Information is one of our most valuable and sensitive assets. We protect it carefully, and follow relevant legal, contractual and business requirements.
We aim to ensure the confidentiality, integrity and availability of our information
Treat all non-public information with care
Avoid risky internet use
Non-public information means internal, confidential or secret information that isn’t intended to be public
There are three dimensions to how we protect our information:
When handling company information:
Avoid high-risk internet use by not:
Who’s responsible for ensuring our information is protected?
We’re all responsible for handling our information responsibly. If you’ve created a document, and are the owner of that information, you must ensure it gets the right level of protection. One way you can do this is to mark the document with the appropriate level of confidentiality.
I sometimes need to make calls and answer emails outside my usual workplace. Is this a problem?
When handling company information you’re always responsible for protecting it in the right way. Always consider where you are, making sure the information is not disclosed to unauthorized people – take extra care when in public places. If you’re unsure how to handle information correctly, speak to your manager or the security team.
I’m working from home and want to use my personal computer because it has a larger screen. Is that OK?
It’s a security risk to use your personal equipment for company work. Use only our approved equipment, services and software when managing company information.
I’ve created a memo following a meeting. Who’s allowed to read it?
This depends on the confidentiality of the meeting and who needs the information to do their work. The information owner should decide who can read the memo – normally this would include attendees of the meeting and other members of the relevant teams.
If you’re unsure how to handle any information, you can look for guidelines or instructions on the intranet, or speak with your manager or local security team.