Airbus Information Management & Use of Infor-

mation Systems and Technologies (IS&T) Facili-

ties

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 1
1. PURPOSE & SCOPE

1.1 This Document is intended to inform End Users of the rules which govern their use
of the Airbus Information Systems and Technologies (IS&T) Facilities.

1.2 The rules contained herein apply regardless of whether the End User’s use of the
IS&T Facilities occurs within Airbus sites or externally.

1.3 The purpose of these rules is to ensure the confidentiality, integrity and availability
of all Airbus’s operations and interests. Pursuant to this aim, Airbus Security is en-
titled to track and monitor the use of the IS&T Facilities by all End Users.

2. USE OF THE IS&T FACILITIES

2.1 General Use

2.1.1 End Users are permitted to use the IS&T Facilities for the purposes of con-
ducting their professional tasks, provided that such use is conducted in accordance
with the security provisions and ethical standards outlined herein, and supple-
mented by additional internal rules.

2.1.2 This Document is communicated to all End Users.

2.1.3 In order for an immediate response to be coordinated, any suspected security

breach (including but not limited to: phishing emails, virus infection, data loss or
data corruption, hardware theft, misuse of user account, unauthorised data access
or the transmission of offensive content) shall be reported immediately to the local
Airbus Security manager.

2.1.4 End Users acknowledge that all activities conducted on an Airbus e-mail ad-
dress, or via the Airbus network, could be interpreted by external individuals as the
actions of Airbus. Hence, any activities carried out by End Users on the IS&T Facil-
ities may impact Airbus.

2.1.5 Additional rules may apply to the use of the IS&T Facilities for military/defence
programs and/or export controlled items.

2.2 Private Use

2.2.1 The use of the IS&T Facilities for private purposes is expressly forbid-
den, unless such use is permitted by Article 2.2.2

2.2.2 However, incidental private use of the IS&T Facilities for contacting fam-
ily members and performing everyday life tasks is acceptable only in
the Airbus entities located in countries where national laws allow it and
provided that the use of IS&T Facilities:

2.2.2.1 is lawful and does not conflict with Airbus’ interests and inter-
nal regulations;

2.2.2.2 does not affect the security and integrity of the IS&T Facilities;

2.2.2.3 remains reasonable, brief and occasional; and

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 2
 2.2.2.4 does not hinder or interfere with the End User’s work perfor-
mance or job responsibilities.

2.2.3 All content which is accessed via, transmitted by, or stored on the IS&T
Facilities is deemed to have a professional nature, unless such content
has been clearly labelled as “Private” or “Personal” (referred to herein
as “Private Items”).

2.2.4 Any Private Items shall be stored by End Users in their “Private” or
“Personal” folder. A “My Documents” folder, or any other “home direc-
tory”, is not considered a private Item, unless it has been specifically
labelled “Private” or “Personal”.

2.2.5 End Users are responsible for the management of their Private Items.
Airbus shall not be liable in the event of any loss, destruction or unau-
thorised interception by a third party of any Private Items which have
been transmitted through, or stored on, the IS&T Facilities.

2.2.6 It is the responsibility of the End User to delete all his/her Private Items
from the IS&T Facilities before returning them for whatever reason to
Airbus. Airbus shall not be liable for any damage that directly or indi-
rectly results from the End User’s failure to delete any Private Items
from the IS&T Facilities, following their termination of mission/employ-
ment contract.

2.2.7 If any End User discovers that they have access to another End User’s
Personal Items, he or she shall immediately contact his or her local Data
Protection Officer (DPO).

2.3 General Prohibited Activities

2.3.1 End Users are expressly forbidden to use the IS&T Facilities for:

2.3.1.1 illegal activities;

2.3.1.2 activities which conflict with Airbus’s interests;

2.3.1.3 activities which support the commercial activities of a third

party; and

2.3.1.4 activities which support the End User’s own external commercial
activities.

