Escolar Documentos
Profissional Documentos
Cultura Documentos
1. Types of Information.
Information About our Company.
This includes information about our business plans and how we operate, such as product
research, specifications, pricing, business strategies, non-public financial information, trade
secrets, intellectual property, marketing plans, etc.
Requirements for Safeguarding Trade Secrets
Page 1 of 5
Corporate Policy 13.0: Information Management and Protection
2. Classification of Information.
Classify information at the time of creation (or receipt, if not already classified). Label it
using an approved classification label (Sensitive, Confidential, Proprietary or Public).
Maintain that classification throughout its lifecycle and manage it in the manner directed.
Apply Merck Privacy standards to make sure that personal information is classified, labeled
and managed appropriately.
Information Classification, Handling, and Retirement Functional Policy
4. Quality of Information.
Keep information accurate. The value of information depends on its accuracy. As information is
copied or maintained over time, preserve its integrity and amend any inaccurate or outdated
information.
GxP Data Governance and Integrity Standard
Page 2 of 5
Corporate Policy 13.0: Information Management and Protection
Risk Assessment
If you are responsible for Merck processes and systems that use information about our
company, people or others outside of Merck, you must ensure that the information is
managed and protected. Request an Information Risk Assessment for all new systems and
processes. Request a Privacy Risk and Controls Assessment for all systems and processes
that use personal information. Assessments must also be done before substantive
modifications to any systems or processes that handle or store Merck information.
Request Information Risk Assessment for New System or Process
Request Privacy Risk and Controls Assessment for System or Process Using Personal
Information
7. Speak Up.
You are Merck. Protect the reputation weve earned as a company that operates with integrity
and report any conduct that could put our reputation at risk. If you see or suspect improper,
Page 3 of 5
Corporate Policy 13.0: Information Management and Protection
unethical or illegal activity, talk to your manager, Office of Ethics or other Merck resource (e.g.,
Compliance, Legal, or Human Resources), to discuss your concerns confidentially without fear of
retaliation or, where permitted by law, call the AdviceLine.
To uphold the Company's commitment to ethics, integrity and compliance with laws,
regulations, Company policy and the Company's Code of Conduct (Our Values and Standards),
actions inconsistent with this policy shall be subject to Corporate Policy: Reporting and
Responding to Misconduct.
Be aware that procedures for applying our policy may vary from location to location. Whenever a local
law, regulation, or industry code is more restrictive, follow the more restrictive standard.
Personal information. Any data about an identified or identifiable individual, including data that
identifies an individual or that could be used to identify, locate, track, or contact an individual. Personal
information includes both directly identifiable information such as a name, identification number or
unique job title, and indirectly identifiable information such as date of birth, unique mobile or wearable
device identifier, telephone number as well as key-coded data.
Trade Secrets. Information, including intellectual property, that Merck keeps secret to give Merck an
advantage over its competitors. The protection of a Trade Secret can last indefinitely, and requires the
owner to actively protect the information. Trade Secrets are not protected by intellectual property
laws, although Business Trade Secrets involving data about customers, patients or other people may be
protected by privacy and data protection laws; protection for Trade Secrets is primarily done by non-
disclosure.
Third Parties. Any non-Merck employee or entity authorized by Merck to carry out some or all of a
business activity.
Page 4 of 5
Corporate Policy 13.0: Information Management and Protection
Revision History
Revision Short Description of Revision Translation
Number Required
(Y/N)
1.1 Updated hyperlinks to acceptable use requirements, risk assessment N
process, and information risk management policy page.
2.0 Updated hyperlink to Merck Privacy Standards, 13.2 Global Privacy & Data Y
Protection; new definition of Personal Information per requirement of
regulators. Updated language versions will be forthcoming.
2.1 Standardization and simplification of Corporate Policy Footers - Footers for N
language version of policy maintained in English. Revision History log
maintained in English Version only. Content Owner and Contact updated to
Scott Taylor. Replaced Content Owner Allen Phelps with Ken Deitz.
Modified Date Established and Next Compliance Summit Assessment
to reflect January 2015 launch of new policy framework.
2.2 Updated the Personal and Professional Use of Social Media and Request N
Info Risk Assessment for New System or Process links.
2.3 Included hyperlink under section 4.0 for new GxP Data Goveranance and N
Integrity standard.
Page 5 of 5