LadyPortraitNewmanPage 2022

Safeguard our technology, systems and data

Safeguarding our technology systems and data is the responsibility of everyone who works for us or on our behalf.

Inappropriate use of technology or data may expose our company to risks and vulnerabilities, including viruses, ransomware attacks, security breaches, theft or loss of BHP property and more. This could result in financial loss, legal impact or reputational damage.

All BHP hardware, software and data is the property of BHP. This includes BHP data stored on personal and BHP devices. To mitigate risk and comply with relevant laws, regulations and standards across the global locations in which we operate, the use of BHP technology and systemsis monitored, reported and, where required, blocked without prior notice. Data stored on BHP technology and systems may be accessed, reviewed or disclosed for the purposes of maintenance, business needs or to meet legal, regulatory or policy requirements.

Safeguard our technology, systems and data

  • What this means for you

    To protect against damage, loss, theft, misuse, interference and unauthorised alteration, access and disclosure, you must safeguard and use our technology and data securely and appropriately.


    Never use our technology or data to commit cybercrime, duplicate or sell software or media files, share your account password, use data for non-BHP business purposes or cause reputational damage to BHP. Our technology must never be used as a platform to create or spread information that is not truthful.


    Disciplinary action may be taken and civil or criminal authorities notified, if you use our technology and data inappropriately, or inappropriate material is accessed or stored using our systems. Inappropriate material includes pornographic or sexually explicit or exploitative imagesor text, materials promoting violence, hatred, racism, religious beliefs, terrorism or the intolerance of others, or any other material that is deemed obscene or abusive.


    Never use, modify, transfer, publish, share, remove or delete BHP data or intellectual property without written authorisation from your line leader.


    Moderate personal use of BHP technology is permitted, provided you comply with the above requirements.

Worker laughing


• Follow the Technology and Cybersecurity Global Standard and our Communications and Brand Global Standard when using BHP’s technology, systems and data.

• Treat emails and other electronic forms of communication as official records.

• Use authorised applications for business communications or to conduct business activities.

• Ensure your personal and corporate devices have the latest security updates – do this by connecting BHP devices to our corporate network at least once a month.

• Return BHP equipment and all BHP information assets upon termination of your employment or contract.

• Report the damage, loss or theft of BHP equipment, or unauthorised access to, or use or disclosure of BHP data to your line leader and Technology as quickly as possible.

• Protect any hardware, software and data for which you are responsible from damage, loss, theft, interference and unauthorised access, modification, disclosure or use.

• Report suspicious emails to Technology as phishing.

• Lock your screen when you are away from your workstation.

• Inform Workplace Technology when travelling to a high-risk country on BHP’s behalf to request a single use device where appropriate.

person in cab


• Divulge your BHP system, devices or application passwords or allow anyone else to gain access to BHP technology and systems using your login credentials.

• Leave BHP technology or mobile devices unattended in public places.

• Engage in fraud, commit a crime online or fail to report a fraud.

• Install software on or connect hardware to BHP devices without authorisation from Technology.

• Deliberately access, store, send, post or publish inappropriate material, or ignore these activities if you know of others doing so.

• Access applications or systems for which there is no business justification.

• Use unauthorised applications (such as WhatsApp, WeChat) for documenting or agreeing business transactions. See our Social Media Policy for details.

• Store, send, post or publish BHP data or proprietary information outside of our systems or devices including social media without prior authorisation from your line leader.

• Use non-BHP storage solutions (external hard drives, USBs, personal email, personal clouds or internet storage services) to store BHP data.

• Copy or transfer files that violate copyright laws.

• Ship our hardware or software outside of the country of origin without engaging Technology.

• Disable security measures on BHP technology systems.

• Receive compensation for the disposal of BHP equipment.

Hypothetical scenarios

  • Q: A BHP colleague wants to avoid data roaming charges while travelling for business and has asked me to download an application that will allow us to communicate free of charge. What should I do?
    A: BHP communications are subject to legal as well as regulatory requirements. You must use BHP approved applications to communicate and conduct company business. Your Technology representative can help you install approved applications. Check our Social Media policy for updates.
  • Q: Upon signing up to various social media and career networking websites, I am often asked to provide an email contact. It’s more convenient for me to use my BHP email address. Should I submit this address?
    A: Your BHP email address should never be used for personal purposes. Despite the convenience, this email address should only be used for work related tasks. As we have no control over other websites, there may be an unacceptable likelihood of your email address being stolen or leaked, risking your privacy and home life, and BHP’s brand, technology, systems and data. 


  • View more hypothetical scenarios

How to speak up

If you have questions about Our Code, speak to your line leader, 2Up leader, Ethics and Investigations, Compliance, or Legal. Employee Relations or a HR Business Partner can direct you to the relevant reporting options available. You can also seek further information and resources via BHP’s RespectChat.  Anyone who works with us, on our behalf, or is associated with us, can also raise misconduct concerns via Integrity@BHP or the BHP Protected Disclosure Reporting Channel.

Online: Make a report in either Integrity@BHP or the BHP Protected Disclosure Reporting Channel

Phone: You can also contact the BHP Protected Disclosure Reporting Channel by phone