2.3.2 End Users shall not conduct activities that damage, or have the potential
to damage, the operations, interests, reputation and relationships of
Airbus, Airbus’s customers and Airbus’s business partners.

2.3.3 End Users shall not use the IS&T Facilities to damage or affect the in-
terests/privacy of any third parties.

2.3.4 Additionally, End Users are expressly forbidden to (this list being non-
exhaustive):

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 3
 2.3.4.1 Allow access to the IS&T Facilities to anybody other than mem-
bers of the IM Department for maintenance and/or configuration pur-
poses;

2.3.4.2 Share individual passwords and access codes or try to obtain

passwords or access codes from other End Users, including those be-
longing to the IM Department;

2.3.4.3 Bypass End User authentication, or any other security mecha-

nism, of any of the IS&T Facilities;

2.3.4.4 Use and/or install software and/or any application not provided
by Airbus or without Airbus authorisation;

2.3.4.5 Disable anti-virus or any other protective software installed by

the IM Department;

2.3.4.6 Store, delete, copy or duplicate for personal purposes infor-

mation, data or software which belongs to Airbus without prior Airbus
authorisation;

2.3.4.7 Cause security breaches (e.g. accessing data when the End User
is not the intended recipient, logging into a server or account that the
End User is not expressly authorised to access) or disruptions to net-
work communications;

2.3.4.8 Introduce any malicious programs and/or applications to the

IS&T Facilities (e.g. viruses, worms, Trojan horses, e-mail bombs, etc.);

2.3.4.9 Install, or connect to any Airbus infrastructures and/or net-

works, any unauthorised electronic devices such as wireless or cable,
gateways, bridges, 4G Internet devices, which might have an impact on
the network operation and could generate the risk of unauthorised ac-
cess; and

2.3.4.10 Change in any way the configuration of any IS&T Facilities

without Airbus prior authorisation provided through the IM Department.

3. E-MAIL

3.1 Airbus e-mail accounts shall only be used by End Users for business purposes. Sub-
ject to the provisions of Article 2.2.3, all e-mails written and/or received on Airbus
e-mail accounts shall be treated as official company documents and will therefore
be subject to Airbus rules concerning the protection and classification of infor-
mation.

3.2 Incidental private use of e-mail for contacting family members and performing eve-
ryday tasks is acceptable, provided such use does not affect the normal traffic of
business e-mails and generally conforms to provisions of Article 2 hereof as well as
other applicable requirements and limitations as may be set out in this Document.

3.3 The following measures and restrictions shall apply to the use of e-mail:

3.3.1 In order to detect and avoid threats such as viruses, Trojan horses,
worms, malware spam mail and phishing/vishing messages etc. the

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 4
 content of all End Users’ e-mails is filtered by Airbus. Notwithstanding
these filtering measures, should a suspicious e-mail be received, the
End User must not open any attachments or links contained therein, nor
shall the e-mail be forwarded to any other End User. In this situation,
End Users shall, as soon as practicable, report any suspicious e-mails
to Airbus Security.

3.3.2 End Users shall transmit any strategic or sensitive information in ac-
cordance with “Security Requirements for Company Data Classification
and Protection” Airbus directive (A1044).

3.4 In any event, End Users shall not (this list being non exhaustive):

3.4.1 Solicit, create or distribute non-work related material such as chain let-
ters, pictures, videos, audio files, jokes, unsolicited messages, junk mail
or other advertising materials, either within Airbus or externally;

3.4.2 Manipulate e-mails for unauthorised purposes for example forging e-

mail header information or changing/removing the footer of outgoing
messages;

3.4.3 Use Airbus distribution lists for non-business purposes;

3.4.4 Open, save or run any e-mail attachment unless such attachment is
known to be trustworthy;

3.4.5 Click on hyperlinks which establish a connection to unknown websites;

3.4.6 Disclose information which would provide the recipient with unauthor-
ised access to the IS&T Facilities, such as login details and passwords;

3.4.7 Publish Airbus e-mail addresses on public websites as this could lead to
such addresses being included in spam or mass mailing lists;

