Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Acceptable Use Standard

advertisement 
GOVERNANCE TOOL: Acceptable
Use Standard – Global
STANDARD NUMBER: PGC:IT:2013:05.02.01a
SUPERSEDES: PGC:IT:2013:05.02.01
AUTHOR: Information Protection
Services
PAGE 1 OF 4
APPROVED BY: Policy Governance
Council
EFFECTIVE DATE: 06/05/2013
SUPERSEDES: 04/29/2013
Acceptable Use Standard - Global
INTRODUCTION
Starbucks is committed to properly managing and securing all company information. The Global
Information Security and Management Policy guides partners toward the fundamental principles and
requirements of appropriate information management in order to create an environment of discipline and
consistency to manage all Starbucks business information generated across the enterprise.
The Acceptable Use Standard – Global supports the Global Information Security and Management
Policy by providing guidance on how to appropriately use Starbucks electronic communications
systems.
PURPOSE
The purpose of this Standard is to provide requirements for all users of Starbucks electronic
communications systems to appropriately protect Starbucks information and information assets.
SCOPE
This Policy applies globally to all employees (“partners”) of Starbucks and its wholly owned subsidiaries.
DEFINITIONS
Level 1 – Private Information
Any Starbucks information required to be protected by applicable laws or regulations such as SarbanesOxley (SOX) and Payment Card Industry (PCI). Examples of private information include but are not
limited to credit card data, national identification numbers, social security numbers, and passwords.
Level 2 – Confidential Information
Any Starbucks information which, if disclosed, could result in significant financial and reputational
damage to Starbucks and/or its brands. Examples of confidential information include but are not limited
to corporate strategic plans (including mergers and acquisitions), trade secrets, and confidential
memorandum. Confidential Information also includes all partner records that do not contain Private
Information such as performance reviews, offer letters and corrective action forms.
Level 3 – Internal Information
Any Starbucks information which, if disclosed, could result in reputational damage to Starbucks and/or
its brands. Examples of internal information include, but are not limited to internal announcements,
organizational charts, training materials and partner comments.
Level 4 - Public Information
Any Starbucks information intended for public disclosure (e.g., advertisements, company website
materials, published financial statements).
For Internal Use Only
GOVERNANCE TOOL: Acceptable Use Standard – Global
STANDARD NUMBER: PGC:IT:2013:05.02.01a
SUPERSEDES: PGC:IT:2013:05.02.01
AUTHOR: Information Protection Services
PAGE 2 OF 4
APPROVED BY: Policy Governance Council
EFFECTIVE DATE: 06/05/2013
SUPERSEDES: 04/29/2013
Security Incident
An information security event that may compromise business operations or threaten business security.
REQUIREMENTS
The Starbucks electronic communications systems are provided to users at Starbucks expense to assist
them in carrying out the company’s business. Starbucks considers all information transmitted,
processed, or stored on these systems, including email messages, as the property of Starbucks.
Additionally, information stored on Starbucks information systems may be subject to disclosure in a
legal proceeding.
All users should be aware that all information stored, processed or communicated by electronic means
using Starbucks electronic communications systems, whether work-related or personal, is not private.
Starbucks reserves the right to monitor or review electronic information to analyze the use of its
electronic communications systems, obtain business information, monitor performance, assess the need
for and perform training, review compliance with applicable regulatory requirements, for investigative
purposes and use for other business reasons in accordance with applicable law. Additionally, Starbucks
reserves the right to disclose the information collected during such monitoring to any third parties or law
enforcement as appropriate.
While the Starbucks electronic communications systems are intended for business use only, Starbucks
recognizes the occasional need for personal use of certain resources, including the Internet, email and
instant messaging; therefore, some personal usage is permitted at the discretion of management.
