Page 48 - Ipsos
P. 48

Information Classification: Internal Use
                                                                      Ipsos Book of Policies & Procedures

                                 o  Staff evaluation & information,
                                 o  All Ipsos budgets and financial information, not available on Ipsos.com,
                                 o  Trade secrets,

                                 o  Mergers and acquisitions,
                                 o  Contracts.

                   -  Internal use is the information which is not designated for distribution outside Ipsos and which
                      is  intended  only  for  internal  /  authorized  use.  The  unauthorized  disclosure,  modification  or
                      destruction  could  impact  the  Ipsos  business  (e.g.  work-related  information);  Internal  Use
                      Information  may  be  distributed  to  Ipsos  clients  or  vendors  who  have  signed  NDAs  or
                      agreements with Ipsos standard confidentiality provisions and protection of Ipsos intellectual
                      property provisions.

                   -  Public  is  intended  for  distribution  outside  of  Ipsos.  (Information  posted  on  Ipsos  Websites
                      (external - public websites); Advertising materials (including Job advertising); certain materials
                      / presentations.)


                   4.2    Information Labeling Policy

                   Information should be classified to indicate the need, priorities and expected degree of protection
                   when  handling  the  information.  The  information  is  classified  in  terms  of  its  value,  legal
                   requirements, sensitivity and criticality into:


                                       Information Classification        Label
                                       Strictly Confidential      Strictly Confidential

                                       Internal Use                     No label
                                       Public                            Public


                   5.0  Information Handling Policy

                   All Ipsos employees will consider the usage rules below when dealing with information managed
                   by Ipsos. If additional rules/requirements are identified by the Asset Owners, these rules will be
                   communicated to all interested parties prior to disseminating the information concerned.

                         5.1    Access, Storage and Control of Strictly Confidential Information

                   -  Only those employees who are directly authorized to work on a project/task and handle Strictly
                      Confidential Information may do so.
                   -  Employees  may  only  access    Strictly  Confidential  Information,  if  it  is  strictly  necessary  in
                      connection with their job responsibilities (“need to work, need to know” principle)
                   -  Strictly Confidential Information in electronic format will be encrypted and/ or the access to the
                      information platform have appropriate logical access controls
                   -  Strictly  Confidential  Information  can  only  be  stored  on  an  Ipsos  owned  or  controlled  server
                      with appropriate logical access controls in place.


                                                   Page 8 of 22
   43   44   45   46   47   48   49   50   51   52   53