Code of Business Conduct
I Protect What Is Ours
We are a leader in world-changing technology. Protecting the confidentiality, integrity and availability of our product development, financial base, intellectual assets, systems, competitive strategy, and brand keeps us at the forefront.
How can I help protect Cisco’s assets?
Do not provide information regarding Cisco, our customers or partners to others without securing the required approvals and written agreements. What may appear to be an innocent request for information could result in serious harm to our company. Be alert to requests for information from anyone inside or outside of Cisco including:
- Overall business trends
- Business in our geographic theaters
- Product bookings or shipments
- Customer names, contacts or information
- Lead times
- Lawsuits or intellectual property disputes
- Suppliers
- Intellectual (company) assets
- Pricing
- Product development
Employees are sometimes contacted by “external influencers” who are seeking information about Cisco's business, people, customers or partners. Any employee interaction with these parties – the press, industry analysts or members of the financial community – regarding our company must be coordinated with Cisco Corporate Public Relations, Global Analyst Relations, or Cisco Investor Relations respectively. Violation of this policy is serious and may result in disciplinary action, including immediate termination and possible prosecution for violation of securities laws.
-
What is considered to be proprietary information?
It is valuable information that Cisco owns, has the right to use, or has access to. Proprietary assets represent the product of our hard work. They are often confidential and can include:
Click to expand- software programs and subroutines
- source and object code
- engineering drawings
- copyrighted works, ideas and know-how
- techniques and inventions (patentable or not)
- any design-related information
- product specifications or mask works
- algorithms and formulas
- flowcharts, schematics and configurations
- circuits and mechanisms
- works of authorship and research
- processes for tooling, manufacturing, assembly, installation and service
- marketing and pricing
- new product roadmaps
- customer lists or information
- trade secrets
- costs or other financial data (including unannounced press releases, information about our business transactions, operations, acquisitions or mergers)
- employee salaries and compensation terms
Each of us is responsible for protecting the confidentiality, integrity, and availability of proprietary information that belongs to Cisco, our customers, vendors, partners and others with whom we do business:
Confidentiality
Only authorized persons or processes are allowed to have access to the proprietary information.Integrity
The accuracy and reliability of the proprietary information is maintained by preventing the unauthorized modification of the information, either accidentally or intentionally.Availability
Reliable and timely access to the proprietary information is maintained for authorized individuals and processes.Our ability to compete fairly in the marketplace depends on protecting the confidentiality, integrity, and availability of proprietary information. Cisco employees sign a nondisclosure agreement (NDA) when they are hired (and may need to sign additional agreements depending upon the nature of the job). In addition to the obligations outlined in the agreement, all employees must comply with the following requirements:
Use or Release of Information
Requests from External Parties
Requests for confidential, proprietary information and the disclosure of confidential, proprietary information with third parties require a written agreement. Please visit NDA Central for further information.Internal Need-to-Know
Confidential or proprietary information should be disclosed only to those Cisco employees with a legitimate business purpose, who need the information to do their jobs.Securing Third-Party Information
Proprietary information of a customer, partner, supplier, vendor or other third party should not be used or copied by a Cisco employee unless its use is authorized in writing by the appropriate Cisco representative and the third party, and its data protection requirements have been identified by the third party.Bringing Information into Cisco
Do not accept unauthorized information
Any unsolicited, third-party proprietary information should be refused or, if inadvertently received by an employee, returned unopened or transferred to Cisco Legal.Former Employers
Employees must refrain from using, or sharing with Cisco, proprietary information belonging to former employers (unless the former employer, or the rights to the information, have been acquired by Cisco). -
Know our information security policies.
Cisco has stringent information security policies to protect our electronic intellectual assets including: data classification and protection, password protection, remote access controls and the appropriate use of computing devices and networks. Cisco has the right to require security controls on all electronic and computing devices used to conduct Cisco business or interact with internal networks and business systems, whether owned or leased by Cisco, the employee or a third party.
Note: Cisco also has the right to inspect at any time, all messages, files, data, software, or other information stored on these devices or transmitted over any portion of the Cisco network.
-
Manage company records properly.
At Cisco, we collaborate and exchange information in various forms, whether it's an email, video, audio recording, or an electronic or paper document. Know the Cisco policies related to management and retention of records and email so that we are compliant with legal and business requirements.
