NNPC Limited Code of Conduct - Information Management PDF

Summary

This document provides a code of conduct for NNPC Limited employees, focusing on communication, email usage, and Acceptable Use of IT assets. It covers acceptable use policies for email correspondence and communication, detailing guidelines for sensitive information and inappropriate communication practices. It also addresses IT resource usage and ethical standards for employees.

Full Transcript

NNPC Limited Code of Conduct 12 Information Management 12.1 Business Communications Good communication is essential to the overall health of NNPC Limited’s business. Every employee is expected to observe standard business communication etiquette when communicating with others. The standard applie...

NNPC Limited Code of Conduct 12 Information Management 12.1 Business Communications Good communication is essential to the overall health of NNPC Limited’s business. Every employee is expected to observe standard business communication etiquette when communicating with others. The standard applies to every kind of correspondence including mail, instant messages, telephone, social media tools etc. Inappropriate business communication can damage NNPC Limited’s relationships, lower morale among employees and negatively affect the Company's reputation. 12.2 Emails NNPC Limited’s email accounts are provided to users primarily for business purposes, although limited personal use is acceptable. NNPC Limited’s email is not to be used for frequent or continuous personal needs (beyond what is reasonable or necessary) or to conduct business that is not NNPC Limited related. Please note that emails are central to litigation and regulatory investigations as they provide a frank account of events, and they are virtually indestructible. Emails are also tenable in court based on the evidence act of 2011. 12.3 Acceptable Email Communication a) Make sure all email communications pertaining to NNPC Limited’s transactions are carried out using NNPC Limited’s corporate email. b) Ensure that you have appropriate approval before sending any sensitive classified information via email. c) Ensure the recipients of classified and sensitive emails are authorised to view such information, and that the emails are appropriately protected. d) Make sure NNPC Limited’s emails are not automatically forwarded outside of NNPC Limited’s domain, such as to the internet or a thirdparty email system (e.g. Gmail, Yahoo mail etc.) e) Always be professional in your communication. f) Ask yourself “Would I be comfortable if this communication appeared on the front page of a newspaper or was produced as evidence in legal proceedings?” g) Ask yourself ‘Do I need to make this communication and what is the most appropriate way of communicating?’ 43 NNPC Limited Code of Conduct h) Make sure that your written communications contain a clear statement (in a footer on an email or on NNPC headed paper) identifying your employing company as NNPC Limited and giving those details required by local law (for example, the company name, the address of its registered office and its registration number), as well as your contact details i) Obtain legal advice to avoid accidentally creating legally binding commitments when discussions or negotiations continue over a long period of time. 12.4 Unacceptable Email Communication a) Assigning blame or being judgmental e.g., “it was his fault”. b) Bragging or overstating facts e.g. “we ensure 100% compliance”. c) Writing speculative opinions e.g. describe equipment as “unsafe” without having relevant facts available. d) Engaging in ‘chit chat’ on sensitive or confidential matters or jokes about serious matters. e) Making decisions for companies that you don’t work for. In general, your activities in respect of any companies other than your employing company are advisory only. f) Giving the wrong impression about which company a communication comes from g) Sharing knowledge when this is prohibited or restricted: i. In the context of a commercially sensitive or price-sensitive project. ii. By law. iii. By an agreement, notably confidentiality or joint venture agreements. iv. For fiscal reasons (the information may have a commercial value so that sharing it has fiscal consequences). h) Sending of chain emails. 12.5 Personal Use of IT and Communication Assets Information Technology resources such as servers, email, network, enterprise applications, laptops, mobile devices and workstations etc. are essential tools in accomplishing the Company’s mission. These resources are valuable organizational assets to be used and managed responsibly to 44 NNPC Limited Code of Conduct ensure integrity, confidentiality, and availability for appropriate business objectives of NNPC Limited. All users of NNPC Limited’s IT assets, whether or not affiliated with NNPC Limited must follow the Company’s IT policies and contractual obligations. These include but are not limited to information security, data privacy, commercial use etc. Acceptable use of NNPC Limited’s IT assets is the responsibility of everyone who is affiliated with NNPC Limited or directly accessing NNPC Limited’s systems and data. Non-compliance with the required acceptable use measures and behaviours may pose significant risks to NNPC Limited, including malicious attacks and compromise of network systems and services. It may also lead to legal action that may significantly impact NNPC Limited’s operations and damage its business assets and reputation. 12.6 NNPC Limited’s Ethical Standards Employees who make personal use of NNPC Limited’s IT and communication facilities are required to do so in accordance with NNPC Limited’s ethical standards and in line with all the legal, regulatory, ethical, cultural or social codes that prevail in their workplace. 12.7 Security The personal use of IT and communication facilities must never endanger the security of NNPC Limited’s information. Pornographic and gambling websites are increasingly being used to spread viruses, spyware and other malicious software designed to exploit vulnerabilities in personal computers and IT networks. Unauthorized installation of software may also endanger information security. NNPC Limited’s IT policy requires that employees never use the Company’s facilities to visit inappropriate sites or to install software without authorization. 