IT Acceptable Use Policy

3. Key Requirements – IT Acceptable Use

Use of IT Devices and Systems

The Bank provides Colleagues with IT devices and access to IT systems for business purposes. The Bank will monitor the use of and access to its systems, including personal use and internet access. This includes the use of Bank email and messaging platforms. Some personal use is acceptable.

Monitoring and Privacy

All Bank electronic documentation and communication, including deleted messages and documents, are subject to the Freedom of Information Act 2000 and the Investigatory Powers Act 2016 and the Investigatory Powers (Interception by Businesses etc. for Monitoring and Record-keeping Purposes) Regulations 2018. The Bank will monitor the use of its systems for legitimate purposes and that any monitoring will be necessary and proportionate (i.e. conducted in line with UK GDPR and the 2018 regulations).

Colleague Behaviour Principles

All Colleagues are expected to use the Bank’s IT systems and devices in a responsible, lawful, and security minded manner. These principles support the confidentiality, integrity, and availability of our information and services, and ensure we operate within our legal, regulatory, and policy obligations.

Do's relating to Colleague Behaviour Principles:

• Act responsibly: Use Bank systems in a professional, respectful, and ethical way, ensuring your actions support the Bank’s mission and values.
• Protect information: Handle all Bank data with care, following the Bank’s Information Classification, Data Protection, and Security standards.
• Exercise vigilance: Stay alert to suspicious activity, potential cyber risks, or unusual system behaviour, and report concerns promptly.
• Use systems as intended: Follow Bank policies, standards, and guidance when accessing, sharing, or storing information.
• Report any issues or incidents right away to the IT Service Desk Portal

Don’ts relating to Colleague Behaviour Principles:

• Engage in improper use: Do not use Bank systems for discriminatory, harassing, defamatory, or otherwise inappropriate behaviour.
• Take unnecessary risks: Avoid actions that could compromise systems, data, or devices, including bypassing controls, ignoring warnings, or using unapproved tools or services.
• Misrepresent yourself or the Bank: Do not use IT systems to express personal views in a way that could be interpreted as official Bank communication.

These principles apply at all times when using Bank-provided systems, devices, or services, and underpin all other requirements in this policy.

3.1 Physical Devices (Laptops, Phones, and portable computer equipment)

Colleagues are responsible for the physical security of Bank assets assigned to them. Loss, theft, or damage must be reported promptly and in line with the Bank’s policies and procedures. Line Managers have a responsibility to ensure that equipment is provisioned and returned in line with Joiners, Movers and Leavers process.

3.2 Protecting Systems and Data

Colleagues are expected to take all reasonable steps to protect the confidentiality, availability, and integrity of our systems and data. This includes the following behaviours:

Do's relating to Protecting Systems and Data:

• Keep Authentication Data Confidential: Keep passwords, tokens, PINs, and other authentication data confidential. Ensure they meet our requirements as defined in the Access and Authentication standard. These do not imply any right of privacy; they prevent unauthorised access.
• Lock Your Screen: Lock your screen when your device is unattended.
• Manage Encryption Keys: Ensure the right people have access to encryption keys, shared secrets, or password for encrypted documents. Make sure access will continue if you leave the Bank.
• Support IT Maintenance: Support the IT Service Desk by responding to reboot requests and reporting unusual activity promptly.

Don’ts relating to Protecting Systems and Data:

• Use unauthorised devices: Do not access or attempt to access the Bank’s systems or data using an unauthorised device.
• Unauthorised Access: Do not access Bank systems without authorisation from the system owner.
• Make Insecure Data Transfers: Do not transfer the Bank’s data to unauthorised personnel or systems.

3.3 Reporting Issues and Making Requests

Do's relating to Reporting Issues and Making Requests:

• Use the IT Service Desk Portal to report Issues or Incidents or to make Requests. 
• Follow up with a request via the portal after verbally requesting something from IT.

3.4 Use of Software

Software and Application Requests:

• Approved Requests Only: All software, whether provided as a service via the Internet or Cloud, or whether installed on a Bank device, must not be used or deployed without an approved request. Unauthorised use increases the risk of Cyber Security and Information Governance incidents and leads to inefficient use of Bank resources.
• Centralised Approval: ITO and C&I will review and approve software requests as appropriate so that our strategy and standards are adhered to and that exceptions are granted within our risk appetite. We aim to balance tailoring services to our needs while avoiding duplication and minimising the number of applications in use across the Bank.

