Employee Handbook (HBEU) - HSBC careers site

connect (physically or by any type of wireless) any unauthorised device to the bank’scomputer systems or networks. No personal data storage device is to be attached tothe bank’s systems without prior management approval and without ensuring that theappropriate security controls for data storage are applied (A personal data storagedevice is defined as any non bank owned device that has the capability to have datatransferred and stored on it);take photographs that infringe personal privacy or customer or client confidentiality(for example on special occasions, at award ceremonies etc), or that compromise thesecurity of employees, customers, clients, premises and equipment;use mobile phones in areas such as computer rooms, network rooms and tradingfloors where their use may cause distraction or a breach of security or complianceregulations. Relevant business specific or local instructions should be followed.Digital recording devices such as floppy discs, CDs and DVDs should only be used to storebank and/or Group information if there is no other alternative. Devices of this type arevulnerable to compromise and can be easily read. You must consider carefully the risks ofstoring sensitive information on mobile recording devices and the potential danger to the bankif the information is lost. As a matter of course, if documents are being physically transported,they should be password protected. If in any doubt, err on the side of caution and do not usethese devices until you have spoken to your line manager for advice.Mobile recording devices should never hold the only copy of information stored. Another copymust always exist on a bank owned computer to provide contingency.In all circumstances local management may restrict use of these devices further if it isdeemed appropriate and in the interests of the security of the bank and/or Group’s informationand the protection of employees, customers and clients.Unauthorised software comprises any software that is not on the Group's IT list of approvedsoftware or which has not been procured via the Purchasing Department (or futureequivalent) and includes any unsolicited software, demonstration software that has not beenpreviously checked by Group IT Security and any software that is delivered in such a way thatit may have been tampered with.You are required to act in accordance with the bank's policies and guidelines on the securityof information and the use of information technology at all times. Security Guidelines on theregulations and procedures regarding information technology are encapsulated in thedocument entitled Group IT Security Standards which is available on the Group IT intranetunder IT Security, Group IT Security Awareness.The policy explaining the appropriate use of Group e-mail systems and the Internet, and alsowhat is inappropriate use, is contained in the HR Procedures Manual (Internet, email andcompany mobile phones), which is available on the bank’s intranet and in the Security andFraud Functional Instruction Manual. You should note that the bank may monitor the contentof emails and other electronic messages sent from its property. The bank will also monitorInternet use and content when using the internet.Failure to comply with any of these requirements and, in particular, the use of unauthorisedsoftware on Group equipment is an extremely serious violation of your terms and conditionsof employment. Any such failure is likely to lead to disciplinary action and may result in yourdismissal for gross misconduct.3.12 Health, Safety and FireThe bank attaches the greatest importance to the health, safety and welfare of its employeesat work. Every effort is made to provide safe working conditions and to prevent fire or otherdamage.