Email
Starbucks electronic mail systems must not be used to:
 “Auto-forward” business email to non-Starbucks email account(s)
 Send chain letters
 Solicit for political candidates
 Engage in any illegal, unethical or improper activities (e.g., harassment; gambling; sharing
defamatory, obscene, or offensive materials)
 Conduct any non-Starbucks commercial business
 Disseminate internal mail addresses of partners and non-partner workers to external entities or
mailing lists
 Use Starbucks email addresses to register on social media intended for personal use
Instant Messaging (IM)
 IM technology use is allowed for internal communications within the Starbucks network only.
 IM communications must be through the Starbucks-provided IM technology, which is intended
for work related communications only.
 Starbucks instant messaging systems must not to be used to:
o communicate anything that would be considered a business record
o send Level 1 - Private information or Level 2 - Confidential information.
For Internal Use Only
GOVERNANCE TOOL: Acceptable Use Standard – Global
STANDARD NUMBER: PGC:IT:2013:05.02.01a
SUPERSEDES: PGC:IT:2013:05.02.01
AUTHOR: Information Protection Services
PAGE 3 OF 4
APPROVED BY: Policy Governance Council
EFFECTIVE DATE: 06/05/2013
SUPERSEDES: 04/29/2013
Internet
Users must not:
 Use the Starbucks electronic communications systems to visit or view any web site or download any
information which contains illegal, defamatory, obscene, or offensive material or which would
violate Starbucks equal opportunity and/or anti-harassment policies.
 Use the Starbucks electronic communications systems in any way that would infringe upon the
intellectual property rights of another person.
 Download or install software that is not related to their business function.
Social Media
All partner and non-partner workers must comply with the requirements of the Social Media Standard.
In all cases, accessing, distributing or storing obscene, profane, abusive or otherwise offensive material
using company-provided information technology resources is prohibited.
Partners With Disabilities
Starbucks supports the use of secure, functionally equivalent technologies for partners with disabilities,
provided usage meets the requirements of this Standard.
Reporting A Security Incident
It is the responsibility of every partner and non-partner worker to immediately notify the Enterprise Help
Desk if they notice or suspect any security incident.
Enforcement
Failure to comply with the Global Information Security and Management Policy and related standards
may jeopardize the confidentiality, integrity, and availability of the Starbucks information assets and
may result in disciplinary action up to and including termination of employment.
In addition, if a violation of these policies and standards also constitutes a violation of a law or statute,
such a violation may result in additional penalties and/or legal action.
ASSOCIATED GOVERNANCE TOOLS
Policy
 Global Information Security and Management Policy
Standards
 Information and Records Management Standard
 Information Protection Governance Standard
 Social Media Standard
 Web Accessibility Standard
For Internal Use Only
GOVERNANCE TOOL: Acceptable Use Standard – Global
STANDARD NUMBER: PGC:IT:2013:05.02.01a
SUPERSEDES: PGC:IT:2013:05.02.01
AUTHOR: Information Protection Services
PAGE 4 OF 4
APPROVED BY: Policy Governance Council
EFFECTIVE DATE: 06/05/2013
SUPERSEDES: 04/29/2013
OTHER ASSOCIATED DOCUMENTS
 Information Protection Handbook
REVISION HISTORY
Document
Version
Date
1.0
07/06/2012
2.0
09/05/2012
3.0
04/29/2013
4.0
06/05/2013
Description of Revisions
First Draft
Final version approved by PGC
Final version approved by PGC (email vote)
Final version approved by PGC
For Internal Use Only
Related documents
Shift Supervisor
Shift Supervisor
Starbucks Brand PPT Template
Starbucks Brand PPT Template
Economics (OCR)
Economics (OCR)
Howard Schultz Founder of Starbucks - Indy-Biz
Howard Schultz Founder of Starbucks - Indy-Biz
4 Surprising Tips You Need to Know Before Buying or Selling a House
4 Surprising Tips You Need to Know Before Buying or Selling a House
Starbucks - The China Education Project
Starbucks - The China Education Project
Download
advertisement