Acceptable Use of GE Information and Resources and Secrecy and

Inventions Agreement
Associate ID:
Associate Name:
Associate Email ID:
ID card proxy number-
ocation from !"ere you are operating:
Introduction
Information about our Company, our customers, our employees and our suppliers is
one of GEs most valuable assets and must be used and protected in an appropriate
manner. Similarly, equipment and technology resources belonging to the Company,
and provided by GE to its worers, or in some cases, individuals contracted to do
wor for GE, to process and store information, must also be used and protected
appropriately. !hese Guidelines provide further information under the "rivacy and
Security # Crisis $anagement policies of !he Spirit # !he %etter and set out the
minimum standards that must be met. Some GE businesses may have additional,
specific guidance in place to meet local or business requirements and these must
also be met. %ocal laws or regulations covering privacy, data protection or security
may also impose additional requirements. !o the e&tent that any statement in these
Guidelines would not be permissible under local law, the provisions of local law will
prevail. 's a GE worer or contractor with access to such resources, you are
responsible for nowing and complying with these Guidelines, !he Spirit # !he %etter
and the privacy and information security policies of GE and your business. If you
have any questions about your responsibilities, contact your supervisor, (uman
)esources or business "rivacy or Information Security %eader.
Definitions
GE Information includes all information that is collected or created by the Company.
*or e&ample, personal data that is collected from customers, employees or suppliers,
including names, email addresses, phone numbers, account numbers, ta&
identification or social insurance numbers, is included in the definition of GE
Information or covered by these Guidelines. GE Information also includes information
GE creates in its business processes, such as intellectual property and Company
financial data. GE Information )esources include GE Information and equipment and
technology provided by GE to process and store GE Information. *or e&ample,
computer equipment, fa& machines, voice mail, Internet access, email accounts,
personal data assistants +,"-'s./ +e.g, 0lacberries/, cellphones and software
provided by the Company are GE Information )esources.
Using # $rotecting GE Information
%&A' '( )*(%
Different types of GE Information are used for different business purposes and require different
levels of protection. GEs Data Classification Guidelines divide GE Information into four
categories: Public, GE Internal, GE Confidential and GE estricted. In addition, t!e use of
customer and supplier data may be governed by contractual agreements bet"een GE and t!ird
parties, and t!e use of employee data is governed by t!e GE Employment Data Protection
#tandards. GE "or$ers and applicable contractors are responsible for understanding t!e relevant
guidelines, applicable contracts and local la"s t!at govern t!e use of GE Information under t!eir
GE MSAT Internal
control.
%&A' '( D(
LEARN AND COMPLY "it! policies t!at are relevant to your %ob or assignment, including: & GE
Data Classification Guidelines & GE Employment Data Protection #tandards & any contractual
obligations, suc! as consumer credit card agreements.
RAISE ANY QUESTIONS about t!e use and protection of GE Information to your business
Privacy or Information #ecurity 'eader.
ONLY USE GE INFORMATION FOR LEGITIMATE BUSINESS PURPOSES and in a manner
consistent "it! t!e purpose for "!ic! t!e information "as initially collected or created. (isuses of
GE Information may be one)time, accidental uses or may include ongoing, routine uses t!at are
outside t!e original purpose for collection or creation.
BEFORE YOU REQUEST OR ACCESS GE Information, as$ yourself, *Do I really need t!is+,
-nly request GE Information necessary to perform your current %ob responsibilities. (a$e
requests for GE Information follo"ing any processes specified in your business, and follo" t!e
usage and retention instructions provided by t!e GE Information o"ner and t!e GE Data
Classification Guidelines.
CONTROL ACCESS to GE Information and only s!are it "it! aut!ori.ed persons "!o !ave a
legitimate *need to $no", in order to perform t!eir %ob responsibilities. /eep all application login
credentials safe. Do not s!are user IDs and pass"ords "it! ot!ers. GE 0olders and your local file
server are considered t!e best met!ods for geograp!ically dispersed teams to e1c!ange, store
and transport GE Information. Ensure t!at GE 0olders are appropriately access restricted.
