Professional Documents
Culture Documents
Guidelines
in support of the
Information Technology Compliance and Security section
of the Code of Business Conduct and Ethics
September 2019
Owner: IT Governance, Compliance, and Controls Initial Release Date: September 2019
1 of 6
Computer User Guidelines
This document supports the Corporate Code of Business Conduct and Ethics section titled “Information Technology
Compliance and Security” accessible from the Corporate Compliance home page.
GENERAL
Lear resources
• Use Lear IT resources for Lear business. Using Lear IT resources for non-Lear business activities impairs
productivity and overburdens company resources.
• Limit use of high-bandwidth internet sites such as video-streaming, podcast-streaming, music-streaming
sites, etc.
• Some batch processes consume large amounts of shared network resources. If possible, schedule batch
processing during off-peak hours.
File transfers
• Lear email should not be used as a replacement for file transfer utilities. Contact the IT department to
establish SFTP (secure FTP), EDI, or other system file transfers. Where possible, secure/encrypted file
transfer methods are preferred. Contact the Lear Global Service Desk for assistance (see Appendix).
• Electronic file transfers (system to system) should protect Lear confidential and/or proprietary information
per the ‘Confidential and Proprietary Information’ section of Lear’s Code of Business Conduct and Ethics.
Owner: IT Governance, Compliance and Controls 2 of 6 Initial Release Date: September 2019
Computer User Guidelines
o SharePoint Team sites
o Group network drives
• Use caution when saving files to the following locations. The files placed here are not backed up. If a
computer suffers an error or system/hardware failure, files may be unrecoverable.
o A computer’s desktop
o A computer’s C: drive (hard drive)
o Internal public network drive (P: drive)
• The internal public network drive (P: drive) is designed to be a temporary holding place for files. Files stored
here are periodically deleted as a cleanup exercise. Access to the P: drive is not restricted, therefore
confidentiality of data stored here is not maintained.
• Physically secure sensitive information (hardcopy) and, when possible, print to a password-protected
printer. Leaving sensitive information visible on fax machines, photocopiers, printers, mail drop off or other
open areas can result in unauthorized disclosure and/or loss of information.
• When not in use, physically secure mass storage devices such as CDs, DVDs, USB drives, etc. containing
sensitive data. This helps prevent unauthorized access to the data. Where possible, password protect
and/or encrypt the contents. Use USB devices from trusted sources only. USB devices that you may happen
to find in a public area are sometimes intentionally infected with malware and therefore dangerous to the
computers if inserted.
• Lock mobile phones or other electronic devices using the lock methods specific to them.
Owner: IT Governance, Compliance and Controls 3 of 6 Initial Release Date: September 2019
Computer User Guidelines
USER CREDENTIALS
User credentials consist of user ID + password
• Users are accountable for actions performed under their login credentials (e.g., sending emails, instant
messaging, creating/modifying files, posting to Yammer, etc.). Do not provide your login credentials to
another person.
• Do not use another user’s login credentials. If another user attempts to give you their login credentials, do
not accept them.
Password Tips
• Use a memorable phrase that only you know.
• Use the first letter of each word in a unique phrase to create a password.
• Passwords must have a minimum of 8 characters in length. Passwords longer than 8 characters are
preferred because they provide a higher level of security.
• Remember to include at least three of the following in your password:
o uppercase letter
o lowercase letter
o special character
o number
• Do not create passwords from dictionary words, proper nouns, words with repeated or missing letters,
common phrases, or keyboard patterns. These types of passwords are easily guessed by malicious
password-cracking tools.
• Change your password immediately if:
o Your password is known by a system administrator
o You suspect that someone observed your password while you entered it
o You become aware of a security breach for a system you use
Owner: IT Governance, Compliance and Controls 4 of 6 Initial Release Date: September 2019
Computer User Guidelines
Tips for Answering Security Questions
• Many systems require you to answer security questions that help validate your identity if your password is
compromised or is reset.
o Create answers for security questions that are hard for others to guess but easy for you to
remember. Commonly used security answers such as “pizza” increase the chance that a security
question will be compromised.
o If possible, write your own unique security question and answer.
SOFTWARE MANAGEMENT
Software Approval
• Software contained on the Global Software List is classified in one of several statuses (Approved, Freeze –
Buy no More, etc.). For an explanation of the various statuses, please click here.
• Software not listed on the Global Software List may be submitted for approval consideration. On the
software approval site, click on the “Submit a New Request” link, fill in all required information and submit
the form. The software will go through a multi-step review process and a final status will be assigned. This
applies to any type of software including freeware, trial evaluations, cloud/software as a service (SaaS),
purchased, leased, or subscription-based software. The review process can take several weeks to
complete.
Software Licensing
• A sufficient number of software licenses must be purchased to ensure that the terms of the relevant
licensing agreement are met.
• Lear may be at risk for fines and penalties when unlicensed software is present for example when:
o users download unlicensed software to their computer, even without installing or using it
o users place unlicensed software on a USB drive (or other removable storage device) and then
connect it to a Lear computing device
o software designated for personal use only is used in the corporate environment
• License documentation must be retained.
• Making backup copies of software may be allowed if such action is authorized within the terms of the
licensing agreement.
Personally-owned software
• Personally-owned software shall not be installed on Lear-owned computing devices.
VIRUS PROTECTION/PATCHES
• Any process designed to bypass identification and verification processes, such as automating the entry of a
user ID and password through a workstation, must be avoided. Such activities weaken established security
measures.
• Restarting (rebooting) your computer allows software and anti-virus updates to be installed on your
computer. This is critical to ensure that the anti-virus protects your computer from the latest viruses and
malware. Computers that are not rebooted are not protected with the most current security patch protection
available.
• Non-Lear devices connecting to the Lear network via a Virtual Private Network (VPN) require installation of
one of the following anti-virus products:
Owner: IT Governance, Compliance and Controls 5 of 6 Initial Release Date: September 2019
Computer User Guidelines
o McAfee
o Microsoft
o Symantec
o Trend Micro
The anti-virus software must be active and the anti-virus pattern files must be kept current.
APPENDIX
Lear Global Service Desk Information
Revision History
Owner: IT Governance, Compliance and Controls 6 of 6 Initial Release Date: September 2019