Software Installed on Bank Devices

• Legally Acquired Software: The Bank will provide all necessary software that is legally acquired and licensed. Backup copies of this software are made according to licensing agreements and Bank policies. Using software from any other source is strictly prohibited.
• Software Checks: To protect its reputation and investment in software, the Bank may perform periodic assessments of software use, announced and unannounced audits of Bank computers, and the removal of any software found on Bank property without a valid license.

Do's relating to Software Installed on Bank Devices:

• Use Bank-Supplied Software and Services: Only use the software and services provided by the Bank.
• Request Software or Services: If you need software or services for your work, submit a request to the IT Service Desk Portal .
• Document Requirements: Before requesting new software or applications, you must document their requirements. You can suggest specific software that meets these requirements and explain how it will fulfil them.
• Request Additional Copies: If you need a copy of software for two Bank devices, submit a request to the IT Service Desk. Approval will be granted if the software license agreement allows it and there are valid business reasons.
• Comply with Laws and Regulations: Ensure your use of software and cloud services complies with all applicable laws and regulations regarding personally identifiable information, corporate financial data, or any other data owned or collected by the Bank.
• Use Software for Business Purposes: Use the Bank’s software assets for business purposes only.

Don’ts relating to Software Installed on Bank Devices:

• Install Unauthorised Software: Do not install any software on your Bank devices.
• Duplicate Software or Licences: Do not make any copies of software or software licences. Unauthorised duplication is illegal and against Bank standards. Breaching this policy may lead to disciplinary action, including dismissal.
• Open Third-Party Service Accounts: Do not open third-party service accounts or enter into cloud service contracts for Bank-related communications or data.
• Use Personal Cloud Accounts: Do not use personal cloud service accounts for Bank communications or data.
• Share Log-In Credentials: Do not share your log-in credentials with anyone.
• Agree to Unapproved Terms of Service: Do not use cloud services that require agreeing to terms of service without review and approval from the IT Service Desk, ensuring alignment with IT Outsourcing Standards.
• Pay for Software Personally: Do not pay for software as a service (SaaS) or other applications personally and claim expenses. All purchases must be made in line with our Procurement policy.

3.5 Internet Access and Personal Use of Bank Devices and Network

Internet Access

The Bank provides you with access to the internet by setting up an account and providing log in details. The Bank will block access to sites that fall within categories deemed inappropriate. Exceptions will be agreed with HR, and if appropriate Colleague Forum.

Appropriate Use Monitoring:

The Bank may monitor both the amount of time spent using online services and the sites visited by Bank Colleagues and may limit or revoke access if necessary.

Personal Use

When using the Bank’s IT systems and devices for personal purposes, you do so at your own risk. The Bank will not be responsible for any loss of information, damages, or liability resulting from personal use, including any corruption or misuse of emailed content. Access to the internet for personal use is allowed, provided your use is reasonable and acceptable, and you follow the principles below.

Do's relating to Personal Use:

• Be vigilant: Watch out for malicious files or code when downloading any files or attachments.
• Use the internet responsibly: Ensure your usage is for business-related purposes.
• Limit Personal Use: Keep your use of the Bank’s internet connectivity, personal webmail and cloud accounts to a reasonable level that does not disrupt your work.
• Limit tethering and mobile data use: Use the Bank’s mobile data responsibly. It should primarily be used when traveling or working away from home and the office, and only for work-related purposes.
• Use Guest Wi-Fi: If needed, use ‘Guest Wi-Fi’ from personal devices, following the principles established in this policy.
• Seek Guidance: Consult your line manager for guidance on acceptable use.

