Transcription
BUSINESS CONDUCT GUIDELINESTrust Comes First
Table of Contents1.Trust Means We Commit toIntegrity and Compliance2.7. Managing Personal Information2.8. Leaving IBM1.1. Our Values and the Business Conduct Guidelines1.2. The Importance of Integrity and Compliance1.3. Speaking Up – Where and How to Report1.4. Cooperation1.5. No Retaliation1.6. External Inquiries, Contacts and Communications1.7. Speaking Publicly and Social Media2.2.6. Protecting Assets, Business Interests and Employees3.Trust Means We Protect IBMEmployees, IBM Assets andthe Assets Belonging to Others2.1. Maintaining a Safe and Productive Work Environment2.2. Protecting and Using IBM Assets and Those Owned byOthers2.3. Sharing and Receiving Proprietary and ConfidentialInformation2.4. Avoiding Inadvertent Disclosure2.5. Guarding Against CyberthreatsTrust Means We RespectIntellectual Property Rights3.1. Protecting IBM Intellectual Property3.2. Using Third-Party Software, Apps, Cloud-Based Servicesand Data3.3. Using Open Source Software3.4. Developing Applications for Mobile Devices3.5. Protecting Trademarks and Domain Names4.Trust Means We Are Honest,Accurate and Complete4.1. Be Honest4.2. Reporting and Recording Information4.3. Understanding Financial Controls and Reporting4.4. Making Commitments and Obtaining Approvals4.5. Retaining Records2IBM BUSINESS CONDUCT GUIDELINES
5.Trust Means We Compete,Win Business and Treat OthersEthically6.6. Visiting IBM Property – Government Officials andCandidates for Public Office6.7. Complying with International Trade Requirements6.8. Complying with Antiboycott Requirements6.9. Meeting Cross-Border Travel Requirements5.1. Working with Organizations Outside of IBM6.10. Protecting the Environment5.2. Working with Government Entities and GOEs5.3. Working with Suppliers5.4. Working with IBM Business Partners, Resellers andOthers5.5. Dealing with Competitors5.6. Competing Ethically5.7. Acquiring and Using Information About Others6.7.6.2. Giving and Receiving Business Amenities and Gifts6.3. Avoiding Money Laundering and Funding Terrorist Activities6.4. Selling in the Public Sector6.5. Lobbying7.1. Acting on Your Own Time7.2. Avoiding Conflicts of InterestTrust Means We Meet Our LegalObligations6.1. Protecting Against CorruptionTrust Means We Separate OurPersonal Interests from OurBusiness Responsibilities7.3. Steering Clear of Insider Trading7.4. Participating in Public Service and Political Activity8.Notice of Certain Additional Rights;Resources8.1. Other IBM Policies, Directives and GuidelinesIBM BUSINESS CONDUCT GUIDELINES3
4IBM BUSINESS CONDUCT GUIDELINES
Letter from ArvindIf we think of IBM’s values as our ethical compass, then the BusinessConduct Guidelines are our roadmap. They are inspired by IBMers’ corevalue of “trust and personal responsibility in all relationships.” They governour interactions with clients, business partners, suppliers, developers,investors, teammates and communities. They support us as we strive tooperate with integrity at all times.As you review the current Business Conduct Guidelines, I ask you to takea moment to reflect on how they apply today to your individual role at IBM.Think about their relevance to the products you develop. To the regulatoryenvironments you encounter. And to the daily interactions you have withothers, both inside and outside our company.Our commitment to the responsible stewardship of IBM’s values is partof what makes us a unique and enduring company. Our longstandingreputation for ethics and integrity – built over more than a century– provides a foundation to continue IBM’s essential role in businessand society, today and in the years to come. We are all keepers of thisimportant legacy. Your thorough understanding and application of ourBusiness Conduct Guidelines is one of the most critical ways we can upholdthis responsibility.Thank you for your dedication to these principles, and for everything you doto make IBM the world’s most trusted technology partner.Arvind Krishna,Chairman and Chief Executive OfficerIBM BUSINESS CONDUCT GUIDELINES5
1.6IBM BUSINESS CONDUCT GUIDELINES
Trust Means We Commit to Integrityand Compliance1.1 Our Values and the Business Conduct GuidelinesIBM has long been recognized as one of the world’s most ethical companies.For more than one hundred years, we’ve repeatedly reinvented ourselves tomeet new challenges. What always has remained unchanged is ourunwavering commitment to integrity.Our IBM Values serve as a solid foundation for the business choices we make.The Business Conduct Guidelines (BCGs) provide general guidance forresolving a variety of legal and ethical issues.IBM’s Values:Dedication toevery client’ssuccessInnovation thatmatters—for ourcompany and forthe worldTrust and personalresponsibility inall relationshipsIBM BUSINESS CONDUCT GUIDELINES7