3.4.8 End Users shall never send work-related e-mails and attachments to
their private storage facilities, including but not limited to, private e-
mail accounts or private cloud accounts

3.5 End User who is given access to another End User’s account for specific purposes
pursuant to Airbus policy (“Specific Authorised Access”), shall comply with the fol-
lowing requirements:

3.5.1 Specific Authorised Access shall be subject to the written agreement of

the End User whose account is being accessed; and

3.5.2 Specific Authorised Access shall be provided for a defined time period.

3.6 In the event of an End User’s unexpected absence or leave, it may not be possible
for that End User to provide the written authorisation specified in Article 3.5.1. In
these situations, Airbus will assess the urgency of the need for access and, if
deemed necessary, shall authorise a specific individual to access the absent End
User’s email account under the supervision of the DPO / HR Department. Such ac-
cess shall only be permitted if it is in accordance with applicable local law. Trainees,
sub-contractors and contractors shall never have access to the e-mail accounts of
Airbus employees.

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 5
3.7 As of the revocation of any email account by Airbus, all e-mails sent to this e-mail
account will be forwarded, according to local rules, to a designated person for busi-
ness continuity purposes.

4. INTERNET/INTRANET

4.1 Access to the Internet/Intranet via the IS&T Facilities, including through remote
access, is only permitted for business related purposes.

4.2 Incidental private use of the Internet/Intranet via the IS&T Facilities, is permitted
for the purposes of contacting family members and performing everyday tasks,
provided such use does not affect the normal functioning of the Internet/Intranet
and that it is compliant with Article 2 of this Document, as well as other applicable
requirements and limitations as may be set out herein.

4.3 Any connection to the Internet/Intranet via the IS&T Facilities shall be established
using standard Airbus services (Internet Access, remote access).

4.4 In any event, End Users shall not use the IS&T Facilities to (this list being non
exhaustive):

4.4.1 Download and store files, programs, codes or software which originate
from Untrusted Internet Sources, without the prior authorisation of Air-
bus Security;

4.4.2 Download, store, install, uninstall, upgrade, use or distribute any soft-
ware other than software provided/authorised by Airbus;

4.4.3 Download, store or distribute non-business related material;

4.4.4 Download, store or distribute unauthorised third-party copyright pro-

tected material;

4.4.5 Access and use any peer to peer file sharing programs (e.g.: Torrent
program);

4.4.6 Use instant messaging services for business purposes without Airbus
authorisation;

4.4.7 Create independent Internet websites or blogs. All company information

shall be communicated via the official Airbus website at www.airbus.com
or equivalent and managed by Airbus’s Communication Department;

4.5 It is strictly forbidden for End Users to use the IS&T Facilities to access:

4.5.1 Pornographic/paedophilic/obscene content

4.5.2 Racist/sexist or otherwise abusive or demeaning content, including hate

speeches and publications which support the repression of certain
groups and individuals e.g. racial/religious/gender/sexual/age/disabled
minorities;

4.5.3 Potentially insulting or defamatory content;

4.5.4 Degrading and/or discriminatory content;

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 6
 4.5.5 Content relating to the supply, distribution, or use of illegal drugs;

4.5.6 Content relating to the promotion of terrorism;

4.5.7 Content relating to the performance or promotion of criminal activities,

such as instructions or references to methods/procedures for commit-
ting illegal acts;

4.5.8 Content relating to occult-related issues, such as the publication of ex-

tremist opinions on occult, satanic or similar topics;

4.5.9 Anonymised networks (such as TOR) or use of VPN services other than
ones used and authorised by Airbus;

4.5.10 Games (e.g. videogames, online games, gambling, lotteries etc.) and
marketplaces (e.g. eBay); and

4.5.11 To any personal social network or private email accounts for business
purposes without Airbus authorisation.

4.6 End Users are expressly forbidden to use the Internet/Intranet to:

4.6.1 Expose Airbus to liability or embarrassment;

4.6.2 Store Airbus information on a public cloud or private Internet storage

service (e.g. Dropbox, iCloud or a personal server), unless such storage
method has been formally authorised by Airbus Security;

4.6.3 Disclose Airbus information or references to Airbus, either in public web-

sites, chats, forums, blogs, social networks or any other media, unless
the Airbus Communication department has expressly authorised it.

