Acceptable Use of Technology Policy

Published MasterControl documents frequently use JavaScript.
If you are seeing this message, your viewer

either does not support JavaScript or it is disabled. If you are using Adobe Acrobat, please enable JavaScript.
If you are using another viewer, you will need to configure your browser to view PDF files externally in Adobe
Acrobat.
1. Purpose
1.1. The purpose of this Acceptable Use of Technology Policy (“Policy”) is to set forth the
requirements for, and controls around, the use of the Company’s technology resources
(specifically, Company-Issued Technology Assets and Company Systems, as defined below);
the circumstances in which the Company will monitor these resources; and actions the
Company will take if this Policy is violated.
2. Scope
2.1. This Policy applies to Company employees working for the specialty brands business as well
as to any contractors, temporary workers, officers, directors, and agents of the specialty
brands business who are provided with access to the Company’s technology resources
(“Personnel,” as defined below). This Policy applies to the use of the Company’s email,
telephone, internet, and other communication systems both in the workplace and via remote
access as well as to the use of any Company-Issued Technology Asset.
2.2. This Policy does not form part of any employee’s contract of employment and the Company
may amend it at any time.
3. References
3.1. Global Data Protection and Privacy Policy - 0380
3.2. Legal Hold Policy- 0387
3.3. Guide to Business Conduct
3.4. Social Media Policy - 0385
3.5. Access Control Policy- 0303
4. Definitions
4.1. BI&TS refers to the Company’s Business Insights & Technology Solutions team.
4.2. Company-Issued Technology Asset refers to a laptop computer, tablet, mobile phone,
smartphone, or other mobile device owned by the Company.
4.3. Personnel refers to Company employees working for the specialty brands business as well
as consultants, contractors, temporary workers, officers, directors, and agents of the specialty
brands business who are provided with access to the Company’s technology resources.
4.4. Company Systems refers to email, telephone, internet, and other communication systems
provided by the Company whether accessed from a Company facility, via remote access, or
via use of a Company-Issued Technology Asset.
4.5. Confidential Information means information or data of a sensitive nature that is not
available to the public, that is disclosed by the Company to specific individuals for a
designated purpose, and that could harm the Company or benefit our competitors if it is
exposed. This includes any information of a sensitive nature created by Company sources
that may include proprietary business forecasts; marketing, financial, engineering, acquisition
plans; contract terms or intellectual property; and restricted information such as scientific and
technical knowledge and know-how. It also includes information concerning our customers,
business partners, or affiliates as well as any external party information/data disclosed to the
Company that has been designated as confidential and covered by a contractual
confidentiality agreement between the Company and the other party.
4.6. Personal Data means information that can be used to identify a person such as names,
personal email and home addresses, personal phone numbers, government-issued
identification numbers as well as financial account and personal health information.
Page 1 of 6
Published MasterControl documents frequently use JavaScript. If you are seeing this message, your viewer
Acrobat.
5. Responsibilities
5.1. Personnel must follow this Policy and ensure that Company Systems and Company-Issued
Technology Assets are used for proper business purposes and in a manner that does not
compromise the Company.
5.2. The Chief Digital and Information Officer has accountability for the administration and
enforcement of this Policy.
5.3. The Legal Department in consultation with the Human Resources Department has
responsibility for carrying out any actions that must be taken in response to violations of this
Policy.
6. Policy
6.1. Use of Company Systems and Company-Issued Technology Assets
6.1.1. Company Systems must not be used for any unlawful or prohibited purpose.
6.1.2. Incidental personal use of Company Systems to send personal email, browse the
internet, and make personal telephone calls is permitted provided that such use does
not interfere with the performance of your duties and complies with this Policy.
6.1.3. Upon termination of employment (or, in the case of consultants, contractors,
temporary workers, officers, directors, and agents who are provided with access to
the Company’s technology resources, the termination of association with the
Company), all Company-Issued Technology Assets must be returned immediately. If
Personnel in possession of Company-Issued Technology Assets are subject to a
Legal Hold, the Assets must be returned in compliance with the Company’s Legal
Hold Policy.
6.2. Security and Passwords
6.2.1. The security of all Company Systems and Company-Issued Technology Assets
allocated to or used by Personnel must be maintained at all times in accordance with
the Access Control Policy.
6.3. Company-Owned Information and Data
6.3.1. All information and data generated on Company Systems is the property of the
Company.
6.3.2. Contact information of Company customers and employees belongs to the Company.
Such information must be processed in accordance with the Company’s Global Data
Protection and Privacy Policy and may not be copied or removed, nor used for any
purpose other than Company business.
6.4. Maintaining the Security and Integrity of Company Systems
6.4.1. Only BI&TS approved software and applications will be installed on Company
Systems, and only BI&TS or delegated Personnel may alter the configuration of
Company Systems.
6.4.2. The use of cloud-based software solutions (“Software as a Service” or “SaaS”) must
be approved by BI&TS and the Legal Department in writing prior to use and must be
used for business purposes only.
6.4.3. Attempts to access password-protected or restricted parts of Company Systems