1. TRUST MEANS WE COMMIT TO INTEGRITY AND COMPLIANCE1.2 The Importance of Integrityand ComplianceWatch out!As our business continues to transform, you may find yourselfworking in exciting new areas like healthcare, financialservices, education or mobile application development, someof which are highly regulated. Any change in your workresponsibilities may carry new responsibilities under the BCGsor new legal requirements.Integrity and compliance are vital to IBM’s success – and yours. Ourintegrity, reputation and brand are in your hands, and we rely on you toprotect them!No matter where your workplace is – whether you work with IBMers,clients, Business Partners, suppliers or other parties in person, over thephone, online or by any other means – follow our Values, the BCGs andother applicable IBM corporate directives, such as IBM policies, corporateinstructions and guidelines (Corporate Directives). And comply with all lawsand regulations that apply to IBM’s business.Always use good judgment in your work. If you have questions aboutinterpreting or applying the BCGs, Corporate Directives, or laws andregulations applicable to IBM, don’t guess. Ask for help. It’s yourresponsibility to consult your manager or IBM Counsel, or use one of theIBM Communication Channels.If you violate the BCGs, other Corporate Directives or the law, IBM maytake any action regarding your employment, including termination ofemployment, subject to applicable law. Failing to comply with laws couldalso result in fines, lawsuits, loss of business privileges and, in somecases, imprisonment.1.3 Speaking Up – Where and How to ReportIBM expects IBMers like you to report potential wrongdoing – whether aviolation of the BCGs or other unethical or unlawful conduct involving IBM.If you are aware of or suspect a violation of the BCGs or other unethical orunlawful conduct, immediately report the matter through any of IBM’sCommunication Channels:›› IBM Human Resources› IBM’s Concerns & Appeals programs› IBM Corporate Assurance and Advisory Services for violations related tofinancial recording and reporting, business process violations andinappropriate use of assets› IBM Corporate Security for threats or acts of violence, loss or theft of IBMassets, or violation of law on IBM premises› IBM Corporate Health & Safety for work-related health and safety issues8IBM BUSINESS CONDUCT GUIDELINES
1. TRUST MEANS WE COMMIT TO INTEGRITY AND COMPLIANCE› IBM Cybersecurity Incident Response Team (CSIRT) for cybersecurity ordata incidents, potential or actual system and data breaches andinadvertent disclosures› IBM Counsel› IBM Trust & Compliance› IBM Government & Regulatory AffairsIBM will promptly review your report of actual or potential violations of theBCGs or other unlawful or unethical conduct. IBM will not tolerate threatsor acts of retaliation against you for making any reports.Did you know?IBM’s Concerns & Appeals programs include “Open Door” to highermanagement and “Confidentially Speaking,” which lets you raiseyour concern anonymously. Submit your concerns online or bye-mail, regular mail or phone. Also, an employee is not prohibitedfrom reporting possible violations of law or regulation to agovernment agency, as permitted by law.1.4 CooperationIBM needs your cooperation to conduct investigations and audits for IBM’sinternal controls and to respond to inquiries, audits or investigations byclients, regulators or others. You must fully cooperate in these matters. Forexample, promptly, completely and truthfully comply with all IBMrequests; participate in meetings and interviews in a timely manner whenrequested; and provide and keep all relevant information (electronic orotherwise) as directed by IBM.1.5 No RetaliationIBM prohibits threats or acts of retaliation for (1) reporting in good faithpotential wrongdoing or inappropriate behavior, (2) refusing to act inviolation of the Business Conduct Guidelines, Corporate Directives or law,or (3) cooperating with an investigation. If you believe you have beenretaliated against, report it through one of the IBM CommunicationChannels, and IBM will take appropriate action.IBM BUSINESS CONDUCT GUIDELINES9
1. TRUST MEANS WE COMMIT TO INTEGRITY AND COMPLIANCE1.6 External Inquiries, Contactsand CommunicationsIBM’s business is monitored by journalists, consultants, IT and securitiesanalysts, investors, regulators and others. These people may see you ashaving valuable expertise, and they may ask you to give your insights to them,with or without compensation. If contacted, do not respond to them for IBM,whether in person, online through social media, by telephone or otherwise.Instead, promptly notify the contacts below to identify both the appropriateperson to respond and the appropriate response:› IBM Communications, if contacted by journalists or bloggers1.7 Speaking Publicly and Social MediaWhen you speak out in a public forum or on social media, you must make itclear that you do so as an individual. Do not give the appearance of speakingor acting on IBM’s behalf – only certain people are authorized to do so.Anything said or written in public – from the town square to social mediasites – will remain accessible longer than you intended, and may be read atany time by anyone – whether a client, competitor, colleague, journalist,investor or regulator. When using social media, follow IBM’s SocialComputing Guidelines. Be sure also to follow the IBM Social BrandStandards authorization process and obtain your manager’s approval beforecreating a social handle using IBM’s name, trademarks or product names.› IBM Analyst Relations, if contacted by consultants or IT analysts› IBM Investor Relations, if contacted by securities analysts or investors› IBM Corporate Environmental Affairs, if contacted by environmentalgroups, government agencies, business associations, or individuals aboutany matter involving environmental policy, declarations, principles,practices, or programs› IBM Government and Regulatory Affairs, if contacted about public policy orlobbying matters› IBM Counsel, if you receive a request for information, a legal notice or anaudit request related to IBM’s business from a client, attorney, investigator,law enforcement or other government official or if you are asked to testifyon behalf of IBM in a legal proceeding or before an agency, legislative orother public hearingNothing in the BCGs prohibits you from communicating directly with anygovernment agency or entity, without prior consent of, or notification to, IBMto the extent permitted by law and applicable rules of professionalresponsibility.10IBM BUSINESS CONDUCT GUIDELINESTake note!If you, as an IBMer, wish to, or are asked to speak at an event: Even if you are simply attending an event (not as speaker), beaware that you are not authorized to speak on IBM’s behalf tothe media or analysts/investors in attendance. Forward anyinquiries you receive to IBM Media Relations or IBM InvestorRelations, respectively.
2.IBM BUSINESS CONDUCT GUIDELINES11
Trust Means We Protect IBM Employees,IBM Assets and Assets Belonging to Others2.1 Maintaining a Safe and Productive WorkEnvironmentIBM strives to maintain for its employees a healthy, safe and productive workenvironment free from discrimination and harassment, whether based onrace, color, religion, gender, gender identity or expression, sexual orientation,pregnancy, national origin, genetics, disability, age or any other factors thatare unrelated to IBM’s legitimate business interests. IBM will not toleratesexual advances or comments, racial or religious slurs or jokes, or any otherconduct, such as bullying, that creates or encourages an offensive orintimidating work environment.Other prohibited conduct, because of its adverse impact on the workenvironment, includes the following:› Threats or violent behavior› Possession of weapons of any type› A manager having a romantic relationship with a subordinate› Discrimination against any employee on the basis of any element ofdiversity› Use, distribution, sale or possession of illegal drugs or any other controlledsubstance, except for approved medical purposes12IBM BUSINESS CONDUCT GUIDELINES› Being under the influence of illegal drugs, controlled substances used fornon-medical purposes, or alcoholic beverages in the workplace› Consumption of alcoholic beverages on IBM premises, unless approved inadvance by your managerTake note!You may not make audio or visual recordings in the workenvironment, unless approved in advance by managementbecause doing so could result in inappropriate disclosure ofproprietary or confidential information, violate applicable lawand/or infringe the privacy of others.
2. TRUST MEANS WE PROTECT IBM EMPLOYEES, IBM ASSETS AND ASSETS BELONGING TO OTHERSIf you believe you are the victim of prohibited workplace conduct, contact theTalk it Over @ IBM team or report it using one of the IBM CommunicationChannels.If IBM management finds that your conduct on or off the job adversely affectsothers or your ability to perform your job, IBM may take any action regarding youremployment, including termination of employment, subject to applicable law.RememberYou play a critical role in identifying, eliminating andcontrolling health and safety risks. Take reasonable care foryour health and safety and that of others. Maintain accurate emergency contact information,including your mobile phone number, in the IBMer Safe tool,so that IBM may contact you in the event of an emergency.You must use IBM assets, including IBM premises and facilities and physicalassets and systems, only for IBM’s legitimate business purposes. IBM’sphysical assets and systems include devices such as laptops, tablets andsmartphones, information and communication systems, and connections tothe Internet. Incidental personal use of physical assets and systems ispermitted, however, if it is limited in duration, does not violate companypolicies, and does not affect your productivity or the productivity of others.Do not use IBM assets in ways that violate the law, that are inconsistentwith IBM’s business interests or to visit Internet sites that feature sexualcontent or gambling, or that advocate intolerance of others.Use assets belonging to others, including clients, only to the extentpermitted by the other party; make sure you fully understand and follow theother party’s terms and agreements as well as any laws that may restrictaccess to the assets based on privacy, citizenship or other requirements. Report unsafe conditions, accidents and near missesthrough your local process at Health & Safety @ IBM.2.2 Protecting and Using IBM Assetsand Those Owned by OthersIBM has extensive assets of great value. They are critical to IBM’s success inthe marketplace, and we rely on you to protect them.IBM’s assets include, for example, physical assets and systems that IBMmakes available to IBMers for work, IBM facilities and premises, IBM’sproprietary and confidential information and IBM intellectual property. Ourbusiness may also require us to access and use assets belonging to others,such as their proprietary and confidential information, intellectual property,systems, data or tools.IBM BUSINESS CONDUCT GUIDELINES13
2. TRUST MEANS WE PROTECT IBM EMPLOYEES, IBM ASSETS AND ASSETS BELONGING TO OTHERS2.3 Sharing and Receiving Proprietaryand Confidential InformationIBM’s proprietary information and intellectual property are IBM assets. Theyare the result of the hard work and innovation of many IBMers, and they giveIBM a competitive advantage.Some IBM proprietary information is confidential; often, such information isalso subject to copyright, patent, trademark, trade secret or other intellectualproperty or legal rights. You may not share IBM confidential information with,or accept confidential information from, another party unless your managerhas approved and IBM and the other party have signed a confidentiality orother suitable agreement approved by IBM Counsel.Improper disclosure of IBM proprietary or confidential information couldthreaten IBM’s competitive advantage. Follow all IBM safeguards forprotecting that information and share it only as authorized by IBM.RememberIBM proprietary information is any information that IBM owns,including: Information about current and future products, services orresearch and development Business plans or projections, such as potential acquisitionsor divestitures, or unannounced strategies or prospects Information in our online repositories and databases14IBM BUSINESS CONDUCT GUIDELINESWhat should I do ifI rec e i v e prop rieta ryor confid en tia linforma tionb elonging to ano th e r?Proceed with caution to prevent any accusationthat IBM misappropriated or misused theinformation. If you have a question about what todo if you receive an unsolicited email that includesproprietary information, contact IBM Counsel andbe sure not to forward the email.
2. TRUST MEANS WE PROTECT IBM EMPLOYEES, IBM ASSETS AND ASSETS BELONGING TO OTHERS2.4 Avoiding Inadvertent Disclosure2.5 Guarding Against CyberthreatsBe careful to avoid inadvertent disclosure of proprietary and confidentialinformation, whether owned by IBM or others. Do not discuss this informationwith, or in earshot of, any unauthorized person, including family members orfriends. They might – innocently or otherwise – pass the information on tosomeone else.Third parties, like our clients, trust IBM with their data and other assets, andwe rely on you to protect them – as well as IBM’s own data and assets.Take note!To protect IBM assets, including data and proprietary andconfidential information, and assets belonging to others,take the following precautions:Violating IBM’s information security policies puts IBM assets, and assetsbelonging to others, like client data, at risk. Even well-intentioned actions,such as creating workarounds and shortcuts to improve service delivery ordownloading unapproved third-party software, can violate IBM and clientsecurity policies and result in IT or data security breaches.If you are aware of or suspect an IT or data security issue or incident, orany loss of assets, including data, belonging to IBM or others, report itimmediately by calling the IBM Help Desk and selecting the “CybersecurityIncident” option. Follow IBM’s information security policies, controls andprocesses. Never share passwords. Register all devices used for IBM business purposes, such aslaptops, mobile phones, servers and personally ownedelectronic devices, such as smartphones and portablestorage media, as required by IBM policy. Follow the special legal or other requirements that apply tocertain types of data, like health information. Participate in scheduled IBM cybersecurity training. Do not use any personal accounts (email, instant messaging,social media, cloud storage, videotelephony etc.) to conductIBM business.IBM BUSINESS CONDUCT GUIDELINES15
2. TRUST MEANS WE PROTECT IBM EMPLOYEES, IBM ASSETS AND ASSETS BELONGING TO OTHERS2.6 Protecting Assets, Business Interests andEmployeesWe rely on you to protect IBM’s and others’ assets.IBM does n
Integrity and Compliance 1.1. Our Values and the Business Conduct Guidelines 1.2. The Importance of Integrity and Compliance 1.3. Speaking Up – Where and How to Report 1.4. Cooperation 1.5. No Retaliation 1.6. External Inquiries, Contacts and Communications 1.7. Speaking Publicly and Social Media 2. Trust Means We Protect