Don’t's relating to Personal Use:

• Use Personal Accounts for Bank Business: Do not use personal webmail or cloud accounts for Bank business unless you have prior written authorisation from the Chief Operating Officer (COO).
• Interfere with Work: Do not allow personal internet use to interfere with any Bank Colleague’s duties.
• Violate Data Protection or Privacy: Always handle personal data in line with the Data Protection Policy and related standards, this includes not uploading Bank information to personal webmail or cloud accounts. Do not download personal data of third parties to your laptop. Third party data should be kept in Bank systems, for example CVs should remain within our recruitment system (currently PinPoint). 
• Copy or share copyrighted materials: Only do so with the author’s written permission or if accessing a single copy for your own reference.
• Use your work email like a personal account: Only use it to support your duties.
• Interfere with the Bank network: Avoid actions like spreading computer viruses or generating high-volume network traffic that hinders others.
• Engage in illegal activities: Do not use the internet for illegal purposes or personal gain.
• Violate Bank policies: Always act in the best interests of the Bank when using our systems.
• Disclose confidential information: Keep the Bank’s and third parties’ information private.
• Use Bank assets as personal devices: Do not import personal documents, photographs, pornography, or illegal material onto the Bank’s systems or devices.

3.6 Social Media

Access to social media sites is allowed where there is a business need.

Do's relating to Social Media:

• Request Access: Use the IT Service Desk Portal to request access to social media.

Don’ts relating to Social Media:

• Disclose Sensitive Information: Do not share sensitive or potentially sensitive material, intellectual property, or similar content on social media.
  Use Unapproved Platforms: Avoid using social media or messaging applications not provided by the Bank for work-related purposes on either Bank-issued or personal devices. This usage may be subject to Freedom of Information requests, Data Subject Access Requests, or other legal, regulatory, or internal investigations.

For further guidance on appropriate use of social media, refer to the Bank’s Social Media Standards

3.7 Email Use

Email is an important business communication tool. Use it responsibly, professionally, effectively, and lawfully.

Key Points relating to Email Use:

• Legal Risks: Emails are subject to the same laws as other written communications and may need to be disclosed in investigations, litigation and Freedom of Information requests.
• Monitoring: The Bank may monitor email communication. All Bank emails, including deleted ones, are archived subject to our retention policies and remain the Bank’s property.

Do's relating to Email Use:

• Indicate Information Classification: Clearly mark and respect the information classification on emails. See the Bank’s Information Classification and Handling Standard.
• Mark Personal Emails: Clearly mark personal emails as reflecting the sender’s views, not the Bank’s.
  Use Personal Emails Appropriately: Only use a Colleague’s personal email address for official material that relates to them personally, such as payslips or contracts.

Don’ts relating to Email Use:

• Misuse the Email System: Only use the Bank’s email system for legitimate business purposes.
• Send Bank Information to Personal Accounts: Do not send Bank information or attachments to personal email accounts without prior written approval from the Chief Operating Officer (COO). Approval has been given for certain non-executive directors, but any other case requires written approval.
• Send Inappropriate Content: Avoid sending chain letters, junk mail, jokes, executable files, or emails with attachments or links that may contain malware.

3.8 Collaboration Software

Microsoft Teams (Teams) is our preferred collaboration tool. You need to use this tool in a responsible, professional, effective and lawful manner.

Key Points relating to Collaboration Software:

• Legal Risks: Teams chat messages are subject to the same laws as other written communications. Be aware of the legal risks and the potential need to disclose messages in response to investigations, Freedom of Information requests and in meeting data subject rights.
• Teams in-meeting note taking: Colleagues licensed for Copilot may use Copilot in Teams for note taking, in line with the Bank’s guidelines.
• Teams Recording: Colleagues may only record Teams calls if granted permission for a specific call or series of calls following a formal request submitted per the Bank’s call recording guidance, the guidance can be found on the IT Service Desk Portal knowledge base Requests that do not comply (e.g., those outside the guidance's scope or submitted on short notice) will be rejected. The guidance covers request procedures, submission timelines, data protection, and recording management. The requesting Colleague is responsible for compliance and violations may result in disciplinary action and pose legal, commercial, or reputational risks to the Bank. Only native Teams recording is permitted; third-party software and personal device recordings are strictly prohibited.
• Monitoring: The Bank may monitor Teams communication. Chat content is archived, and all messages distributed via the Bank’s Teams system are the Bank’s property.
• Collaboration with Third Parties: IT can provide federated access to partner organisations on request, typically where we have a contractual relationship with the third party.
• Third Party Collaboration Tools: Other tools, such as Slack, can be approved for collaborating with third parties where Teams is not an option. For example, IT and Data Colleagues have access to the Cross Government Slack Workspace.
• WhatsApp: Is not an approved system for bank use. With an exception for use during critical systems outages for Business Resilience activities.