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 7
5. MOBILE IS&T FACILITIES

5.1 Airbus may provide IS&T devices, such as smartphones, tablets, PCs etc, to End
Users (i.e. Company Owned Device (COD) or Choose Your Own Device (CYOD)) in
order to access the Airbus network for business purposes and in accordance with
Article 8.

5.2 Under specific conditions, End Users may agree to use their private mobile devices
for business purposes (i.e. Bring Your Own Device (BYOD)). In these circumstances
the End User shall remain liable for the costs owed to the particular operator for the
provision of the mobile services. If this option is selected, Airbus will install the
necessary professional applications required for accessing the Airbus network.
These professional applications will be kept fully separate from the End User’s per-
sonal/private applications by a professional container that will be subject to Moni-
toring as per Article 8.

5.3 Internet browsing through Airbus Wi-Fi will be filtered and monitored as per Article
8.

6. CONFIDENTIALITY

6.1 End Users shall treat all information, including facts, matters, documents and all
other materials which come to their attention as a result of their employment by
Airbus as confidential information. Such confidential information shall remain pro-
prietary to Airbus, its customers and/or suppliers (as appropriate). This confidenti-
ality obligation shall continue following the termination or conclusion of the End
User’s activities with Airbus according to local legislation, contract or other applica-
ble regulations.

6.2 End Users shall not disclose any confidential information, nor shall they use any
confidential information for purposes other than those related to the performance
of professional/contractual responsibilities, unless duly authorised by Airbus.

6.3 End Users shall comply with the information classification defined by Airbus in the
document entitled “Security Requirements for Company Data Classification and Pro-
tection” Airbus directive (A1044) and/or any applicable laws and regulations.

7. SECURITY

7.1 Authentication and security measures

7.1.1 End user must physically secure and ensure that all mobile devices such
as laptops, removable media, mobile phones, tablets etc., are properly
handled in order to prevent theft or loss. In particular, these items must
never be left unattended in public places or within areas of Airbus’s
offices which can be freely accessed by visitors.

7.1.2 End Users must log off or activate a password-protected screensaver

when leaving their PCs and mobile devices unattended, even if only for
a short period of time.

7.1.3 Only removable media devices that have been approved/provided by

the IM Department shall be connected to the IS&T Facilities. Unless ap-
propriate equipment has been provided by the IM Department, remov-
able media (e.g. memory sticks and hard drives) shall only be used for

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 8
 data transfer, and not for data storage. All confidential data shall be
protected by appropriate means which shall be provided to End Users
by the IM Department.

7.1.4 End Users must keep passwords and access codes strictly confidential.
No written records are to be kept of such information, nor shall such
information be stored for the purposes of automated login purposes
(e.g. stored in a macro or function key) unless the means is validated
by Security. If an End User suspects that an unauthorised person may
have obtained their password or access codes, the End User shall im-
mediately change these details and inform Airbus Security.

7.1.5 End Users who have been provided with software to facilitate remote
access authentication shall protect those tools from loss or theft, and
shall protect their PIN in the same manner as they would their pass-
words. Secured authentication and access tools shall never be shared
by multiple End Users. End Users shall notify Airbus Security, IM De-
partment and/or shop floor manager as soon as practicable should their
personal secured authentication and access tools be lost or stolen.

7.2 Storage and Retention

7.2.1 For back-up purposes, all business data shall be stored by the End User
in the relevant files/network storages of the IS&T Facilities.

7.2.2 Should an End User encounter any difficulties storing business data on
a particular device, or should an End User have any specific and justified
storage needs, the End User shall contact the IM Department.