MAINTAIN A CLEAR WORKSPACE "!en you are a"ay from your des$ by loc$ing your screen
or using pass"ord)protected screensavers set at s!ort intervals, $eeping confidential materials in
a secure place, removing items containing GE Information from fa1 mac!ines, copiers and
scanners in a timely manner, and retrieving p!ysical mail deliveries frequently
%&A' '( %A'+& (U' ,(R
USES THAT ARE NOT ALIGNED WITH LEGITIMATE BUSINESS PURPOSES, suc! as s!aring
customer data "it! ot!er parties "!en t!at s!aring is not in compliance "it! customer contractual
agreements.
USING GE INFORMATION RESOURCES AND SPEAKING ABOUT GE INFORMATION in
public places, suc! as airports and restaurants, "!ere ot!er people can over!ear your
conversations or vie" your screen.
UNNECESSARY SHARING of GE Information, suc! as carbon copying 2*ccing,3 or blind carbon
copying 2*bccing,3 more people t!an necessary in emails or not restricting access to GE 0olders
containing sensitive GE Confidential or GE estricted information.
GE MSAT Internal
IMPROPER DISPOSAL of GE Information, suc! as tossing GE Information in t!e tras! rat!er
t!an using a secure met!od of document disposal. 4s$ your site manager about secure
document disposal and your business Information #ecurity 'eader about secure computer file
disposal.
STORING GE INFORMATION THAT IS NOT NECESSARY for your current %ob responsibilities,
including information stored on laptops, removable media devices 2suc! as 5#6 drives and
e1ternal !ard drives3 and p!ysical documents. 6e sure to comply "it! your business document
retention policy.
Using # $rotecting GE Information Resources
-our GE Digital Identity
%&A' '( )*(%
7our GE digital identity 2for e1ample, your ##- plus pass"ord, your digital certificate, or ot!er
username)pass"ord combination3 is t!e $ey to accessing GE Information and is required for
access to GEs net"or$ and systems. GE Information is placed at ris$ of t!eft or misuse "!en
pass"ord protections are compromised, for instance by using s!ared pass"ords or by using
easy)to)guess pass"ords or leaving pass"ords in plain sig!t.
%&A' '( D(
CREATE ROBUST PASSWORDS, and c!ange t!em on a regular basis. Do not use common
"ords or p!rases, your name, your birt!day or your ##-.
NEVER SHARE PASSWORDS, even "it! someone you trust, suc! as t!e 8elp Des$. If you
s!are your pass"ord, you are responsible for any loss, damage or misconduct t!at arises from its
use.
DO NOT POST USERNAMES AND PASSWORDS near your computer. Pass"ords must be
committed to memory.
$ortable Devices # Removable .edia
%&A' '( )*(%
Portable devices, including laptops, cell p!ones and PD4s 2e.g., 6lac$berries3 must be secured
at all times. Do not leave portable devices unattended in public. 'aptops must be encrypted and
p!ysically secured, even in a GE location. emovable media 2e.g., 5#6 drives, e1ternal !ard
drives, CDs9D:Ds3 s!ould not be used to store GE Confidential or GE estricted information
unless suc! devices are encrypted. Personally purc!ased removable media are not permitted for
business use unless e1pressly permitted by your business. 6e a"are t!at if you place GE
Information on personal removable media, GE may need to access suc! devices if required in t!e
conte1t of litigation or ot!er audit or investigation.
%&A' '( D(
IMMEDIATELY REPORT damage, t!eft or loss of GE Information esources. 0ollo" your
business reporting process, and cooperate "it! related investigations.
RETURN GE Information esources "!en t!ey are no longer in use. 4ll devices must be
GE MSAT Internal
returned for accounting and possible deletion of material.
ONLY USE GE DEVICES for business purposes. Do not use personal devices, suc! as
personally purc!ased 5#6 memory stic$s, "!ic! may e1pose GE Information to greater ris$.
%&A' '( %A'+& (U' ,(R
LEAVING PORTABLE DEVICES IN PLAIN VIEW If you must leave your laptop in your car, loc$
it out)of)sig!t in t!e trun$.
CROWDED AREAS suc! as train stations, !otel lobbies, airports and restaurants. Distracting
environments create opportunity for t!efts.
Internet Access # Email Accounts
%&A' '( )*(%
GE provides Internet access and email accounts for use in business processes. 'imited non)
business use "!ic! is not an abuse of Company time and9or resources and "!ic! does not
violate any GE policies applicable to you is permitted. It is pro!ibited to use GE Information
esources to access, do"nload, create, display or disseminate material t!at may be considered
obscene, racist, se1ist, ageist, t!reatening or ot!er"ise offensive, unprofessional or in violation of
any GE policy or guidelines, or may ot!er"ise be perceived to create a !ostile "or$ environment.
