Information Management and Security Policy

Transcription

1 Unclassified Policy BG-Policy-03

2 Contents 1.0 BG Group Policy Policy rationale Applicability Policy implementation 4 Document and version control Version Author Issue date Revision detail 1.0 A. McCallum October 6 th 2010 Initial release 1.1 A. McCallum January 1 st 2012 Reference to Data Protection Standard changed to Privacy Protection Standard. Page 2 of 5

3 Policy owner: EVP & MD BG Advance Policy managed by: Chief Information Officer 1.0 BG Group Policy We manage the Group s records and information within a secure environment which is designed to safeguard the confidentiality and integrity of proprietary, personal and commercially sensitive information and protect it against loss or misuse. We will maintain all forms of information, records and other data in accordance with applicable legal, tax, regulatory and auditing requirements. 2.0 Policy rationale Information (both physical and computer-based) is a key asset which supports delivery of our business goals and helps maintain our competitive advantage. Its efficient management, use and retention within a securely designed environment enables us to comply with applicable legal, tax, regulatory and auditing requirements, assures the information s integrity, and protects it against loss or misuse. Misuse or unauthorised disclosure of proprietary, personal and commercially sensitive information can have severe consequences for BG Group and its employees. All personnel have a duty to prevent the loss, misuse or unauthorised disclosure of the Group s records and information. This Policy specifically supports the following Business Principles: We comply with legal, regulatory and licence requirements We do not tolerate corruption in any form, whether direct or indirect 3.0 Applicability Every employee, director or officer of every wholly owned BG Group company and in every joint venture company under BG Group control must follow this Policy. Contract personnel working for BG Group companies must also follow this Policy. Contractors and consultants are required to act consistently with this Policy when working for BG Group companies as our agent, on our behalf or in our name on any business activity including when delivering outsourced services. We apply this Policy in all joint operations where BG Group is the operator. When participating in joint venture companies not under BG Group control we encourage the adoption of a similar policy requirement. Breach of a BG Group Policy may result in disciplinary action, up to and including dismissal. Contracted personnel who fail to comply with this Policy may have their contract terminated, not renewed, or be subject to other Page 3 of 5

4 appropriate action. BG Group reserves the right to amend or update this Policy as required from time to time. 4.0 Policy implementation In order to protect and manage information BG Group will: operate a security classification system that defines the required security level for key information and documents; retain, store, preserve and manage physical and computer-based information for appropriate periods based on business need and applicable legal, tax, regulatory and auditing requirements so that it is available as required; maintain a secure IT operating environment that is designed to safeguard the confidentiality and integrity of proprietary and commercially sensitive information and supports business continuity; protect and manage personal information in accordance with applicable data privacy laws and regulations; protect confidential information provided to us by third parties when required to do so in the course of doing business; provide direction, training and supervision so that all personnel understand their obligations relating to the security of information and the proper use of IT systems; permit limited personal use of IT systems by personnel, provided that such use does not interfere with their duties or BG Group activities or operations; and reserve the right to monitor the usage of information and IT systems and equipment. When working for BG Group companies, personnel must: use information obtained from BG Group solely for legitimate business purposes; create, use, store and retain BG Group records, information and other data in accordance with the Information Management Standard; take appropriate steps in line with the relevant security classification system to protect BG Group and confidential third-party information in their possession against misuse or unauthorised disclosure as set out in the Information Management Standard; use the IT systems and equipment provided by BG Group for legitimate business purposes and according to authorised access rights; observe security protocols relating to the use of IT systems and equipment, not share passwords, nor allow unauthorised access to IT systems as set out in the Information Security Standard; respect personal information by taking appropriate care to protect the privacy of personal information relating to individuals as set out in the Privacy Protection Standard; respect third-party copyright and therefore not copy, download, store, install or transmit copyrighted materials that are not licensed to BG Group; Page 4 of 5

5 not create, copy, download, distribute or endorse any statements, images, information or sounds on BG Group IT systems or equipment that are, or could be deemed to be, abusive, obscene, defamatory or discriminatory, could cause offence or might otherwise bring BG Group into disrepute; promptly report to their line manager any: o loss or suspected loss of any proprietary, personal or commercially sensitive information and/or equipment containing such information; or o damage, disruption or attempted unauthorised access to any BG Group IT systems, information, document stores or libraries; not connect equipment or load software onto BG Group IT systems, networks or equipment without prior approval by Global IT; respect the permitted limited personal use of IT systems and equipment by keeping such use to a minimum and ensuring that it does not interfere with their duties or BG Group activities or operations as set out in the Acceptable Use Standard; and not destroy, remove, conceal, tamper with or otherwise alter any BG Group information, records or other data whenever they are aware, or have reason to suspect, that litigation or a criminal or regulatory investigation is, or may be, underway, threatened or pending. Page 5 of 5