without the required authorization is forbidden.
6.4.4. Company-Issued Technology Assets must be locked by enabling password
protection when not in use or left unattended.
Page 2 of 6
Acrobat.
6.4.5. Unless specifically approved by BI&TS or the Legal Department, you may not permit
others to use your Company-Issued Technology Assets or to access Company
Systems.
6.4.6. You must notify BI&TS immediately if you suspect that malicious software has been
installed on a Company-Issued Technology Asset or Company System.
6.4.7. The Company blocks access to certain websites that have been determined to pose
a security risk and reserves the right to block access to additional websites at its
discretion.
6.4.8. The Company reserves the right to delete or block access to emails or attachments in
the interest of security.
6.4.9. Unless specifically approved by BI&TS, the use of external storage devices such as a
USB Flash Drives is prohibited.
6.5. Email, Chat, and Text Messages
6.5.1. You are prohibited from sending, posting, or transmitting using Company Systems
and Company-Issued Technology Assets messages or materials that are offensive,
obscene, defamatory, or otherwise inappropriate. This includes, but is not limited to,
messages and materials that are inconsistent with the guidelines articulated in the
Company’s Guide to Business Conduct and Social Media Policies.
6.5.2. If you feel you have been or are being harassed or bullied by a colleague, or if you
are offended by material received from a colleague, you should inform your manager
or Human Resources Business Partner.
6.5.3. Company-Issued Technology Assets must be used for all work-related
communications, including to send work-related text messages and to make work-
related telephone calls (unless such calls can be made from a landline at a Company
facility). You must use a Company email address (and never your personal email
account) to send and receive work-related emails. The use of private email accounts
for work-related purposes (including forwarding work-related emails – other than
messages of a personal nature relating to your compensation, benefits, professional
development, or the like – to a private email account) is strictly prohibited. The use of
Personnel-Owned Mobile Devices for work-related purposes is not permitted other
than in exceptional circumstances, which must be approved in advance by BI&TS
and the Legal Department.
6.5.3.1. Chat tools (whether 1:1 or 1:many) are to be used for informal
communications only. Chat tools must never be used to communicate
about substantive business issues or to record business decisions.
6.5.3.2. Substantive business communications and decisions must be
documented in an official company record repository such as a
designated SharePoint site, in OneDrive, in a formal policy or procedure
document, or in a formal presentation.
6.5.4. Email, chat, and text messages are potentially discoverable and may be required to
be disclosed in legal proceedings. The manual deletion of an email, chat, or text
message does not mean the communication cannot be recovered for the purposes of
disclosure. All email, chat, and text messages must be treated as potentially
retrievable. In general, do not use Company Systems or Company-Issued
Technology Assets to:
6.5.4.1. Send or receive personal email, chat, or text messages that you do not
want to be disclosed to third parties;
6.5.4.2. Send or forward chain mail, junk mail, cartoons, jokes, or gossip;
Page 3 of 6
Acrobat.
6.5.4.3. Agree to terms, enter into contractual commitments, or make
representations unless appropriate authority has been obtained; or
6.5.4.4. Send any Confidential Information or Personal Data via chat or text
message, as both may only be transmitted using encrypted
communication channels.
6.5.5. Given the potential discoverability of data sent from or received on Company-Issued
Technology Assets, you should not use a personal Apple ID or similar personal
account to set up your work device. Company-Issued Technology Assets should be
established using an account created specifically for work purposes. Contact BI&TS
if you have any questions about this requirement.
6.5.6. Emails received from external sources must be treated with caution. These
messages may contain malicious software, or links to malicious websites, and can
cause significant damage to Company Systems. Any suspicious email received must
be sent as an attachment to SuspiciousEmail@mnk.com for investigation by the
Cybersecurity Team.
6.6. WebEx, Teams Video, and Other Web-Based Teleconference Systems
6.6.1. The recording of routine day-to-day teleconference meetings hosted via the
Company’s WebEx system, Teams, or any other web-based teleconferencing
platform is prohibited. If you are hosting a formal meeting via one of these platforms
and there is a legitimate business need to record it, you may request approval from
BI&TS in advance. BI&TS in consultation with the Legal Department will approve
requests to record meetings hosted via these platforms if the meeting constitutes a
formal business presentation, training session, professional development
presentation, or similar type of event.
6.7. Internet and Social Media
6.7.1. Internet access is provided and should be used primarily for work purposes.
Incidental personal use may be permitted as defined in Paragraph 6.7 below.
6.7.2. Any unauthorized use of the internet is strictly prohibited. Such activity may also
constitute a criminal offense. Unauthorized use includes, but is not limited to:
6.7.2.1. Creating, viewing, or accessing any webpage or posting, transmitting, or
downloading any image, file, or other information that could be regarded
as pornographic, illegal, criminal, offensive, obscene, in bad taste, or
immoral and/or which is liable to cause embarrassment to the Company
or to our clients, customers, or suppliers;
6.7.2.2. Engaging in computer hacking and/or other related activities;
6.7.2.3. Posting information that does not reflect the standards by which the
Company operates as set forth in the Guide to Business Conduct;
6.7.2.4. Disclosing Confidential Information or Personal Data;
