- President's Message
- Code of Business Conduct and Ethics
- Policies
-
- Antitrust Policy
- Disclosure Policy
- Donations Policy
- Statement on Sustainable Growth
- Environmental Policy
- Fibre Use and Sourcing Policy
- Forest Policy
- Health & Safety Policy
- Human Rights Policy
- Information Technology Policy
- Political Contributions Policy
- Policy Statement on Trading in Securities
- Whistleblower Protection Policy
This policy is currently under review and new version will be posted in due course.
This policy establishes guidelines governing the proper use of information technologies and the Internet by all Domtar employees, including part-time and temporary workers.
INFORMATION TECHNOLOGIES
Information technologies includes, without limitation, computers, computer-based networks, computer peripherals, operating systems, e-mail, Intranet, software or any combination thereof, that are made available by Domtar for the purpose of supporting its goals of providing quality products and services to customers, increase shareholder value and foster employment satisfaction.
In order to preserve the integrity of the information technology systems against accidents, failures or improper use, Domtar reserves the right to limit, restrict or terminate any user's access and to inspect, copy, remove or otherwise alter any data, file or system resources.
These guidelines are intended to supplement, not replace, all existing laws, regulations, agreements, and contracts that currently apply to those resources.
Access and Use
Users of Domtar's information technologies accept the following specific responsibilities:
1. Access to the information technologies is intended for the pursuit of Domtar's business goals and its administrative functions and shall not be used for personal commercial reasons or any other unauthorized use.
2. A computer username and password is intended for the exclusive use of the person to whom it is issued. Sharing of usernames and passwords amongst authorized persons is strongly discouraged, and all responsibilities must be borne by the person to whom a username is initially issued.
Domtar requires that all users choose secure passwords with a minimum of six (6) characters. Avoid words found in the dictionary and personal information. Include at least one numeric character.
3. Users shall not attempt unauthorized access to computing resources either within Domtar or outside.
4. Users shall use all systems in compliance with proprietary rights and be aware that, in addition to disciplinary action, as described in paragraph 17 below, any violation of proprietary rights will result in the liability of the user.
5. Users shall not use information technology systems for any unauthorized or illegal purpose, such as, but not limited to, the destruction or alteration of data owned by Domtar or third parties, the interference with restricted access to the information technology systems, the disruption of the systems, the attempt to discover or alter passwords or to subvert security systems, or the transmission or retrieval of offensive material.
6. Users shall protect computer equipment from theft. It is prohibited to move fixed computer equipment out of an area to which it was assigned, without proper authorization.
7. Users shall protect confidential or sensitive information stored on their hard disk by having adequate password control, which must be renewed regularly.
8. Users shall protect Domtar data from loss. If data is not kept on a network server, which is backed up, then it is the responsibility of individual users to ensure that data is backed up on a regular schedule. The location of back-ups shall be agreed upon with, and known to department management.
9. Users shall not remove company-owned software from the premises other than as part of a computing device made available by Domtar, without prior approval.
10. Users shall not send electronic communications that appear as though they were sent by someone else, without their express consent.
11. Users shall not send electronic junk mail, chain letters, jokes and alike, and messages of content that are considered offensive or disruptive such as, but not limited to, obscene or racial, ethnic, sexual or gender specific harassing language or images.
12. All approved notices of a personal nature should only be posted on the bulletin boards designated for that purpose.
13. Users shall not use, install, load or download any unlicensed commercial software or any unauthorized software. Non-commercial or personal commercial software must not be loaded unless approved by the information technology management.
14. Users shall not ask for or make any illegal copy of licensed software.
15. Purchase and disposition of hardware and software shall be coordinated with the information technology management.
16. All users shall report any unauthorized access attempts or other improper usage of Domtar computers, networks or other information processing equipment. If you observe, or have reported to you, a security or abuse problem with any Domtar computer or network facilities, including violation of this policy, you are encouraged to notify either the information technology management or other appropriate administrator.