Do's relating to Collaboration Software:

• Indicate Information Classification: Clearly mark and respect the information classification of data shared in Teams. Refer to the Bank’s Information Classification and Handling Standard
• Blur Your Background: Whilst on a call do set your camera background to ‘blur’ to prevent any sensitive information from being seen and maintain privacy whilst working from home. Think about who may be around that could hear your discussions and take the necessary steps to work in a private space or use a headset.
• Use Discretion with social use: Use third-party communication tools on your personal devices at your own discretion but be aware that these communications might be included in an investigation or response to third party request.

Don’ts relating to Collaboration Software:

• Misuse Teams: Only use Teams for legitimate business purposes.
• Send Bank Information to Personal Teams Chats: As with email, do not send Bank information or attachments to personal MS Teams chats.
• Send Inappropriate Content: Avoid sending jokes, executable files, or attachments or links that may contain malware.
• Disclose Sensitive Information on Slack: Do not share sensitive or potentially sensitive material, intellectual property, or similar content via Slack or other third-party tools.
• Join Unapproved Slack Workspaces: Do not join unapproved Workspaces on Slack.
• Misuse third-party tools: Work-related messages on either a Bank-issued or personal device are subject to Freedom of Information requests, Data Subject Access requests, or other legal, regulatory, or internal investigations. Do not third-party tools such as Slack and WhatsApp for work-related purposes without written approval from the Chief Operating Officer (COO).

3.9 Telephony and Messaging

The Bank provides authorised software for making telephone calls and sending messages through applications such as Teams. All calls made from and to a given telephone extension may be logged, recorded and monitored and Colleagues should presume no privacy at any time. Although voicemail is password protected, an authorised administrator can reset the password and listen to voicemail messages if required to do so.

Do's relating to Telephony and Messaging:

• Use Authorised Tools: Always use approved audio-conferencing tools like Teams to arrange meetings.
• Join External Meetings Properly: When joining meetings hosted by external parties, use their conferencing tools as usual. If you need help, contact the IT Service Desk.
• Share Information Carefully: Only share information if you are certain about the recipient's identity, their entitlement to the information, and their readiness to receive it.
• Validate identities: Modern tools allow attackers to convincingly impersonate others, for example during remote job interviews. If you have doubts, verify the identity of the person you are speaking to. IT can provide guidance on the best practices for doing this.

Don’ts relating to Telephony and Messaging:

• Avoid Voicemail Risks: Do not leave voicemail messages containing personal information without first considering the potential security and confidentiality risks.

3.10 Bank Devices

Do not remove or alter the tags on Bank equipment as these tags uniquely identify it. Report any damaged tags to the IT Service Desk.

3.11 Travelling Outside the UK with Bank Devices

You may occasionally need to take Bank-owned devices outside of the UK so you can access the Bank’s network for work while on official work trips overseas or where you’re wanting to use a device on holiday. This must be requested via the IT Service Desk Portal so that IT can ensure that the device is appropriately protected whilst abroad.

Information Security maintain a Veto List based on guidance from the Foreign Office Travel Advisories and the National Cyber Security Centre. Working outside the UK requests to these destinations will be rejected. Devices seen in these countries during monitoring will be isolated from the corporate network, and accounts will be disabled without warning. Devices that have been to vetoed countries will require complete inspection, sanitisation, and potentially, destruction.

Do's relating to Travelling Outside the UK with Bank Devices:

• Align with policy: Refer to the Temporarily Working Outside the UK Policy on the Intranet.
• Check Government advice: Check the foreign office travel advisory before travelling

Don’ts relating to Travelling Outside the UK with Bank Devices:

• Bank assets: Take a Bank device or work materials out of the UK without permission

3.12 Use of Bluetooth Connected Devices

Do not use Bluetooth data sharing functionality to transfer files, either from their paired equipment onto the Bank network or device, or from the Bank network or device to the paired equipment.

3.13 File and Document Storage

Bank laptops are configured to use Microsoft OneDrive to synchronise files stored on your Desktop and in your Documents folder to the Cloud. Documents stored in SharePoint or OneDrive are also accessible from Bank mobile phones.

Do's relating to File and Document Storage:

• File storage: Use OneDrive, SharePoint or the G:\ drive to securely share, store and collaborate on files and documents.
• Ask for assistance: Contact the Service Desk for advice if you have any issues with your files.

