Cisco logo

Code of Business Conduct

I Protect What Is Ours

We are a leader in world-changing technology. Protecting the confidentiality, integrity and availability of our product development, financial base, intellectual assets, systems, competitive strategy, and brand keeps us at the forefront.

How can I help protect Cisco’s assets?

Do not provide information regarding Cisco, our customers or partners to others without securing the required approvals and written agreements. What may appear to be an innocent request for information could result in serious harm to our company. Be alert to requests for information from anyone inside or outside of Cisco including:

  • Overall business trends
  • Business in our geographic theaters
  • Product bookings or shipments
  • Customer names, contacts or information
  • Lead times
  • Lawsuits or intellectual property disputes
  • Suppliers
  • Intellectual (company) assets
  • Pricing
  • Product development

Employees are sometimes contacted by “external influencers” who are seeking information about Cisco's business, people, customers or partners. Any employee interaction with these parties – the press, industry analysts or members of the financial community – regarding our company must be coordinated with Cisco Corporate Public Relations, Global Analyst Relations, or Cisco Investor Relations respectively. Violation of this policy is serious and may result in disciplinary action, including immediate termination and possible prosecution for violation of securities laws.

  • What is considered to be proprietary information?

    It is valuable information that Cisco owns, has the right to use, or has access to. Proprietary assets represent the product of our hard work. They are often confidential and can include:

    Click to expand
    • software programs and subroutines
    • source and object code
    • engineering drawings
    • copyrighted works, ideas and know-how
    • techniques and inventions (patentable or not)
    • any design-related information
    • product specifications or mask works
    • algorithms and formulas
    • flowcharts, schematics and configurations
    • circuits and mechanisms
    • works of authorship and research
    • processes for tooling, manufacturing, assembly, installation and service
    • marketing and pricing
    • new product roadmaps
    • customer lists or information
    • trade secrets
    • costs or other financial data (including unannounced press releases, information about our business transactions, operations, acquisitions or mergers)
    • employee salaries and compensation terms

    Each of us is responsible for protecting the confidentiality, integrity, and availability of proprietary information that belongs to Cisco, our customers, vendors, partners and others with whom we do business:

    Confidentiality
    Only authorized persons or processes are allowed to have access to the proprietary information.

    Integrity
    The accuracy and reliability of the proprietary information is maintained by preventing the unauthorized modification of the information, either accidentally or intentionally.

    Availability
    Reliable and timely access to the proprietary information is maintained for authorized individuals and processes.

    Our ability to compete fairly in the marketplace depends on protecting the confidentiality, integrity, and availability of proprietary information. Cisco employees sign a nondisclosure agreement (NDA) when they are hired (and may need to sign additional agreements depending upon the nature of the job). In addition to the obligations outlined in the agreement, all employees must comply with the following requirements:
     

    Use or Release of Information

    Requests from External Parties
    Requests for confidential, proprietary information and the disclosure of confidential, proprietary information with third parties require a written agreement. Please visit NDA Central for further information.

    Internal Need-to-Know
    Confidential or proprietary information should be disclosed only to those Cisco employees with a legitimate business purpose, who need the information to do their jobs.

    Securing Third-Party Information
    Proprietary information of a customer, partner, supplier, vendor or other third party should not be used or copied by a Cisco employee unless its use is authorized in writing by the appropriate Cisco representative and the third party, and its data protection requirements have been identified by the third party.

    Bringing Information into Cisco

    Do not accept unauthorized information
    Any unsolicited, third-party proprietary information should be refused or, if inadvertently received by an employee, returned unopened or transferred to Cisco Legal.

    Former Employers
    Employees must refrain from using, or sharing with Cisco, proprietary information belonging to former employers (unless the former employer, or the rights to the information, have been acquired by Cisco).

  • Know our information security policies.

    Cisco has stringent information security policies to protect our electronic intellectual assets including: data classification and protection, password protection, remote access controls and the appropriate use of computing devices and networks. Cisco has the right to require security controls on all electronic and computing devices used to conduct Cisco business or interact with internal networks and business systems, whether owned or leased by Cisco, the employee or a third party.

    Note: Cisco also has the right to inspect at any time, all messages, files, data, software, or other information stored on these devices or transmitted over any portion of the Cisco network.

  • Manage company records properly.

    At Cisco, we collaborate and exchange information in various forms, whether it's an email, video, audio recording, or an electronic or paper document. Know the Cisco policies related to management and retention of records and email so that we are compliant with legal and business requirements.

    Be diligent in the storage, retention and disposal of records. In general, employees should retain all information that relates to a Cisco business record, legal matter (pending or anticipated), or audit. If you receive a “preservation notice” from Cisco Legal, you must follow it and retain all documents specified in that directive. Electronic records should be managed in Company-approved repositories (not on your hard drive, personal devices or non-approved third-party cloud providers). Paper and other physical records should be stored in a company-authorized offsite location, or secured in onsite file cabinets or access-controlled file rooms. Retention guidelines can vary depending on the nature of the content. Be familiar with the Cisco Record Retention Policy and Schedule to determine how long to keep your content and to prevent the disposition of information related to an investigation, claim or lawsuit.

    Contact the Enterprise Records & Information Management (ERIM) team for assistance.

  • Strictly limit sharing of customer information.

    Customers and other external parties trust Cisco with their vital technology, assets and/or infrastructure – which may sometimes include access to their employees' and customers' sensitive information. We must work to protect all of it.

    The world is moving toward the “Internet of Everything” era. As phone and computer systems evolve into new types of collaboration and cloud computing, the data protection risks are also evolving. Our company is a trusted business partner and all Cisco employees should be extremely cautious when handling any type of customer information.

    • Safeguard Against External Release – If our customer's data are exposed to other customers, partners, suppliers, competitors or to the public, we risk the loss of customers and damage to Cisco's reputation, as well as potential legal and regulatory penalties. Employees who breach this trust may also face consequences. Any actual or potential loss of customer data should be disclosed immediately using the Customer Data Loss reporting tool.
    • Maintain Tight Internal “Need to Know” Access – Cisco employees must not internally distribute customers' operational information, diagrams, video or other data beyond those within Cisco who need to know it to perform their current work. This includes sharing customer-specific “lessons learned” or “win information” with fellow Cisco team members. If you are unsure about whether or not to internally share customer-specific data, check with your manager or Legal.

    Refer to Cisco's Data Protection Policy for details about your responsibilities in handling Cisco's and others' information.