7.2.3 In the event of an accidental deletion of business data, the End User
shall immediately inform their local IM Department.

7.2.4 Subject to local laws and regulations, the use by all End Users of the
IS&T Facilities (data communication) may be recorded by Airbus and
retained for a period of one year, (e.g. Internet browsing history).

7.2.5 The End User may request the right to access information concerning
such storage and retention from their local DPO.

8. MONITORING

8.1 Scope and Purpose

8.1.1 Airbus may monitor all activities which involve the IS&T Facilities.

8.1.2 Monitoring may involve the deployment of various tools to protect the
IS&T Facilities. For example, this may include; antivirus software, filter-
ing mechanisms and software to prevent data loss. Airbus may also use
a computerised system to monitor secured communications (such as
SSL encrypted web traffic).

8.1.3 Monitoring is conducted for the purposes of:

8.1.3.1 Ensuring the confidentiality and integrity of Airbus infrastruc-

tures, networks, data and IS&T Facilities;

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 9
 8.1.3.2 Ensuring the effective use of the IS&T Facilities and correct func-
tioning;

8.1.3.3 Ensuring compliance with applicable laws and regulations

and/or this Document;

8.1.3.4 Investigating a breach of any applicable laws and regulations

and/or this Document;

8.1.3.5 Ensuring End User compliance with the security and confidenti-
ality obligations contained in this Document;

8.1.3.6 Identifying, monitoring and protecting Airbus’s assets; and

8.1.3.7 Ensuring effective cost control.

8.2 How Monitoring is conducted

8.2.1 Monitoring activities shall only be performed by Airbus Security, who

have been properly trained in the protection of Personal Data.

8.2.2 For the purposes set out in Article 8.1 above, Airbus may monitor any
use of the IS&T Facilities and access all business data. In this respect,
Airbus may monitor all activities using IS&T Facilities, including internet
browsing history (including the names of websites accessed, browse
time, downloaded files/materials and the bandwidth used etc.), sent
and received e-mails (including attachments), files which are stored on
the IS&T Facilities (e.g. PST files), network connections and any general
IS&T Facilities logs.

8.2.3 In the event of the detection of a security incident, Airbus may analyse
the security measures in place (e.g. by conducting a review of the rel-
evant logs or a forensic analysis of the IS&T Facilities) to identify root
causes and perform corrective actions to limit the damage to the IS&T
Facilities or Airbus’s interests.

8.2.4 To prevent and remedy an imminent security risk to the IS&T Facilities
or Airbus’s interests, an End User’s use of and access to the IS&T Facil-
ities may be temporary blocked or suspended by Airbus.

8.3 Access to “Private Items”as part of Monitoring

8.3.1 Incidental private use for contacting family members and performing
everyday tasks is acceptable, Airbus may monitor all private data (fold-
ers, emails, files and folders, whether marked “Private” or “Personal” or
otherwise), in accordance with this Document.

8.3.2 End Users are informed that the software deployed by Airbus may not
be able to distinguish between private and professional data. End Users
therefore acknowledge that Monitoring activities will apply equally to all
data stored and transmitted via the IS&T Facilities.

8.3.3 Within the strict framework of applicable laws and regulations and tak-
ing into account national particularism, Airbus Security may access all
Private Items as refered to in article 2.2.4 where there is reasonable

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 10
 suspicion of misuse or where it is necessary to prevent or remedy an
imminent risk or event damaging or likely to damage Airbus IS&T Facil-
ities security or Airbus interests.

9. PRIVACY AND DATA PROTECTION

9.1 All Personal Data which is gathered from End Users shall be processed in a manner
which ensures compliance with applicable data protection laws. Personal Data which
is gathered from End Users shall only be accessed by an Airbus representative
whose access has been authorised for technical, business and management rea-
sons.

9.2 In relation to queries regarding Personal Data subjects rights (e.g. rectification and
the right to be forgotten) End Users may contact their local DPO to submit a request.

