Overview
At Ernst & Young (EY), maintaining the highest standards of security is essential to protecting our clients, our people, and our business. Our security policies and compliance requirements are designed to align with industry best practices and regulatory standards, ensuring that we operate safely and responsibly in a complex cyber landscape.
This article provides an overview of EY’s key security policies and compliance expectations every employee must understand and follow.
Why Security Policies Matter
Security policies provide the framework for how we protect our information assets. They define acceptable behaviors, safeguard sensitive information, and help prevent security incidents such as data breaches, fraud, and cyberattacks.
Adhering to these policies ensures that EY meets legal and regulatory requirements and maintains client trust and company reputation.
Key Security Policies to Know
1. Information Security Policy
This foundational policy outlines the protection of information assets, including data classification, handling, and protection requirements. All employees must adhere to these rules when processing or sharing any EY data.
2. Acceptable Use Policy
Defines appropriate use of EY systems, devices, and network resources. The policy prohibits unauthorized software installation, access to inappropriate websites, and other actions that could put EY security at risk.
3. Data Privacy Policy
Details how personal and sensitive data must be collected, stored, and shared to comply with GDPR, CCPA, and other relevant privacy laws.
4. Mobile Device & Remote Access Policy
Guides the secure use of mobile devices and remote connections, helping protect EY data when working outside of office environments or on personal devices.
5. Vendor & Third-Party Security Policy
Outlines requirements for working with external partners to ensure they meet EY’s security standards and do not introduce risk.
Your Responsibilities
- Stay Informed: Regularly review policy updates and complete required security training sessions.
- Report Concerns: Promptly report any suspicious activity or potential policy violations using the defined channels.
- Protect Credentials: Never share your login information and always follow authentication best practices.
- Use Resources Wisely: Only use EY systems for authorized work activities per policy guidelines.
Consequences of Non-Compliance
Violating EY security policies can lead to disciplinary action, including termination, legal consequences, and reputational damage to the company. EY takes compliance seriously to protect all stakeholders.
Where to Find Policies
All current security policies and procedures are available on the EY Intranet under Security & Compliance > Policies. For any questions or clarifications, please contact the Security Awareness Team or your manager.
Remember: Security is everyone’s responsibility. By understanding and following EY’s security policies, you help create a safer workplace for all.
Comments
0 comments
Please sign in to leave a comment.