6.7.2.5. Breaching copyright or licensing conditions of any internet site or
computer program.
6.7.3. For more information about the acceptable use of Social Media (including
participating in chat rooms, posting on internet message boards, blogs, wikis or other
social media sites), please refer to the Company’s Social Media Policy.
6.8. Personal Use of Company Systems
6.8.1. Incidental use of Company Systems for personal use, including to send personal
emails, browse the internet, and make personal telephone calls, is permitted provided
that such use does not interfere with the performance of your duties and complies
Page 4 of 6
Acrobat.
with this Policy. The Company reserves the right, at its discretion, to withdraw this
privilege at any time and/or to restrict personal use.
6.8.2. Personal use of Company Systems may be monitored as permitted by applicable
laws.
6.9. Company Monitoring of Use of Company Systems and Company-Issued Technology Assets
6.9.1. As permitted by applicable laws, the Company reserves the right to monitor the use
of Company Systems and Company-Issued Technology Assets, including, without
limitation, the transmission of email, chat, and text messages; internet usage; and
general use of the Company’s telephone system.
6.9.2. As permitted by applicable laws, the Company reserves the right to monitor your use
of your Personnel-Owned Mobile Devices for work purposes if such use has been
authorized in writing by BI&TS and the Legal Department (see Paragraph 6.9 below).
6.9.3. The Company reserves the right to conduct such monitoring to, among other
reasons, protect the security of Company Systems; ensure the smooth running of the
business; investigate suspected violations of Company Policies, activities by
Personnel that may be illegal or detrimental to the Company, or complaints,
grievances, potential legal or criminal offences; and where otherwise permitted or
required by law.
6.9.4. The Company will only intercept (i.e., open or listen to) communications if permitted
by applicable laws, where relevant to the carrying on of the Company’s business, and
where necessary:
6.9.4.1. To establish the existence of facts or determine whether any Company
policy has been violated including, for example, in the context of an
internal compliance investigation, a legal investigation or internal audit;
6.9.4.2. To detect or investigate unauthorized use of Company Systems;
6.9.4.3. For purposes of preventing or detecting crime or where otherwise
required to comply with the Company’s legal or regulatory obligations; or
6.9.4.4. For the effective operation of the telecommunication system.
6.9.5. Information obtained through monitoring may be shared internally as well as with
authorized third parties.
6.10. Personnel-Owned Mobile Devices
6.10.1. Other than in exceptional circumstances and with the prior written approval of BI&TS
and the Legal Department, the Company does not support the use of Personnel-
Owned Mobile Devices for work-related purposes nor the connection of such
Personnel-Owned Mobile Devices to Company Systems. The unauthorized use of
Personnel-Owned Devices for work-related purposes poses a threat to security and
is not allowed.
6.10.2. In exceptional circumstances where prior written approval of BI&TS and the Legal
Department of a “Permitted Personnel-Owned Mobile Device” is given:
6.10.2.1. Such use and connection must be carried out in accordance with this
Policy (including as outlined in Paragraph 6.4 above); and
6.10.2.2. The permitted Personnel-Owned Mobile Device must have up-to-date
anti-virus software installed on it. The Company may inspect your
equipment to verify this.
6.10.3. The Company may establish audit trails, which may be accessed, published, and
used without notice. These trails can be used to track the connection to, or usage of,
Page 5 of 6
Acrobat.
a permitted Personnel-Owned Mobile Device with Company Systems. The resulting
reports may be used for investigation of possible breaches and/or misuse.
6.10.4. Permitted Personnel-Owned Mobile Devices may be subject to inspection by the
Company and/or law enforcement authorities if it is determined that Company-related
data resides on the Devices and such data is relevant to an investigation or other
legal proceeding. In these circumstances, permitted Personnel-Owned Mobile
Devices must be made available to the Company and/or law enforcement for
inspection.
7. Violations
7.1. Any violation of this Policy will be dealt with under the Company’s disciplinary procedures. In
certain circumstances, the violation of this Policy may be considered gross misconduct and
may result in immediate termination of employment or engagement without notice or payment
in lieu of notice. In addition, or as an alternative, the Company may withdraw access to certain
Company Systems and/or Company-Issued Technology Assets.
7.1.1. Examples of violations that will usually be treated as gross misconduct include, but
are not limited to:
7.1.1.1. Creating, transmitting, or otherwise publishing any false or defamatory
statement about any person or organization;
7.1.1.2. Creating, viewing, accessing, transmitting, or downloading any material
that is discriminatory, or may cause embarrassment to other individuals,
including material that breaches the principles set out in the Company’s
policies and procedures;
7.1.1.3. Accessing, transmitting, using, disclosing, or downloading any
Confidential Information or Personal Data, except where authorized in
the proper performance of your work duties;
7.1.1.4. Accessing, transmitting, installing, using, or downloading unauthorized
software;
7.1.1.5. Viewing, accessing, transmitting, or downloading any material in breach
of copyright.
7.2. Where evidence of misuse is found, the Company may undertake a more detailed
investigation in accordance with its disciplinary procedures, involving the examination and
disclosure of monitoring records to those nominated to undertake the investigation and any
witnesses or managers involved. If necessary, such information may be handed to law
enforcement in connection with a criminal investigation or other legal proceeding.
8. Attachments
8.1. None
9. Revision History
Revision No. Change Description