17. Any use of Domtar's information technologies that is contrary to this policy could lead to disciplinary measures up to and including termination of employment and legal action. Some violations may also constitute criminal offences, as outlined in local/municipal, state/provincial or federal laws. Domtar will carry out its responsibility to report such violations to the appropriate authorities.
INTERNET
Access and Use
1. Domtar provides access to the Internet through its server for the use of its employees who require it in order to fulfil their functions. Information technology management authorizes access.
2. When using the Internet, employees must apply the following principles:
-
Maintain Domtar's reputation;
-
Utilize the Internet as a tool for continuous improvement of efficiency and performance;
-
Ensure the application of Domtar's Disclosure Policy and of the Confidential Information and Intellectual Property Agreement signed by the employee;
-
Ensure and maintain a high level of professionalism in keeping with Domtar's Code of Ethics.
Rules of Utilization
When using Domtar's access to the Internet, whether during or outside working hours, the following rules must be followed:
1. Internet access may be used only for Domtar's business purposes.
2. Internet usage must be able to survive public scrutiny and/or disclosure. Users must avoid accessing sites that might in any way bring discredit on Domtar such as those sites that carry offensive material.
3. Accessing or disseminating information that is illegal, defamatory, abusive, racially offensive, and/or adult-oriented is strictly prohibited.
4. Fraudulent, harassing or obscene messages and/or material are not to be sent, printed, requested, downloaded or stored; chain letters and other forms of mass mailings are also prohibited.
5. Users must not engage in personal commercial activities on the Internet, including offering merchandise for sale or ordering services or merchandise from on-line vendors.
6. It is the responsibility of each user to recognize and respect the intellectual property of others and to comply with all applicable laws and regulations and the legal protection provided by patents, trademarks, copyrights and licenses with respect to both programs and data downloaded from the Internet.
7. It is the responsibility of each user to respect and value the rights and privacy of all, to recognize and respect the diversity of the population and opinions of other Internet users, to behave ethically and to comply with legal restrictions regarding the use of information resources.
8. It is the responsibility of each user not to engage in any activity that would compromise the security of any Domtar host computer or circumvent any computer security measures imposed by Domtar or any other organizations of the Internet. In this context, it is prohibited to obtain passwords belonging to others, give out passwords, or to represent oneself as another user, or to attempt to ascertain security access codes.
9. All software, freeware, patches or other form of application must be reviewed by the information technology management for technical approval before downloading to reduce the risk of conflicts with other standard software products, operating systems and LAN products. Authorized application should be installed by qualified IT personnel.
10. Downloads from the Internet are potential sources of computer viruses. All files originating outside Domtar must be scanned for viruses before use.
11. Internet access to streaming media such as online television and /or online radio is restricted to Domtar's business purposes only and must be authorized by the information technology management to adequately monitor network loads.
12. Employees should limit their communications to topics in which they have a professional responsibility and expertise. All communications should be regarded as "on the record" and attributable to the employee who posted or sent the information.
13. Domtar's confidential or proprietary information or documents must not be sent over the Internet unless they are transmitted in a fully secured manner. Legally privileged information such as contracts, opinions, etc., should not be transmitted, under any circumstances.
14. Generally, each user must keep in mind that utilizing the Internet through Domtar's gateway may have legal implications and consequences. When engaging in activities on behalf of Domtar such as trading, selling, buying, marketing, advertising, etc., on the Internet or on-line, individual users must exercise extreme caution as any of these activities have legal consequences and may create legal obligations for Domtar. Before proceeding, proper authorizations must be obtained. If in doubt, advice may be sought from the Secretariat and Law Department.
15. Any inappropriate use or one that is contrary to this policy could lead to disciplinary measures up to and including termination of employment and legal action. Some violations may constitute criminal offences, as outlined in local/municipal, state/provincial or federal laws. Domtar will carry out its responsibility to report such violations to the appropriate authorities.
Systems Monitoring
Internet and e-mail access and use, including personal communications by Domtar employees, may be monitored, logged and reviewed by Domtar in order to assess the security of the network and compliance with this policy.
Administration
The Senior Vice-President and Chief Financial Officer is responsible for the implementation of this policy.