Don’ts relating to File and Document Storage:

• Put information at risk: Store any files or information outside of SharePoint, OneDrive and G: as these are not backed up.

3.14 Personal Data on Bank Devices

When using Bank devices, Colleagues are likely to have access to personal data in relation to other individuals including other Colleagues. The Bank has a separate Data Protection Policy relating to the appropriate handling of personal data.

Do's relating to Personal Data on Bank Devices:

• Align with policy: Check the Bank’s Data Protection Policy before sharing any such personal data. Contact the Bank’s Data Protection Officer if you have any concerns or need further guidance.
• Protect your data: Use your OneDrive for storing any personal data.

Don’ts relating to Personal Data on Bank Devices:

• Put information at risk: Allow anyone else to have any access to your Bank devices.

3.15 Personal Devices

The Bank does not support a full Bring Your Own Device (BYOD) policy – that is, the Bank does not allow you to use personal devices for Bank work except in exceptional circumstances where this has been specifically configured. When you are using a personal device for other purposes, apply the following principles.

Do's relating to Personal Devices:

• Use the correct network: Access ‘Guest Wi-Fi’ when on Bank premises.
• Access web services: Access web services for which you have your own login credentials (for example, Diligent).

Don’ts relating to Personal Devices:

• Use the incorrect network: Use ‘BBB Corp – Wi-Fi’ from personal devices.
• Compromise Banks security: Connect any personal device to the Bank network using your Bank login credentials (username and password).
• Put information at risk: download (or allow anyone else to download) any Bank information, emails or documents onto a personal device.
• Record calls. Calls must only be recorded in your work Teams account and in compliance with the Bank’s call recording guidance.

3.16 Removable Media

Authorised encrypted removable media (USB sticks) are available via the IT Service Desk. The IT Service Desk logs serial number, content, date issued, issued to and date returned.

Do's relating to Removable Media:

• Ask permission: Submit a request to the IT Service Desk if you need to use removable media.

Don’ts relating to Removable Media:

• Ignore guidelines: Use personal removable media, unless you have obtained specific authorisation from the Chief Operating Officer (or an appropriate delegate) via a request to the IT Service Desk.

3.17 Use of Artificial Intelligence (AI)

Chatbots and AI tools are becoming increasingly common in modern life. At the Bank, there are three categories of AI tools you need to be aware of to guide your use: Public, Enterprise and Prohibited.

Public AI

Public AI tools are those accessed through free or personal subscriptions, such as ChatGPT, Claude.AI, or open-source models. This includes AI bundled with personal and family subscriptions, and personal devices. Some tools use interactions from their users to train new AI. As a minimum, user interactions can be reviewed by the tool provider, and in some circumstances may potentially be exposed by AI researchers or hackers.

Enterprise AI

Enterprise AI tools are those licensed and deployed by the Bank for use by Colleagues. The Microsoft Copilot suite meets the standards required for use in the public sector, with enhanced technical and contractual controls. Only Enterprise AI Tools that the Bank has onboarded into our secure boundary within the contractual / technical requirements may be used and each tool / use case has explicitly permitted information categories. Copilot is the approved AI tool available to all Colleagues. It is a general AI chatbot designed to be a friendly expert for troubleshooting and understanding complex topics. It can search the internet for information, summarise a file, and generate text and visual outputs. When you converse with Copilot, a green shield is displayed in the top right of a chat to show that enterprise data protection is active when used with your work device.

Prohibited AI

Although the vendors of some public AI tools market themselves for business use, they are typically avoided in financial services and the public sector due to unclear data retention, training practices, lack of auditability, inability to enforce content moderation or usage boundaries, and an association with controversy. A list of prohibited AI is held on the IT Service Desk portal

Do's relating to Prohibited AI:

