TABLE OF MOST VALUED RESPONSIBILITY WORLD CLASS CONTENTS INTRODUCTION PARTNER WINNING TEAM & INTEGRITY PERFORMANCE RESOURCES Back Next Last Page 9 We protect our information systems We honor our commitment to privacy and In our dynamic business, we must use Company assets as safeguarding data DID YOU KNOW? efficiently as possible and remain alert to opportunities to improve Many countries have data privacy laws that govern the appropriate Here are some information security best practices: performance and reduce costs. We are each responsible for the collection and use of personal information. This means information • Keep computer updates current proper use of Company property, facilities, systems, and equipment. that can be used to identify an individual, either alone or when • Only open emails from known senders In addition, we are each responsible for protecting the resources combined with other identifying information, such as email address, • Request permission before installing software entrusted to us. We protect the security of our technology systems physical address, government identification number, or phone • Do not bypass security controls and networks from cybersecurity threats, hacking, service denial number. We recognize the importance that our employees place on • Do not use unauthorized removable storage devices • Keep passwords secure, never share them attacks, ransom demands and theft by adhering to policies and their personal information, and we are committed to fairly, sensitively • Do not trust public Wi-Fi (at airports, hotels, etc.) infosec alerts. and respectfully collecting and using this data while incorporating the • Avoid commingling business and personal files core data privacy principles of lawfulness, transparency, and security. Personal Information is any information relating to If we become aware of a potential or actual cybersecurity issue, we an identified, or identifiable, natural person, or other will immediately report this to the GIS Service Desk. We believe responsible stewardship of personal information and information that constitutes personal data under data helps maintain trust in Applied – whether personal information any applicable law. This includes, for example, name, We use Applied’s systems only for business purposes or incidental of our employees, customers, or other third parties with whom we contact information, national identification number, personal use for lawful, non-commercial activities. We take employee ID, face, fingerprints or handwriting, digital reasonable care and exercise sound judgment about such use do business. We help to maintain that trust by being respectful and identity, birthdays, and IT user credentials. while maintaining our obligation to protect our intellectual transparent, and by following our policies and all applicable data APPLIED VALUES IN ACTION property and confidential information. Because our technology privacy laws, when collecting, using, processing, storing, or disclosing systems are owned and controlled by Applied and are intended for personal information. Can I use my company computer to check my personal email and blogs? business uses, we have no expectation of privacy, subject to local As Applied employees, each of us is responsible for ensuring Some incidental personal use of company resources law and policy, with respect to any communication and data. This compliance with applicable laws and regulations, contractual is permitted, but if you wish to engage in discussion includes the information that we access, store, or transmit through obligations, and company policies when handling personal or promotion of political, social, religious, personal, the systems, networks, and devices during the course of our information and business partner data. When questions, issues, financial, or commercial views, you must do so on employment with Applied. or concerns arise, we consult a member of the Privacy & Data non-work personal time using your own personal email account and equipment. We ensure personal use of Applied’s systems does not conflict Governance team or others in the Legal & Compliance Organization. FIND OUT MORE: with the company’s interests, violate these Standards of Business Conduct, create security or legal risk, or associate the company with Document Retention Policy religious, political, or commercial messages that it has not approved. Global Internal Privacy Policy Global Security Image Taking & Audio Recording Policy Information Systems Security Governance Policy help/ privacy/