Standards 2007 – Page 37

for the intended business use only and protect it appropriately. Schering-Plough has the right to access, store and review all communications, records and information created at work or with Company resources.

This means:

Using Company computers responsibly and primarily for legitimate business purposes. Personal use (including accessing the internet) should be kept to a minimum and not diminish productivity or other job-related performance.
Protecting the security of computer systems, including corporate data, electronic communications and application software at all times.
Not engaging in electronic communications that might be considered offensive, derogatory, defamatory, harassing, obscene or otherwise vulgar.
Never using Company electronic communications systems to improperly disseminate copyrighted or licensed materials.
Always protecting information used to access Company networks, including user names and passwords.

End-User Information Security Policy C-134; Electronic Communications Policy C-119; Information Technology Software Licensing Policy C-135. For questions on whether a particular kind of information may be sent by e-mail, check with your manager.

Q. I am working with a vendor who wants me to send them some confidential information for analysis. Is it okay for me to send this information via e-mail?

A. Yes, you may send the information via e-mail but additional precautions must be taken to protect confidential information transmitted outside of the Company. Contact your local IT department for alternatives that would allow you to send the data safely.

Q. What should I do if I suspect a security breach of Company computers or data or my password has been compromised?

A. You should immediately notify your local IT department or the Office of GIT Security. You may also contact the Integrity Action Line.