10. SANCTIONS

10.1 If it is demonstrated that an End User’s non-compliance with the provisions of this
Document is personally attributable to the End User in question, subject to local
laws and regulations, the following sanctions may be pursued by Airbus:

10.1.1 Disciplinary measures; and/or

10.1.2 Personal civil and/or criminal liability.

11. ENTRY INTO FORCE

11.1 Where required, this Document has been approved by all relevant Airbus work coun-
cils and Airbus authorities. As such, this Document has come into force on January,
1st 2019.

11.2 In order to comply with applicable laws and regulations and to correspond with any
changes to Airbus policy, this Document may be amended by Airbus as often as
required subject to the necessary approvals.

11.3 The latest version of this Document shall be available on the Airbus Intranet or upon
request from Airbus Security.

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 11
ANNEX 1 GLOSSARY

Airbus: Airbus SAS and its subsidiaries, affiliates, joint ventures and associated compa-
nies in which any Airbus entity has a controlling interest, including their sites and loca-
tions.

Airbus Security: Airbus organization, including all authorized persons acting on behalf
of Airbus, which is responsible for providing, fulfilling and implementing security require-
ments, guidelines and processes to ensure the protection of Airbus’s information and as-
sets.

Document: this policy, including its Annexes, which outline how Airbus’s IS&T Facilities
must be used.

End User(s): any person(s) who may use or have access to any IS&T Facilities. End Us-
ers can be Airbus employees, interns, trainees, contractors, service providers, customers,
visitors who have an access to IS&T Facilities, regardless of whether they are internal or
external staff, or whether they have been employed/contracted on a permanent or tem-
porary basis. For clarification purposes, the IM Department and/or Airbus Security mem-
bers and all IT profiles (e.g. IM administrators) are included in this definition.

IM Department: the formal organization within Airbus responsible for providing IS&T
Facilities to End Users.

IS&T Facilities: means Information Systems and Technologies which has been provided
by Airbus (or by a service provider on Airbus’s behalf) to End Users for the purpose of
that End User performing their professional tasks. This includes for example: PCs, lap-
tops, removable media, phones, tablets and software, “professional containers” installed
on any IS&T facilities owned by Airbus or the End user, as well as the ancillary services
and equipment necessary to support and facilitate Airbus’s information system (e.g. se-
curity tools, CCTV imagery processing and access control).

BYOD: means ‘Bring Your Own Device’ and refers to private devices which End Users
have been permitted to use for professional purposes.

IP/network address: the IP/network address is the identifying number by which a lo-
cation in the Internet is identified and that allows the identification of the End User’s
computer on the network. Airbus IP addresses in the Internet are fixed. Any End-User
connected to the Internet from within Airbus, independently of the IP their computer may
have in the Airbus network, is given an Internet IP address which belongs to Airbus and
identifies Airbus as the source of the activity performed.

Monitoring/ to monitor: means the use of the automated processes of filtering, trac-
ing and sorting of the data flow transiting on Airbus’ information systems. These pro-
cesses involve automatic and indiscriminate control of data and files content, but do not
require systematic overview of the data by a natural person.

Personal Data: any information relating to an identified or identifiable natural person.

An identifiable natural person is one who can be identified, directly or indirectly, in partic-
ular, by reference to an identifier such as a name, an identification number, location
data, an online identifier or to one or more factors specific to the physical, physiological,
genetic, mental, economic, cultural or social identity of that natural person.

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 12
Untrusted Internet Sources: means websites which have a problem with their security
certificate, which prompts the internet browser to alert you that the website should be
treated as untrusted.

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 13
ANNEX 2 FAQ

Topics/Questions Responses
Objectives of IS&T The purpose of this IS&T Charter is to consolidate and harmo-
Charter nise Airbus’s rules surrounding the use by End Users of the IS&T
Facilities. By consolidating these rules into one document, com-
mon to the whole of Airbus, the terms of use have been clarified
and the protection of Airbus and End Users reinforced, whilst
ensuring the policy’s functionality at National level.

