IT system monitoring will take place where appropriate, and investigations will be commenced where reasonable suspicion exists of a breach of this or any other policy. CISI has the right (under certain conditions) to monitor activity on its systems, including internet and email use, in order to ensure systems security and effective operation, and to protect against misuse.

    14.3       Any monitoring will be carried out in accordance with audited, controlled internal processes, the GDPR, the UK Data Protection Act 1998 (as amended for the GDPR), the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice Interception of Communications) Regulations 2000.

    14.4        This policy must be read in conjunction with:

    • Computer Misuse Act 1990
    • Data Protection Act 1998
    • EU General Data Protection Regulation

    15.0       Responsibilities

    15.1       It is your responsibility to report suspected breaches of security policy without delay to your line management, the IT department or via the IT Help Desk.

    15.2       All breaches of information security policies will be investigated. Where investigations reveal misconduct, disciplinary action may follow in line with CISI disciplinary procedures.

    16.0       Enforcement

    16.1       CISI will not tolerate any misuse of its systems and will discipline anyone found to have contravened the policy, including not exercising reasonable judgment regarding acceptable us.

    16.2       While each situation will be judged on a case-by-case basis, employees should be aware that consequences may include the termination of their employment.

    16.3       Use of any of CISI’s resources for any illegal activity will usually be grounds for summary dismissal, and CISI will not hesitate to cooperate with any criminal investigation and prosecution that may result from such activity.

    Document Owner and Approval

    The Data Protection Officer (DPO) is the owner of this document and is responsible for ensuring that the policy is reviewed in line with the requirements stated above, and at least annually.

    Change History Record

    Issue Description of Change Approval Date of Issue
    1 Initial draft Brian Cave 17 Jan 2018
    2 Second draft John Preston 1 Mar 2018
    3 Final John Preston 1 May 2018
        
        

     

    Appendix A – Device Usage Summary

    Below is a grid summarising what is acceptable in terms of use by device type:

    Device Type Use for company Email? Use for personal email? Internet
    Access?     		Password protected? Emailing personal data externally?
    Personal digital devices, i.e. smart phones, laptops, tablets
          		*Only Outlook Web App (webmail) Yes Yes Recommended No
    CISI Desktop PCs
          		Yes No Yes Yes – policy governed No – unless data is password protected and/or encrypted and the external email address has been verified
    CISI Laptops
     
          		Yes No Yes Yes – policy governed No – unless data is password protected and/or encrypted and the external email address has been verified
    CISI Apple devices, i.e. iPhones, iPads, etc Yes Yes Yes Yes – minimum 4 digit passcode No – unless data is password protected and/or encrypted and the external email address has been verified
    CISI Smart phones
          		Yes Yes Yes Yes - minimum 4 digit passcode No – unless data is password protected and/or encrypted and the external email address has been verified

     

    *The CISI email account may be set up on those personal smart phones where the owner has sought authorisation from their line manager/IT and they have agreed to password protect their device. If the device is subsequently lost or stolen CISI has the right to remotely wipe the data from the device.