Safeguard our technology, systems and data

Protecting our digital assets is crucial to our operations and our stakeholders.

Our digital assets are the technology, systems, applications and data we use to do our jobs, and they are vital to BHP’s operations. Inappropriate use of these digital assets may expose BHP to risks and vulnerabilities, which can result in security breaches, theft or loss of BHP assets, breach of law, and regulatory non-compliance. 

We share collective responsibility for protecting our digital assets as doing so helps to ensure the confidentiality, integrity and availability of our data, enabling us to operate securely and efficiently. 

Safeguard our technology, systems and data

  • What it means for you

    Our people play an important role in ensuring our systems and data are secure, and preventing unauthorised or accidental access, loss, or misuse of BHP’s information. We stay vigilant against phishing, malware, and other cyber threats and fraud, and are proactive in reporting any suspicious activity. 

    Information and data is handled with care, and we are mindful of the need for some data and records to be retained. BHP maintains records according to our policies – ensuring they are stored securely and disposed of appropriately as authorised. 

    Maintaining the privacy and confidentiality of our data is important to us. We use approved and secure methods for storing, sharing, and disposing data, and follow Our Requirements to manage risk and protect our digital assets. 

    Our digital assets’ content is free from inappropriate materials. Our communication, both internal and external, reflects Our Values, promotes inclusivity, and contributes to our culture of care by being free from harmful or disrespectful content, including content related to violence, hatred, discrimination or sexual matters. 

  • How you make an impact  
    You handle our digital assets with care, comply with Our Requirements, use approved technology systems and applications, report any damage, loss or theft or unauthorised access and speak up about possible breaches immediately. 
  • Resources
    Technology and Cybersecurity Global Standard
    Data Global Standard
    Communications and Brand Global Standard
    Business Conduct Global Standard
Worker laughing

Always

• Follow the Technology and Cybersecurity Global Standard and our Communications and Brand Global Standard when using BHP’s technology, systems and data.

• Treat emails and other electronic forms of communication as official records.

• Use authorised applications for business communications or to conduct business activities.

• Ensure your personal and corporate devices have the latest security updates – do this by connecting BHP devices to our corporate network at least once a month.

• Return BHP equipment and all BHP information assets upon termination of your employment or contract.

• Report the damage, loss or theft of BHP equipment, or unauthorised access to, or use or disclosure of BHP data to your line leader and Technology as quickly as possible.

• Protect any hardware, software and data for which you are responsible from damage, loss, theft, interference and unauthorised access, modification, disclosure or use.

• Report suspicious emails to Technology as phishing.

• Lock your screen when you are away from your workstation.

• Inform Workplace Technology when travelling to a high-risk country on BHP’s behalf to request a single use device where appropriate.

person in cab

Never

• Divulge your BHP system, devices or application passwords or allow anyone else to gain access to BHP technology and systems using your login credentials.

• Leave BHP technology or mobile devices unattended in public places.

• Engage in fraud, commit a crime online or fail to report a fraud.

• Install software on or connect hardware to BHP devices without authorisation from Technology.

• Deliberately access, store, send, post or publish inappropriate material, or ignore these activities if you know of others doing so.

• Access applications or systems for which there is no business justification.

• Use unauthorised applications (such as WhatsApp, WeChat) for documenting or agreeing business transactions. See our Social Media Policy for details.

• Store, send, post or publish BHP data or proprietary information outside of our systems or devices including social media without prior authorisation from your line leader.

• Use non-BHP storage solutions (external hard drives, USBs, personal email, personal clouds or internet storage services) to store BHP data.

• Copy or transfer files that violate copyright laws.

• Ship our hardware or software outside of the country of origin without engaging Technology.

• Disable security measures on BHP technology systems.

• Receive compensation for the disposal of BHP equipment.

Hypothetical scenarios

  • Q: A BHP colleague wants to avoid data roaming charges while travelling for business and has asked me to download an application that will allow us to communicate free of charge. What should I do?
    A: BHP communications are subject to legal as well as regulatory requirements. You must use BHP approved applications to communicate and conduct company business. Your Technology representative can help you install approved applications. Check our Social Media policy for updates.
  • Q: Upon signing up to various social media and career networking websites, I am often asked to provide an email contact. It’s more convenient for me to use my BHP email address. Should I submit this address?
    A: Your BHP email address should never be used for personal purposes. Despite the convenience, this email address should only be used for work related tasks. As we have no control over other websites, there may be an unacceptable likelihood of your email address being stolen or leaked, risking your privacy and home life, and BHP’s brand, technology, systems and data. 

     

  • View more hypothetical scenarios

    English

    español

    Chinese

    Portuguese

    Malay

How to speak up

If you have questions about Our Code, speak to your line leader, 2Up leader, Ethics and Investigations, Compliance, or Legal. Employee Relations or a HR Business Partner can direct you to the relevant reporting options available. You can also seek further information and resources via BHP’s RespectChat.  Anyone who works with us, on our behalf, or is associated with us, can also raise misconduct concerns via Integrity@BHP or the BHP Protected Disclosure Reporting Channel.

Online: Make a report in either Integrity@BHP or the BHP Protected Disclosure Reporting Channel

Phone: You can also contact the BHP Protected Disclosure Reporting Channel by phone

Download Our Code