GE businesses may bloc$ potentially ob%ectionable or dangerous ;eb sites or rely on *content
filtering, soft"are to filter broad categories of ;eb sites. GE cannot revie" every potentially
bloc$ed ;eb site. <!e availability or unavailability of a ;eb site does not necessarily reflect
endorsement or censors!ip by GE. GE may also bloc$ streaming media sites 2video, music, radio
stations3 to preserve Internet band"idt!, regardless of content. If a ;eb site is bloc$ed and
needed for a legitimate business purpose, contact your 8 manager.
%&A' '( D(
LEARN AND COMPLY "it! t!ese Guidelines, <!e #pirit = <!e 'etter and any business)specific
guidelines addressing Internet access, email use and "or$place conduct.
RAISE ANY QUESTIONS regarding t!e use of Internet access and email accounts "it! your
supervisor, 8uman esources or business Privacy or Information #ecurity 'eader.
DO NOT SHARE COPYRIGHTED MATERIAL including music, images, videos or maga.ines.
Do"nloading or sending copyrig!ted material t!roug! GE Information esources may infringe t!e
rig!ts of t!e copyrig!t !older and e1pose bot! you and GE to civil and criminal liability.
Possession of copyrig!t)infringing materials on GE Information esources is pro!ibited.
APPLY THE NEWSPAPER TEST before sending an email. 4s$ yourself, *!o" "ould I feel
seeing t!is message reproduced in public+,
DO NOT MODIFY your computers configuration to circumvent Internet security settings. 4ll GE
;eb bro"sers are pre)configured to use specific Internet pro1y settings.
%&A' '( %A'+& (U' ,(R
GE MSAT Internal
USE OF PERSONAL EMAIL ACCOUNTS 2e.g., 7a!oo, Gmail3 or calendar systems to conduct
GE business is pro!ibited. GE "or$ers are provided a GE email account for business use.
USING GE INFORMATION RESOURCES FOR ENTERTAINMENT PURPOSES, suc! as
vie"ing or do"nloading streaming video or live television broadcasts, is pro!ibited unless
aut!ori.ed by your supervisor.
ENGAGING IN NON!GE BUSINESS ACTIVITIES"it! GE Information esources is not allo"ed,
even if suc! business activities are declared in a conflicts of interest statement.
OPENING EMAIL ATTACHMENTS t!at are suspicious or from an un$no"n sender. ;!en in
doubt, contact your Information #ecurity 'eader before opening suc! attac!ments.
ACCESSING" DOWNLOADING OR DISTRIBUTING MATERIALS t!at are in violation of
Company policy, including materials t!at are nonpublic, offensive or may be perceived as
creating a !ostile "or$ environment.
.anaging -our (nline $resence
%&A' '( )*(%
<!e use of social media, suc! as ;eb logs or *blogs,, peer)to)peer net"or$s and online
communities, can be a great "ay for GE "or$ers to s!are e1pertise and perspectives "it! family,
friends, colleagues, customers or potential employees around t!e globe or do"n t!e street.
8o"ever, it is important to remember t!at online content reflects not only on your reputation, but
on t!e Company as "ell. 6efore posting information online, it is important to understand t!e ris$,
re"ard and reac! involved. If you identify your affiliation "it! GE or discuss matters related to GE
on a ;eb site forum or blog, you may be perceived as a spo$esperson for GE. 4ny blogging or
posting t!at violates any GE policy, including <!e #pirit = <!e 'etter and t!ese Guidelines, even
"!en done "it! personal resources, is pro!ibited.
%&A' '( D(
LEARN AND COMPLY "it! t!ese Guidelines, <!e #pirit = <!e 'etter and applicable la"s,
including copyrig!t la"s.
RAISE ANY QUESTIONS about "!at is appropriate to your supervisor, 8uman esources or
business Privacy, Information #ecurity or Communications 'eader.
E#ERCISE GOOD $UDGMENT "!en blogging or posting on t!e Internet or t!roug! any
electronic means. 6e respectful of GE, its officers, employees, customers, partners and
competitors. -t!ers may believe your perspective to be an official GE position or opinion.