• Complete mandatory AI training, before using any permitted AI tools.
• Use only approved Enterprise AI tools for Bank information. You must use Enterprise AI tools (e.g., Microsoft Copilot) when handling any form of Bank information. These tools have the required contractual, security and privacy safeguards.
• Verify and critically evaluate AI outputs. You must exercise judgement, verify accuracy, and validate AI-generated content before using it. AI outputs must never be assumed correct.
• Be transparent when AI contributes to work. Where AI materially supports content creation or decision support, users must disclose this and ensure human validation is retained.
• Report harmful or abnormal AI behaviour. You must report material concerns, harmful outputs, repeated hallucinations, data misuse, or security/privacy incidents via the Bank’s Risk Incident process.
• Keep AI use within Bank’s secure information boundary. All prompts and outputs relating to Bank information must stay within Bank‑approved environments and not be exported or copied into external/public services.
• Use Public AI only for non‑Bank learning. Public AI tools may be used for experimentation, prompt‑craft learning or summarising public information only—not for anything involving Bank data.
• Apply human oversight. AI must augment—not replace—your judgement. You must retain the ability to review, challenge, override or stop AI‑supported outputs.
• Delete prompts containing sensitive information once the task is complete. If you use sensitive information in prompts of an approved Enterprise AI tool, delete the prompt and response after use. This supports records retention and minimises duplicate information.
• Report an incident if you suspect a prohibited AI tool has been used or sensitive information has been input into a public AI tool.

Don’ts relating to Prohibited AI:

• Do NOT input Bank information into Public AI tools. You must never input any information created, received, processed or held by the Bank in the course of Bank business, including information provided by third parties, into Public AI tools.
• Do NOT process restricted information in Enterprise AI unless explicitly authorised. Restricted categories such as legally privileged material, special category personal data, market‑sensitive pre-announcement data, and NDA‑bound information must not be used in Enterprise AI unless approved and safeguarded. Do NOT share prompts containing this material with anyone.
• Do NOT treat AI outputs as accurate or authoritative. Generative AI may hallucinate, fabricate facts, or create plausible but incorrect content; you must not rely on output without verification.
• Do NOT circumvent security safeguards or move data outside approved environments. Exporting, copying, or transferring prompts, outputs, or datasets into unapproved locations or tools is not permitted.
• Do NOT allow AI to act autonomously without boundaries. Users must not deploy or rely on AI agents or autonomous capabilities that exceed defined, approved, and supervised limits.
• Do NOT procure or adopt any AI tool without TRB approval. Users must not begin using new AI tools or new uses of existing tools without going through the AI Use Case Template > Change Delivery Team > Data Enablement > Technical Review Board process.
• Do NOT use AI where it may breach privacy, legal, or regulatory obligations. Using AI in ways that involve processing personal data, sensitive data or regulatory interpretations without proper DPIA or approvals is prohibited. Engage Information Asset Owners and Information Governance.
• Do NOT use Prohibited AI tools. Certain tools (e.g. high‑risk public models) are explicitly prohibited and will be blocked. If an AI tool is blocked on the Bank’s network, do not attempt to circumvent. These must not be used under any circumstances. Details of Prohibited AI can be found on the IT Service Desk Portal.

3.18 Use of Music Streaming Services

Access to music streaming services via a Bank provided laptop is allowed, providing that your use is reasonable, and you follow the principles below.

Do's relating to Music Streaming Services:

• Be reasonable: Keep your use of personal music streaming to a reasonable level.
• Protect the Bank: if using a Bank device, only use a browser-based version of the service.
• Seek guidance: Consult your line manager for guidance on acceptable use.

Don’ts relating to Music Streaming Services:

• Impact your Colleagues: Play loud music in the offices or disturb your Colleagues.
• Put the Bank at risk: Sign up to music streaming services with a Bank email address;

Personal use of the Bank’s IT systems and devices is at your own risk. The Bank will not accept responsibility for any loss of information, damages or liability arising from any Bank Colleague’s personal use of the Bank’s IT systems and devices.

3.19 Intellectual Property Rights

Intellectual Property (IP) refers to creative work, which can be treated as an intangible asset or physical property.

IP rights can be found in a wide range of work products, including research reports, inventions, improvements, discoveries, software design, software coding, charts, drawings, specifications, notebooks, tracings, photographs, negatives, draft or final reports, findings, recommendations, data and memoranda.

Any IP created by or for the Bank and created by Bank Colleagues in carrying out their employment duty, is the property of the Bank.

In your use of the Bank’s IT systems and devices:

Do's relating to your use of the Bank’s IT systems and devices:

• Protect the Bank: Be careful to protect the Bank’s intellectual property, and that of our customers.

Don’ts relating to your use of the Bank’s IT systems and devices:

• Put the Bank at risk: Use or share intellectual property except where it is an authorised and necessary part of your job.