12.8 Monitoring and Logging The use of NNPC Limited’s IT and communication facilities is monitored and logged for the purposes of information security, operational management, and guarding against ‘cybercrime’. Monitoring and logging is also performed to ensure compliance with relevant laws, regulations and NNPC Limited’s policies. Furthermore, under the rules of lawful access and in legal and criminal investigations, including inquiries and discovery proceedings, data regarding the use of IT and communications facilities or data stored by those facilities may be disclosed and reviewed. NNPC Limited will report illegal use of its IT and communication facilities to the appropriate authorities. 45 NNPC Limited Code of Conduct 12.9 Acceptable Use of IT Assets Acceptable use of IT resources includes but is not limited to respecting the rights of other users, avoiding actions that jeopardize the integrity and security of information technology resources, and complying with all pertinent IT policies and legal requirements. Users must use only IT resources they are authorized to use and only in the manner and to the extent authorized. Users are responsible for protecting their domain-assigned accounts and authentication (e.g. password) from unauthorized use. Users must abide by the security controls on all information technology resources used for NNPC Limited’s business, including but not limited to mobile and computing devices, whether NNPC Limited or personally owned. Users of information technology resources are responsible for the content of their personal communications and may be subject to liability resulting from that use. The Company accepts no responsibility or liability for any personal or unauthorized use of its resources by users. 12.10 Unacceptable Use of IT Assets a) Users are not permitted to share authentication details (i.e. passwords) or provide access to their NNPC Limited domain accounts to anyone else. b) Users must not circumvent, attempt to circumvent, or assist another in circumventing the security controls in place to protect information technology resources and data. c) Users must not knowingly download or install software onto NNPC Limited’s IT resources which may interfere or disrupt service or does not have a clear business use. d) Users are prohibited from willingly engaging in activities that interfere with or disrupt network users, equipment or service; intentionally distribute viruses or other malicious code; or install software, applications, or hardware that permits unauthorized access to information technology resources. e) Users must not upload or download, transmit or otherwise access pornography or any other form of nude, indecent, vulgar, obscene, or otherwise objectionable material. f) Users are prohibited from disabling NNPC Limited’s security measures on any IT resource. 46 NNPC Limited Code of Conduct g) Users are prohibited from installing any NNPC Limited’s licensed software on their personal IT resources or share license codes with unauthorized users. h) Users are prohibited from installing software or connecting hardware without license and authorization. i) Users must not engage in inappropriate use of NNPC Limited’s IT resources, including but not limited to the following: Activities that violate state or federal laws, regulations or NNPC Limited’s policies. ii. Harassment. iii. Widespread dissemination of unsolicited and unauthorized electronic communications e.g. spam. iv. Gambling. v. Fraudulent conduct. vi. Conduct personal business j) Violate intellectual property rights e.g. downloading, uploading, transmitting, or allowing the unlawful transmission of copyright protected material. i. k) Commit a ‘cybercrime’ such as sending spam or viruses, hacking or attempting to infringe security measures to access resources on the network for which you are not authorized, communicating under a false name, intercepting or changing communications. 12.11 Data Privacy and Protection Guidelines/Principles: a) NNPC protects the personal data of employees, customers, suppliers, and other persons concerned. b) NNPC only collects, gathers, processes, uses, and stores personal data for which this is prescribed by law or required for organisation’s regulated business operations. Employee's Commitment a) Ensure that personal data is only collected, stored, processed, or used in any other way on a legal basis or with the consent of the person concerned. b) Contact NNPC’s ITS officers or one of the contacts listed, in the event of any doubt c) Personal data means any information relating to an identified or identifiable natural person. This may include, for example, a person’s home or office address, email address, phone number, photo, birthdate, banking or payroll information, IP address, mobile device ID, 47 NNPC Limited Code of Conduct government-issued identification information of that person. information and other similar d) NNPC collects, uses, stores, handles, transfers, and discloses personal data in accordance with applicable laws. e) Certain categories of personal data must be treated with greater care, including, for example, race, ethnicity, religion, physical or mental health data, criminal records, and genetic and biometric data. The workstations, laptops, mobile devices, and user accounts given to NNPC Limited’s users are to enable them to perform their jobs in the most efficient and effective way possible. However, users should not have an expectation of absolute privacy in the official materials that are created, sent, or received by them on NNPC Limited’s systems. To the extent permitted by local laws and regulations, NNPC Limited authorized personnel (such as Information Technology, HR and Internal Audit) may examine all material stored on NNPC Limited’s systems without prior notice. Some examples of situations which may warrant this may include: a) Investigation of a suspected breach of security. b) Prevention or detection of crime. c) Other legally permissible situations. 12.12 Our Expectations of You Understand that not only personal and personnel files but also businessrelated files can contain personal data. Understand that sensitive personal data, e.g. a person’s religion, race, health or criminal behaviour, is often more strongly protected by legislation than non-sensitive personal data. Apply password protection to computers, screensavers and documents. Ensure that all personal data is kept secure, not only from unauthorized access, but from fire and other hazards. Do not handle personal data before making sure you know which data protection laws, if any, are applicable and which requirements must be met. Do not disclose any information, including references, about an individual to an external organization without first checking that the individual consents to such disclosure. 48

Use Quizgecko on...
Browser
Browser