BE ACCURATE AND TRANSPARENT, and if you ma$e a mista$e, promptly correct it. #ignify
"!en altering a previous post. emember t!at t!e Internet !as a long memory, and even deleted
postings may be searc!able. >ever post false information about t!e Company or its employees,
officers, customers or suppliers
CLARIFY THAT YOUR VIEWS ARE PERSONAL by spea$ing in t!e first person 2*I,3. If you
identify yourself as in any "ay affiliated "it! GE or are $no"n as suc!, use a prominent
disclaimer t!at your vie"s do not necessarily represent GE. Identify yourself by name and, if you
blog or post about GE or GErelated matters, your GE role.
%&A' '( %A'+& (U' ,(R
GE MSAT Internal
SPEAKING FOR THE COMPANY "it!out aut!ori.ation is pro!ibited. Eac! business !as
guidelines for spea$ing on GEs be!alf and responding to media inquiries. If your blog may reflect
on GE, consult your Communications 'eader for furt!er guidance.
DO NOT USE THE MONOGRAM% Do not use any GE logos or trademar$s to create t!e
impression t!at t!e communication is attributable or approved by t!e Company, unless
specifically aut!ori.ed to do so.
POSTING ANY NON!PUBLIC& CONFIDENTIAL&PROPRIETARY GE INFORMATION on
personal ;eb sites, blogs or ot!er communications is pro!ibited.
DO NOT USE A BLOG OR FORUM as a medium for covert mar$eting or public relations "!ic!
do not identify GE, or you as a GE "or$er, as t!e aut!or. If you discuss a GE product or service
or one offered by a competitor, you must clearly disclose your relations!ip "it! GE.
BLOGGING ACTIVITY THAT INTERFERES "it! your "or$ commitments. Do not use GE "or$
time or resources for blogging unless e1pressly aut!ori.ed to do so by your supervisor.
GE EMAIL ADDRESSESs!ould not be used to register "it! social net"or$ing sites, blogs or
ot!er sites of a personal nature.
MAKING PREDICTIVE STATEMENTS t!at may reveal GEs business strategy or future
performance.
Soft!are and +opyrig"ted .aterial
%&A' '( )*(%
GE computers are delivered "it! standard pre)installed soft"are. Do not disable or uninstall suc!
soft"are. GE "ill routinely install soft"are on its computers, and any attempt to permanently
prevent suc! soft"are installations is pro!ibited. -nly soft"are revie"ed and approved by GE
Information #ecurity may be loaded onto GE computers. GE may remove additional soft"are t!at
poses a security ris$ or conflicts "it! t!e operation of GE)loaded soft"are. If you need additional
soft"are to perform your %ob, contact your business 8elp Des$. <!e use or installation of soft"are
purc!ased and licensed by GE on any non)GE device is pro!ibited unless you !ave managerial
approval. GE businesses may bloc$ soft"are it deems dangerous, inappropriate or burdensome
to t!e system, including peer)to)peer file s!aring programs, remote control soft"are, voice c!at,
!ac$ing tools, anonymi.ers, instant messaging and mal"are.
%&A' '( D(
LEARN AND COMPLY "it! t!ese Guidelines, GEs #oft"are 5se Guidelines and any business)
specificPEE)<-)PEE #-0<;4E - -<8E 0I'E)#84I>G P-G4(#. >ever use file)
s"apping programs on GE Information esources.using policies.
RAISE ANY QUESTIONS regarding t!e use of soft"are "it! your business Information #ecurity
'eader.
BE AWARE OF COPYRIGHT RESTRICTIONS% 5se of most Internet content, including images
found t!roug! searc! engines, requires a license unless labeled as free for commercial use.
%&A' '( %A'+& (U' ,(R
GE MSAT Internal
FREE SOFTWARE t!at may !ave restrictive licenses. Contact your business Information
#ecurity 'eader or 8elp Des$ before do"nloading.
INSTALLING PERSONAL SOFTWARE 'n GE Information esources. GE 8elp Des$s may
remove personal soft"are if it conflicts "it! operations and are not responsible for restoring
personal programs removed in t!e process.
PEER!TO!PEER SOFTWARE OR OTHER FILE!SHARING PROGRAMS% >ever use file)
s"apping programs on GE Information esources.
