Don’t share sensitive information

06 Company assets

Information is one of our most valuable and sensitive assets. We protect it carefully, and follow relevant legal, contractual and business requirements.

Three key things

1

We aim to ensure the confidentiality, integrity and availability of our information

2

Treat all non-public information with care

3

Avoid risky internet use

Definitions

Non-public information means internal, confidential or secret information that isn't intended to be public

Do the right thing

There are three dimensions to how we protect our information:

  • Confidentiality – we protect information from exposure to unauthorized people
  • Integrity – we ensure information is accurate and complete
  • Availability – we ensure information is accessible and usable when needed

When handling company information:

  • Protect it against accidental or unauthorized disclosure, misuse, improper alteration or destruction – take extra care when handling information outside your workplace
  • Keep your desk clear of papers and removable storage media – lock these away when you're not using them
  • Use it only for work tasks and not for personal use, e.g. don't disclose information on social media unless you have permission to do so
  • Use only company approved equipment, services and software
  • Follow the acceptable use terms and conditions for IT equipment, as set by your local Country/Group function – this may take the form of a mobile device policy or remote access policy

Avoid high-risk internet use by not:

  • Clicking on suspicious links
  • Opening suspicious email attachments
  • Downloading content with unknown license terms
  • Using pirated material
  • Visiting websites with inappropriate or malicious content

In practice

Who's responsible for ensuring our information is protected?

We're all responsible for handling our information responsibly. If you've created a document, and are the owner of that information, you must ensure it gets the right level of protection. One way you can do this is to mark the document with the appropriate level of confidentiality.

I sometimes need to make calls and answer emails outside my usual workplace. Is this a problem?

When handling company information you're always responsible for protecting it in the right way. Always consider where you are, making sure the information is not disclosed to unauthorized people – take extra care when in public places. If you're unsure how to handle information correctly, speak to your manager or the security team.

I'm working from home and want to use my personal computer because it has a larger screen. Is that OK?

It's a security risk to use your personal equipment for company work. Use only our approved equipment, services and software when managing company information.

I've created a memo following a meeting. Who's allowed to read it?

This depends on the confidentiality of the meeting and who needs the information to do their work. The information owner should decide who can read the memo – normally this would include attendees of the meeting and other members of the relevant teams.

Find out more

If you're unsure how to handle any information, you can look for guidelines or instructions on the intranet, or speak with your manager or local security team.

Well done reading that