Professional Documents
Culture Documents
August 2011
Document Revisions
Document Version Revisions By Date
1.0
Susan Shyllon
2004
2.0
Theresa Murray
March 2009
2.1
Theresa Murray
May 2011
2.2
Theresa Murray
August 2011
Revision History
Page 2 of 10
Contents
1 2 3 4 5 6 7 8 9 Introduction................................................................................................................................................... 4 Information Security .................................................................................................................................... 5 IT Hardware ................................................................................................................................................... 5 Software......................................................................................................................................................... 6 Electronic mail and the Internet ................................................................................................................. 6 Use and Protection of Data......................................................................................................................... 8 Anti-Virus Protection ................................................................................................................................... 8 Sustainability ................................................................................................................................................ 9 User Acknowledgement ............................................................................................................................ 10
Page 3 of 10
1 Introduction
This document details user responsibilities for maintaining the security, integrity and confidentiality of Jones Lang LaSalle IT systems (hardware, software and data). Telecoms e.g. (Mobile and Blackberry), voicemail, email, computers and the data/documents stored on them are and remain at all times Jones Lang LaSalle property. As such all voicemail, email messages or Internet messages and related data/documents created, sent and received are and remain Jones Lang LaSalle property. All business processes and software remain the intellectual property of Jones Lang LaSalle. Compliance with the policies and procedures detailed below is mandatory for all Jones Lang LaSalle Group employees in EMEA (including LaSalle Investment Management), and for contractors, subcontractors and anyone else who has access to our IT systems and data. Failure to comply with these policies could lead to the instigation of disciplinary measures, up to and including termination of employment or and/or legal action. User Accounts and access to IT systems
From the date of issue of this document, written agreement to comply with the policies contained
all actions taken using their accounts. A user account will be provided to everyone who is required to have access to Jones Lang LaSalles IT systems, including temporary staff or authorised third parties.
Unauthorised access to complete systems, programs, files or messages is strictly prohibited. Unauthorised review, duplication, dissemination, removal, damage or alteration of files, passwords,
computer systems, programs, voicemail message or other company property is strictly prohibited, as is the use of information obtained by unauthorised means. You must:
Change your password from the default provided by the IT Helpdesk or local IT personnel the same
day as advised.
Select a secure password, which you change on a regular basis (at least every 3 months), even if
Page 4 of 10
2 Information Security
Users of the companys IT systems are expected to remain vigilant for possible fraudulent activity and any actual or suspected information security incidents or breaches must be reported immediately to your manager and to the IT Helpdesk or local IT personnel. A security incident or breach exists:
If sensitive, confidential, and/or private information is or is believed to be lost or disclosed to
stolen or disclosed.
Unusual systems behaviour, such as missing files, frequent system crashes, misrouted messages,
3 IT Hardware
You are responsible for all IT and telecom equipment assigned to you, the company will be entitled to make a claim against you for any damage to or loss of IT equipment through your own carelessness. Do not:
Leave laptops visible and unattended when not in use (e.g. in parked cars, on public transport, or in
public places).
Leave your machine unattended when you are logged onto the companys systems, unless your
personnel.
Allow anyone not employed by or contracted to Jones Lang LaSalle to use any IT equipment
kept out of sight in a secure location, this includes when at home or in the office.
Store sensitive employee / personal data on hard drives. Leave laptops unattended / unsecured while travelling.
Do:
Minimise the use of thumb drives or CDs/DVDs for confidential data. Erase data from portable devices such as memory sticks / thumb drives after intended use.
Page 5 of 10
Consider the use of password protection and encryption software for portable devices such as
Policy Manual, which can be found on Jones Lang LaSalle Connect site: Policy 39 Lost, stolen or damaged equipment
Lost, stolen or damaged IT and telecoms equipment must be reported to your manager and to the IT
Helpdesk or local IT personnel. Loss due to theft should also be reported to the police and a crime number obtained so that a claim can be made against the companys insurance policy.
Loss of confidential or sensitive data must be reported immediately to your manager and to the IT
4 Software
The use of unlicensed software constitutes a breach of the software suppliers copyright, and both the company and the individual responsible can be prosecuted where unlicensed software is discovered. Do not:
Load software from any source on to a Jones Lang LaSalle PC without prior authorisation from the IT
Helpdesk or local IT personnel. This includes software needed to fulfil a specific business requirement, clients software, and software downloaded from the Internet.
Remove software licensed to Jones Lang LaSalle from the companys premises, without the express
responsibility and are advised not to send email messages, or access any Internet sites that they would not wish to be seen by other members of the company. Email and Internet Monitoring Users should be aware that:
Access to specific categories of Internet sites is blocked. Access to individual Internet sites blocked
under this policy will require approval by the Business Unit Head, IT Manager or IT Business Systems Manager (BSM).