1 Initial Revision of existing policy
Page 6 of 6
Signature Manifest
Document Number: POLICY0389 Revision: 1

Title: Acceptable Use of Technology Policy
All dates and times are in UTC.
Acceptable Use of Technology Policy

DCC Review
Name/Signature Title Date Meaning/Reason

Jane Parikh (JANE.PARIKH) Sr. Manager, EQMS 06 Jan 2022, 01:26:09 PM Approved
Create/Revise

Karen Yutsus (KAREN.YUTSUS) 06 Jan 2022, 02:17:40 PM Complete
Peer Collaboration

Karen Yutsus (KAREN.YUTSUS) 06 Jan 2022, 02:35:05 PM Complete
Doc Control Review

Michelle Cameron
06 Jan 2022, 05:32:05 PM Complete
(MICHELLE.CAMERON)
Manager Training Approval

Megan Vernak
Director, Product Monitoring 07 Jan 2022, 04:40:26 PM Approved
(MEGAN.VERNAK)
Author/Department Approval
Acrobat.

Karen Yutsus (KAREN.YUTSUS) 07 Jan 2022, 05:19:05 PM Approved
Pat Roche (PAT.ROCHE) 07 Jan 2022, 05:29:09 PM Approved
Final QA Approval

Jane Parikh (JANE.PARIKH) Sr. Manager, EQMS 09 Jan 2022, 08:47:55 PM Approved
Training

Veronica Hansen
LMS Specialist 26 Jan 2022, 03:18:27 PM Approved
(VERONICA.HANSEN)
Change Control Approval

Michelle Cameron
26 Jan 2022, 05:09:14 PM Approved
(MICHELLE.CAMERON)
Set Dates

Michelle Cameron
26 Jan 2022, 06:02:23 PM Approved
(MICHELLE.CAMERON)
Notification

Jim Heintzelman
26 Jan 2022, 06:02:24 PM Email Sent
(JIM.HEINTZELMAN)
Acrobat.

Acceptable Use of Technology Policy

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Acceptable Use of Technology Policy

Uploaded by

Copyright:

Available Formats

Published MasterControl documents frequently use JavaScript.

If you are seeing this message, your viewer

Revision No. Change Description

Document Number: POLICY0389 Revision: 1