Roche Directive on the Use of Roche Electronic Communication Tools

Similar documents
FERPA & Student Data Communication Systems

DONE FOR YOU SAMPLE INTERNET ACCEPTABLE USE POLICY

COUNTY OF RIVERSIDE, CALIFORNIA BOARD OF SUPERVISORS POLICY. ELECTRONIC MEDIA AND USE POLICY A-50 1 of 9

Acceptable Use Policy

UCL Policy on Electronic Mail ( )

Acceptable Use Policy

Acceptable Use Policy

Acceptable Use Policy

Internet, , Social Networking, Mobile Device, and Electronic Communication Policy

Communication and Usage of Internet and Policy

Department of Veterans Affairs VA DIRECTIVE April 17, 2006 WEB PAGE PRIVACY POLICY

Data Processing Agreement

Data Protection Policy

Internet, , and Computer Usage Policy

ACCEPTABLE USE ISO INFORMATION SECURITY POLICY. Author: Owner: Organisation: Document No: Version No: 1.0 Date: 10 th January 2010

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

Guest Wireless Policy

THE CORPORATION OF THE CITY OF WINDSOR POLICY

19 Dec The forwarding and returning obligation does not concern messages containing malware or spam.

Corporate Policy. Revision Change Date Originator Description Rev Erick Edstrom Initial

Acceptable Use Policy

Cell Phone Policy. 1. Purpose: Establish a policy for cell phone use and compensation allowance.

II.C.4. Policy: Southeastern Technical College Computer Use

University Policies and Procedures ELECTRONIC MAIL POLICY

Effective security is a team effort involving the participation and support of everyone who handles Company information and information systems.

Subject: University Information Technology Resource Security Policy: OUTDATED

Jacksonville State University Acceptable Use Policy 1. Overview 2. Purpose 3. Scope

COMPUTER & INFORMATION TECHNOLOGY CENTER. Information Transfer Policy

WASHINGTON UNIVERSITY HIPAA Privacy Policy # 7. Appropriate Methods of Communicating Protected Health Information

SECURITY & PRIVACY DOCUMENTATION

Data Processing Agreement for Oracle Cloud Services

POLICY BURLINGTON TOWNSHIP BOARD OF EDUCATION. PROGRAM 2361/page 1 of 8 Acceptable Use of Computer Network/Computers and Resources M

Data Processing Agreement

Users Policies. PRAN-RFL Group. [Owner: MIS Department, PRAN-RFL Group] Approved by: MIS Department Version: 1.0

The City of Mississauga may install Closed Circuit Television (CCTV) Traffic Monitoring System cameras within the Municipal Road Allowance.

01.0 Policy Responsibilities and Oversight

E RADAR. All Rights Reserved. Acceptable Use Policy

GENERAL ORDER PORT WASHINGTON POLICE DEPARTMENT

Personal Communication Devices and Voic Procedure

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

DATA PROTECTION POLICY

Data Protection Policy

Toucan Telemarketing Ltd.

Usage Policy Document Number: OIL-IS-POL-EU

Use of and Instant Messaging (IM) Policy

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

Apex Information Security Policy

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

INFORMATION TECHNOLOGY SECURITY POLICY

Shaw Privacy Policy. 1- Our commitment to you

Protecting Personally Identifiable Information (PII) Privacy Act Training for Housing Counselors

Data Processor Agreement

Economic and Social Council

Records Management and Retention

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Privacy Statement Tai Ceredigion Cyf Site Privacy Statement

Privacy Breach Policy

BISHOP GROSSETESTE UNIVERSITY. Document Administration. This policy applies to staff, students, and relevant data subjects

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

Information Security Data Classification Procedure

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

The GDPR Are you ready?

SUBJECT: Effective Date: Policy Number: Florida Public Records Act: Scope and

WEBSITE & SOCIAL MEDIA PRIVACY POLICY

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

Information Security Controls Policy

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

UWTSD Group Data Protection Policy

ICORS Terms of Service

Employee Security Awareness Training Program

Virginia Commonwealth University School of Medicine Information Security Standard

ACCEPTABLE USE OF HCHD INTERNET AND SYSTEM

INFORMATION ASSET MANAGEMENT POLICY

This procedure sets out the usage of mobile CCTV units within Arhag.

2016 SC REGIONAL HOUSING AUTHORITY NO. 3 S EIV SECURITY POLICY

FOOT LOCKER PRIVACY POLICY

Web Users Group, August Web Accessibility FAQ

Rowing Canada Aviron. Online Registration System - Protection of Personal Privacy. Policy Statement

Northern Virginia Community College Social Media Guidelines

Subject: Kier Group plc Data Protection Policy

STAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:

BCDC 2E, 2012 (On-line Bidding Document for Stipulated Price Bidding)

Information Security Key Elements. for. irunway. Information Security. May 31, Public

Ferrous Metal Transfer Privacy Policy

REPORTING INFORMATION SECURITY INCIDENTS

Acceptable Use Policy

University of Wisconsin-Madison Policy and Procedure

Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

TELEPHONE AND MOBILE USE POLICY

Privacy Policy Wealth Elements Pty Ltd

Acceptable Use Policy

MANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors

Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.