Email traffic is monitored to ensure optimum delivery, and to protect our systems from viruses and
Trojans.
Individual email and Internet use is not normally monitored, however the company reserves the right
to monitor an individuals Internet and email use where such use is believed to: o Be detrimental to the users job responsibilities, o Risk compromising the companys reputation and business interests, or o Expose the individual, the company or its clients to prosecution for illegal activities.
Monitoring of an individuals account will only be carried out at the request of a Business Unit or
Country Head, and after approval by the regional Chief Information Officer. Email and Internet Use Policies Jones Lang LaSalles Internet and electronic mail facilities must never be used to access, download or distribute material of a pornographic, defamatory, derogatory, racist, sexist or otherwise discriminatory , illegal or offensive nature. Furthermore, Internet and electronic mail systems must never be used to solicit for non-job related commercial ventures, religious or political causes, or any other cause not related to the companys business. Do not:
Append your scanned signature to any document you send electronically. Launch emailed attachments if you do not usually correspond with the sender, if the subject header
or attachment name is vague or non-business related, or if the attachment has an unusual extension such as .exe, .vbs or .bat. If a message you receive falls into any of these categories, contact the IT Helpdesk or local IT personnel immediately for advice.
Use distribution list for non-business related communication. Send unsolicited email messages (junk mail or spam), or forward or propagate chain letters. Send virus warnings to other members of staff. Contact the IT Helpdesk or local IT personnel who
Social Media Guidelines Even when you are communicating your personal opinion, if your audience can associate you with Jones Lang LaSalle, you are acting as a spokesperson for the company (whether you intend to or not). Guidelines have been issued for use of Social Media Internet Sites (Appendix A) and forms part of the Information Technology Use Policy (Corporate Governance Policy No 14). Policy No 14 can be found on the Jones Lang LaSalle Connect Technology EMEA site under Global Security Policies. For access to Appendix A Social Media Guidelines follow the link below. Appendix A - Social Media Guidelines
Ctrl-Alt -Del).
Have your screen visible to other people when working on confidential or classified material in public
places.
Alter or delete data owned by another user, without their prior knowledge and consent. Leave confidential material lying unattended at a printer, photocopier or fax machine.
Do:
Utilise password to protect documents containing confidential or business sensitive documentation.
Data Protection Legislation Be aware that legislation covering the retention and transfer of data in particular, personal data varies from country to country. In accordance with data protection requirements, personal data must not be unfairly obtained or used for a purpose other than that for which it was provided. Please see local country data protection and retention policies for further details.
7 Anti-Virus Protection
Page 8 of 10 EMEA IT Code of Practice v. 2.2
Do Not:
Personally install any new software on to a Jones Lang LaSalle computer. Contact the IT Helpdesk
with the sender, if the attachment has an extension such as .exe, .vbs or .bat, of if the message header or attachment name if vague or non-business related. If you suspect that your machine is infected with a virus, report it to the IT Helpdesk or local IT personnel.
8 Sustainability
As part of Jones Lang LaSalle's Sustainability Policy you have a role in reducing the environmental impacts of our business operations.
Do:
Switch off IT equipment when not required for long periods of time, for example overnight. This
travel
Return equipment no longer used or required for distribution elsewhere, for example this includes
mobile telephones, Blackberrys, PDAs and laptops For further information concerning the above please contact the IT department via your local IT Helpdesk.
Page 9 of 10
9 User Acknowledgement
I hereby confirm that I have read, understood and agree to the EMEA Information Technology Code of Practice. I realise that Jones Lang LaSalles security software records any Internet site that I visit and any network activity in which I transmit or receive any kind of file or message. I acknowledge that any email I send or receive will be recorded and stored in an archive file. I understand that compliance with the policies and procedure detailed above is mandatory for all Jones Lang LaSalle Group employees in EMEA (including LaSalle Investment Management), and for contractors, sub-contractors and anyone else who has access to their IT systems and failure to comply with these policies could lead to the instigation of disciplinary measures, up to and including termination of employment and/or legal action.
COPYRIGHT JONES LANG LASALLE IP, INC. 2011. This publication is the sole property of Jones Lang LaSalle IP, Inc. and must not be copied, reproduced or transmitted in any form or by any means, either in whole or in part, without the prior written consent of Jones Lang LaSalle IP, Inc. The information contained in this publication has been obtained from sources generally regarded to be reliable. However, no representation is made, or warranty given, in respect of the accuracy of this information. We would like to be informed of any inaccuracies so that we may correct them. Jones Lang LaSalle does not accept any liability in negligence or otherwise for any loss or damage suffered by any party resulting from reliance on this publication.
Page 10 of 10