Acceptable Use Policy


This Acceptable Use Policy is not intended to impose restrictions contrary to our established culture of openness, trust and integrity, but rather to enable you to work in a safe, secure way.

The purpose of this policy is to outline the acceptable use of our systems (which includes laptops, software, email etc) which are primarily for business purposes. Inappropriate use of these systems has the potential to expose Redgate, you and your colleagues to risks including malware attacks, compromise of network systems and services, and legal issues.

These rules are in place to protect our customers, our business, and you as individuals.


This policy applies to all Redgaters, contractors, suppliers and third-party entities that have access to Redgate’s information systems and data.


General principles

  • Only use devices provided by Redgate, or devices you are responsible for (ref: BYOD Policy), to access Redgate information and systems
  • Only use Redgate approved accounts for accessing systems
  • Refer to IT Operations for a preferred list of software, systems and services that can be used at Redgate for accessing or processing (including storing) Redgate information
    • Check with IT Operations before you sign up for new services
  • Use long, strong/complex and unique passwords for all accounts and services in keeping with our Password Policy
  • Use multi-factor authentication for all accounts that offer it
  • Do not share your work devices with friends or family
  • Do not share your Redgate credentials with anyone (including Redgate staff)
  • Do not commit crimes (or enable others to commit crimes) with your work device/s
  • Don’t conduct any monitoring or surveillance you’ve not been authorised to do
  • Don’t do any penetration or vulnerability testing that you’ve not been authorised to do by IT Operations
  • Don’t harm Redgate by deleting, destroying or sharing Redgate information inappropriately (ref: Information Classification Policy)
  • Only store information on/in systems that have been approved by the Software Asset Management Team

If you notice a security risk, security weakness or other issue, please contact █████ as soon as possible, even if you think the issue might not be important.

Device security

  • All Redgate end user devices must have a password and screen lock enabled
  • Apply all security patches and updates at your earliest convenience
  • Unattended devices must be locked until you return
  • Look after your kit and keep it safe and secure
  • If you believe your device has been lost, stolen, or otherwise compromised, please contact IT Operations immediately
  • Do not tamper with, attempt to remove, or otherwise alter firewalls, device management software, or other security controls
  • Any personal devices used for work purposes must comply with our BYOD Policy
  • You are responsible for updating any software that you have installed on your device

Accessing and handling data

Customer and/or Personal Data (as defined by the GDPR), may only be stored on company supplied/approved equipment or services. If you use your own equipment to access Redgate information, please do so in accordance with the BYOD Policy. Minimise the amount and duration of information stored locally.

Removable media (e.g. USB drives) should not be used unless absolutely necessary. If used, removable media must be encrypted for anything not classified as Public information.

Don’t access or store any data that you don’t have a business need for, especially Personal Data, and take special care when accessing or transferring any Personal Data, regardless of source.

Refer to and abide by our Information Classification Policy.

Personal use of Redgate devices

Our devices are for Redgate business. You may use your Redgate device to access personal accounts or services so long as it does not conflict with or affect your work.

You should not conduct work for another business on Redgate devices without authorisation from IT Operations.

In line with our Company values, you may not access or download anything that might be considered offensive, inappropriate or illegal.

Logging and monitoring

Employees should understand that activity on devices may be monitored (eg for security or audit purposes) and that access to certain websites may be blocked.

Communications via company-provided services may be logged or archived for auditing or compliance reasons.

Policy compliance

Use of Redgate owned technology and systems must be in keeping with our Information Security-related Policies. Failure to do so may result in disciplinary action.