Draft. Policies of Colorado State University University Policy. Category: Information Technology

CARROLL COUNTY PUBLIC SCHOOLS ADMINISTRATIVE REGULATIONS BOARD POLICY EHB: DATA/RECORDS RETENTION. I. Purpose

PS Mailing Services Ltd Data Protection Policy May 2018

Wireless Communication Device Policy Policy No September 2, Standard. Practice

and Privacy HIPAA-Compliance Checklist

Supersedes Policy previously approved by TBM

Transcription:

Group Legal Roche Directive on the Use of Roche Electronic Communication Tools Version 1.2, 21 February 2012 Name: Roche Directive on the Use of Roche Electronic Communication Tools Version No: 1.2 Date: 21.02.2012 Author: Patrick Kos

Information General Information Type of Name Owner Location Associated ation Directive Roche Directive on the Use of Roche Electronic Communication Tools Group Legal Patrick Kos Physically: Patrick Kos Electronically: Patrick Kos Roche E-Mail Directive Authors (Contributors to paper) Name Patrick Kos Dept. LU Supported by Name Dept. Signature Date Dr Gottlieb Keller CL Review and Approval (as required) Completed by Members Members cont d Date Corporate Sustainability Committee, Working Team Corporate Sustainability Committee, Core Team Corporate Executive Committee Board of Directors Committee Other Sept. 2000 Use of the document Internal use only Intranet Internet X X History Version Reason for Change Date effective Draft Legal retention and storage requirements, new services Draft 1.0 Roche Directive on the Use of Roche Electronic Communication Tools, approved by Corporate Executive Committee 1.1 Roche Directive on the Use of Roche Electronic Communication Tools, amendment of sections 2 and 6 September 2000 27 March 2009 1.2 Roche Directive on the Use of Roche Electronic Communication Tools, amendment of sections 2 and 6 21 February 2012 Version No 1.2 / Date: 21 February 2012 Page 2 of 5

Global Roche Directive Approved by the Corporate Executive Committee in September 2000 Roche Directive on the Use of Roche Electronic Communication Tools 1. Objective This Roche Directive on the use of Roche electronic communication tools ("Directive") outlines the main rules of conduct to be observed by Roche employees when using Roche electronic communication tools. 2. Definitions The term "Roche electronic communication tools" covers the company's own: - Hardware such as telephones, fax machines, handhelds and computers and - Social media and collaboration tools, e.g. e-mail- messenger-, intranet- and internet-systems such as blogs, wikis, forums, etc. The term "personal use" means every instance of use that is not directly related to Roche's business purposes. 3. Application Roche electronic communication tools are to be used in principle and primarily for business purposes. In exceptional cases, Roche employees may use Roche electronic communication tools for their own personal use, as long as all of the following preconditions are met: - the employee's personal performance at work is not impaired; - other employees' work is not negatively affected; - Roche does not incur significant additional costs; - only a minimum of IT system resources are used; - the use is in keeping with due care, confidentiality and legal compliance as set forth in article 5 below. Under no circumstances may Roche electronic communication tools be used for purposes aimed at the pursuit of a private business in order to obtain income. 4. Security Employees who have access to Roche electronic communication tools must handle these with due care and ensure that they are not damaged, lost or otherwise displaced. Mobile electronic communication tools made available by Roche to its employees can be taken away from the company s premises or rather brought back to the company s premises without special Version No 1.2 / Date: 21 February 2012 Page 3 of 5

permission. However, the security staff may check the legality of the import/export. 5. Due care, confidentiality and legal compliance Content created when using Roche electronic communication tools must always be worded with the due care appropriate to each particular case. Content shall be provided only to those persons, both inside and outside the company, who actually need to have access. Content may only be kept as long as needed and must be discarded and/or deleted immediately after. Or better: Content in the form of official records must be stored in compliance with the Roche Global Records Directive. All other content must be discarded and/or deleted when it is no longer needed. Confidential information must be treated with the necessary caution. In using electronic communication tools via the internet-system, the confidentiality of content cannot be guaranteed unless it is encrypted. The following types of content may not be created or provided: - when the content may be illegal, indecent, discriminatory, harassing, derogatory, dishonourable, threatening or morally offensive; - when using documents and/or computer software made in breach of copyrights; - in connection with chain letters; - when the author's identity has been changed or concealed. 6. Content ownership The owner of a social media and collaboration tool is responsible for the management of the records stored within the respective social media and collaboration tool. This includes taking the appropriate steps when realising that content of the records is not in line with these guidelines (informing the legal department or compliance officer). Appropriate steps must also be taken when information becomes outdated or becomes subject to legal or regulatory retention requirements (in line with Roche Global Directive on Records Management). 7. Data privacy The use of Roche communication tools and social media and collaboration tools by individual users is subject to data privacy laws. Roche is entitled to access and process content in the context of inspections/investigations or audits and in the course of maintenance operations that are necessary to remedy a malfunction or to secure data in the respective system. Roche and its IT staff are allowed to make the information obtained in this manner accessible to third parties only if privacy is assured and if such a disclosure is absolutely necessary for the completion of the job in question. Data privacy is not unreservedly guaranteed. Data privacy may be rescinded for individual users in accordance with the applicable local legal requirements. For example such a step can be considered if there are legal grounds such as the prevention or limitation of damage which Roche or Roche employees might otherwise incur or in the context of inspections/investigations and audits. It is up to the legal department and the Roche IT-security department to decide, in consultation with the relevant human resources manager, on a case by case basis to what extent such measures can be taken. Version No 1.2 / Date: 21 February 2012 Page 4 of 5

8. Measures All companies in the Roche Group must take the necessary technical and organisational steps to guarantee compliance with this Directive. This Directive does not affect the provisions of the Roche IT security policy and other detailed regulations in force at department or any other level; such regulations must always be observed. 9. Enforcement All individual Roche companies are responsible for enforcing this Directive. All Roche employees must be informed accordingly. 10. Entry into force This Directive regarding the use of Roche electronic communication tools was adopted by the Corporate Executive Committee in September 2000 and entered into force the same day. Version No 1.2 / Date: 21 February 2012 Page 5 of 5

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback