We are committed to protecting personal and corporate security by increasing cybersecurity awareness and taking measures to protect our technology, systems and digital assets.
All BHP hardware, software and data is the property of BHP, this includes data stored on both personal and BHP devices.
The safeguarding of our technology systems and data is the responsibility of all employees and anyone who conducts business on behalf of our Company.
The use of BHP technology and systems will be monitored, reported and, where required, blocked without notice to mitigate risk and comply with relevant laws, regulations and standards. Data stored on BHP technology systems may be accessed, reviewed or disclosed for the purposes of maintenance, business needs or to meet legal or policy requirements.
Inappropriate use of technology or data may expose our Company to risks, including viruses, security breaches, theft or loss of BHP property or reputational damage.
Our expectations of you
As members of our workforce you are provided with the technology and data you need to undertake work for BHP. You must safeguard and use technology and data securely and appropriately, and protect them against damage, loss, theft, alteration and unauthorised access.
You must not use our technology or data to commit cybercrime, duplicate or sell software or media files, share your account password, use technology or data for non-BHP business purposes or cause reputational damage to BHP.
If you use our technology and data inappropriately, or inappropriate material is accessed or stored using our systems, disciplinary action may be taken and civil or criminal authorities may be notified. Inappropriate material includes pornographic or explicit images or text, materials promoting violence, hatred, terrorism or intolerance of others, or any other material that is deemed obscene or abusive.
You should never transfer, publish, remove or delete BHP data or intellectual property without authorisation.
Moderate personal use of BHP technology is permitted. Moderate personal use does not impact your ability to perform your role or affect your commitment to BHP.
Our expectations of others who work with us
If you have access to our equipment while working with us we expect that you fully comply with this section, including protecting BHP’s cybersecurity.
Where to go for help
- Your line leader or 2Up leader
- Human Resources
Tools and resources
- Treat emails and other electronic forms of communication as official records and only use authorised applications to send these messages.
- Use authorised applications for business communications or to conduct business activities (ie do not use unauthorised applications for documenting or agreeing business transactions).
- Connect BHP devices to our corporate network at least once a month to receive security updates.
- Make sure your personal devices contain the latest security updates.
- Return BHP equipment and all BHP information assets upon termination of your employment or contract.
- Report the damage, loss or theft of BHP equipment or data to your line leader and Technology.
- Make sure hardware, software and data for which you are responsible are protected from unauthorised access.
- Notify Technology if you’ve received a suspicious email by identifying the email as phishing.
- Secure laptops to prevent theft and lock your screen if leaving it unattended.
- Let Technology know when you travel to high risk countries on the behalf of BHP so they can give you single use devices.
- Divulge your BHP system passwords, write or store passwords in clear text or reuse passwords across multiple systems.
- Allow someone else to log on and operate systems and applications using your ID and user access rights.
- Leave technology or mobile devices unattended in public places.
- Engage in fraud, commit a crime online or fail to report a fraud that you may know of.
- Install software on or connect hardware to BHP devices without authorisation.
- Open attachments or click links in emails that you’ve received from unknown senders.
- Deliberately access, store, send, post or publish inappropriate material, or ignore others doing so.
- Access applications or systems for which there is no business justification.
- Store, send, post or publish BHP proprietary information outside of any of our systems or devices without prior authorisation.
- Use non-BHP storage solutions, like external hard drives, USBs, personal Email, personal clouds or internet storage services, to store BHP data.
- Copy or transfer files that violates Copyright laws.
- Ship our hardware or software outside of the country of origin without engaging Technology.
- Disable security measures on BHP technology systems or devices.
Example questions and answers
Downloading appsQuestion - A BHP colleague wants to avoid data roaming charges while travelling for business, and has asked me to download an application that will allow us to communicate free of charge. What should I do?
Company communications are subject to legal as well as regulatory requirements. You must use BHP approved applications to communicate and conduct Company business. Your Technology representative can help you install approved applications.
BHP emailQuestion - Upon signing up to various social media and career networking websites, I am often asked to provide an email contact. It’s more convenient for me to use my BHP email address. Should I submit this address?
Our Code tells us your BHP email address should never be used for personal purposes. Despite the convenience, this email address should only be used for work related tasks.