%or/ing %it" Suppliers
%&A' '( )*(%
Protecting GE Information esources requires close cooperation "it! suppliers. <!e GE #upplier
Information #ecurity Policy and GE #upplier 4cceptable 5se of Information esources outline t!e
security policies designed to safeguard GE Information from unaut!ori.ed or accidental
modification, damage, destruction or disclosure "!en it is in t!e care of suppliers. GE "or$ers
"!o interface "it! suppliers must ta$e appropriate precautions before transferring GE Information
to suppliers. GE "or$ers are not permitted to release GE Confidential and GE estricted
information to t!ird parties "it!out permission of t!e GE Information o"ner, "!o is t!e GE
employee responsible for t!e collection or creation of t!e GE Information, as "ell as its
protection.
%&A' '( D(
LEARN AND COMPLY"it! t!e GE #upplier Information #ecurity Policy and t!e GE #upplier
4cceptable 5se of Information esources.
RAISE ANY QUESTIONSabout supplier security "it! your business Information #ecurity or
#ourcing 'eader.
ENSURE SUPPLIER CONTRACTS contain specific obligations to protect GE Information before
transferring data. (onitor supplier compliance "it! suc! obligations and "or$ "it! t!e supplier to
correct any deficiencies.
%&A' '( %A'+& (U' ,(R
UNSECURE TRANSMISSION of GE Information to suppliers. 4ll Internet transmissions 2e.g.,
emails3 of GE Confidential and GE estricted information must be encrypted. Contact your
Information #ecurity 'eader for an appropriate met!od of transfer.
ONSITE CONTRACTORS WITH THEIR OWN EQUIPMENT% If a contingent or contract "or$er
"ill !ave access to t!e GE net"or$ for an e1tended period of time 2more t!an one mont!3, t!at
"or$er must be provided "it! GE equipment to perform !is or !er "or$ functions.
SUPPLIER CONTRACTS THAT DO NOT ADDRESS GE(S HANDLING OF SUPPLIER
INFORMATION% #upplier contracts s!ould include any specific obligations GE !as "it! regard to
supplier information, including confidentiality and protection provisions.
GE MSAT Internal
+ompliance %it" '"ese Guidelines
<!ese Guidelines are designed to protect you, your co)"or$ers and GE. :iolation of any portion
of t!ese Guidelines may result in disciplinary action, up to and including termination of
employment "it! GE, if allo"ed under applicable la". :iolations of t!ese Guidelines by
contractors may result in t!e Company requesting t!at t!e contractors employer remove t!e
contractor from t!e GE assignment. <o ensure compliance "it! t!ese Guidelines, GE may
revie", audit, monitor, intercept, access and disclose information processed or stored on GE
Information esources if GE !as legitimate reason to do so and it is permitted by local la" and9or
any local agreements "it! "or$s councils or unions. If t!e Company discovers misconduct,
including criminal activity or violation of t!is or any ot!er GE or GE business policy, any related
files or information may be disclosed to aut!orities.
Raising a +oncern
4ny concerns about t!e appropriate use of GE Information esources s!ould be raised at
!ttp:99security.ge.com or by contacting your supervisor, 8uman esources, -mbudsman, or
business Privacy, Information #ecurity or Compliance 'eader. #uc! concerns may include loss
or misuse of a device 2e.g., a laptop computer or PD43 or unaut!ori.ed s!aring or disclosure of
GE Information.
in/s to (t"er GE and GE 0usiness Guidelines
GE-%IDE GUIDEI*ES
0or an updated list of GE)"ide guidelines addressing t!e use of GE Information esources,
please visit !ttp:99security.ge.com.
0USI*ESS-S$E+I,I+ GUIDEI*ES
Please note t!at your GE business may !ave more stringent guidelines in place affecting your
use of GE Information esources. 0or an updated list of business)specific guidelines, please visit
!ttp:99security.ge.com.
+ontact Information
If you !ave any questions about t!e use of GE Information esources, please contact your
supervisor, 8uman esources or your business Privacy or Information #ecurity 'eader. 0or a
complete list of business contacts, please visit !ttp:99security.ge.com.
I 11111111111111 accept t"e Acceptable Use of GE Information and
Resources and Secrecy and Inventions Agreement as a condition of
employment !it" GEGD+
Associate Name:
Associate signature:
Date:
GE MSAT Internal