Why are “incidental As explained above, this Document has been developed in order
private emails”, “inci- to harmonise the rules surrounding the use by End Users of the
dental private use of IS&T Facilities. As the national laws relating to the use of the
the Internet” or any IS&T Facilities differ from one country to another, it is not al-
“incidental private use ways possible to use a blanket approach for all potential issues.
of Airbus IS&T Facili- In some countries, case law indicates that IS&T facilities pro-
ties” permitted in vided by an employer may be used for private purposes provid-
some countries, but ing such use is reasonable and does not keep employees from
not others? performing their work. Whilst in other countries this is not per-
mitted. Airbus management has therefore decided, whilst re-
specting National laws, to restrict as much as possible the use
of the IS&T Facilities for private reasons.

The main principle is that: the IS&T Facilities should not be

used for non-work related activities, unless such use is minor
and exceptional (e.g.: in the event of an emergency or travel
disruption, or contacting family members). End Users should
apply a common sense approach to private use of the IS&T Fa-
cilities.

In the event that an For the purposes of using the IS&T Facilities for private use, End
End User is based in a Users shall be subject to the rules of their “home” country.
foreign country, but
they have a contract
from an Airbus entity
based in their home
country, how shall the
use of the IS&T Facili-
ties for private rea-
sons be governed?

I am working over- There is no specific right for employees to use the IS&T Facili-
seas and wish to use ties for their own private purposes. However, the Courts are
the IS&T Facilities to often willing to find that employees may make reasonable pri-
communicate with, vate use of employer-provided IS&T facilities, on the condition
and provide support that such use does not interfere with their work duties.
to, my family. Is this
possible? There is no obligation on employers to allow communication
equipment to be used for employees’ own private use. How-
ever, many employers choose to do this.

In order to ensure system integrity and confidentiality, Airbus

management has decided to prohibit employees’ use of the
IS&T Facilities for private reasons in certain countries, in the
countries where such a prohibition is permitted.
© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities
Page 14
 Do the provisions of The stipulations of the IS&T Charter are effective for all IS&T
the IS&T Charter ap- Facilities, regardless whether they are being used at work, at
ply when the IS&T Fa- home or at a hotel etc.
cilities are used out-
side of working hours,
to access non-work
related websites?

How do I know which The policy document entitled A1044 “Security Require-
documents are confi- ments for Company Data Classification and Protection ”
dential? explains how this determination should be made. The A1044
policy document is available on the Airbus intranet.

How do I acquire use When required, and subject to validation by your Airbus coun-
of the encryption terpart, encryption tools may be provided by Airbus to End Us-
tools? ers.

Provided these conditions are fulfilled, there are several encryp-

tion tools available. These tools differ in their application and
can either encrypt specific folders and emails or the entire hard
drive.

The encryption can be performed:

• by yourself (for Airbus): Start/ PC Services/All/ “encryption

tool name”; or

• you can call your ISR; or

• Contact your local IM department.

If encrypting a hard drive, it is recommended that this be per-

formed in the evening as it can take some time.

Where should I store As per Article 7.2 above, all business data shall be stored on
my archive when my the hard drive of the particular device where the data has
usual disk is full? been received or generated. Should any difficulties with stor-
ing business data be encountered the IM Department should
be contacted without delay.

Does Airbus routinely Airbus routinely monitor internet usage. However, it may be
monitor internet us- necessary for Airbus to access users’ web traffic (which may
age? include personal / private data) for the purposes of identifying
IT security threats.

BYOD access Personal/private files located outside the professional container

on a BYOD are not presumed by Airbus to be professional and
shall not be accessed without the End User's express consent
(or upon judicial authorisation).

Any questions about Go to: https://smartphone.airbus.corp/faq/

Smartphones

© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities

Page 15
© Airbus SAS 2018- Airbus Information Management – Use of IS&T Facilities
Page 16