Be diligent in the storage, retention and disposal of records. In general, employees should retain all information that relates to a Cisco business record, legal matter (pending or anticipated), or audit. If you receive a “preservation notice” from Cisco Legal, you must follow it and retain all documents specified in that directive. Electronic records should be managed in Company-approved repositories (not on your hard drive, personal devices or non-approved third-party cloud providers). Paper and other physical records should be stored in a company-authorized offsite location, or secured in onsite file cabinets or access-controlled file rooms. Retention guidelines can vary depending on the nature of the content. Be familiar with the Cisco Record Retention Policy and Schedule to determine how long to keep your content and to prevent the disposition of information related to an investigation, claim or lawsuit.
Contact the Enterprise Records & Information Management (ERIM) team for assistance.
-
Strictly limit sharing of customer information.
Customers and other external parties trust Cisco with their vital technology, assets and/or infrastructure – which may sometimes include access to their employees' and customers' sensitive information. We must work to protect all of it.
The world is moving toward the “Internet of Everything” era. As phone and computer systems evolve into new types of collaboration and cloud computing, the data protection risks are also evolving. Our company is a trusted business partner and all Cisco employees should be extremely cautious when handling any type of customer information.
- Safeguard Against External Release – If our customer's data are exposed to other customers, partners, suppliers, competitors or to the public, we risk the loss of customers and damage to Cisco's reputation, as well as potential legal and regulatory penalties. Employees who breach this trust may also face consequences. Any actual or potential loss of customer data should be disclosed immediately using the Customer Data Loss reporting tool.
- Maintain Tight Internal “Need to Know” Access – Cisco employees must not internally distribute customers' operational information, diagrams, video or other data beyond those within Cisco who need to know it to perform their current work. This includes sharing customer-specific “lessons learned” or “win information” with fellow Cisco team members. If you are unsure about whether or not to internally share customer-specific data, check with your manager or Legal.
Refer to Cisco's Data Protection Policy for details about your responsibilities in handling Cisco's and others' information.
-
What If...
What If...
What If...
I used to work at one of Cisco's competitors. Is it okay to talk with my Cisco work group about some of my former employer's sales strategies?
No. You should not share information that would be considered confidential or proprietary. Refer to the Guidelines Regarding Proprietary Information Of Former Employers for more information.
What if I receive an e-mail or package that contains a competitor's proprietary data?
Do not read the document and do not share it with coworkers or your manager. A package should be quickly sealed and secured. Do not forward the email. Contact Cisco Legal immediately and wait for their instructions.
I am on a project that will involve exchange of confidential information with a third party. Do I need to put a Non Disclosure Agreement (NDA) in place before beginning the conversation with them?
Yes – an NDA, or another appropriate agreement, should be put in place at the beginning of any new business relationship. Check NDA Central to see if an NDA is already on file.
What if I am being asked (verbally or in writing) to commit to pricing that is not within Cisco's approved terms?
Any commitment or promise by Cisco to a customer or partner that is outside of Cisco's approved terms, whether or not intended to be legally binding, is a “side commitment.” A side commitment may violate financial reporting requirements, cause customer satisfaction issues and legal liabilities, and may cause Cisco to restate earnings. Discuss with your manager, sales controller and/or Cisco Legal if you feel internal or external pressure to make side commitments.
Have another question? Post it on the Ethics Discussion Forum or contact the Ethics Office for assistance.
-
Tools / Resources
Tools / Resources
-
Ask / Report
Ask / Report
Ask / Report
E-mail
- Ethics Office: ethics@cisco.com or COBC@cisco.com
- Audit Committee of the Board of Directors: auditcommittee@external.cisco.com
Online
- Anonymous Web Form
- Ethics Disclosure Tools - Gifts, Entertainment or an Outside Business Interest
- A secure, internal online case reporting/management tool (called CITE)
Phone
The multi-lingual Cisco Ethics Line is available 24 hours a day, 7 days a week, worldwide, with country-based toll-free phone numbers. The Ethics Line is staffed by a leading third-party reporting service. You have the option to remain anonymous* when you call; however, the investigation may be hindered if the investigator is unable to contact you for further information.
*Please note: Some countries do not allow such concerns to be reported anonymously.
Regular Mail
Questions and concerns regarding accounting, internal accounting controls, or auditing matters (or other related issues) can be submitted — confidentially or anonymously — to the Audit Committee of the Board of Directors. at the following private mailbox (PMB):
Cisco Systems, Audit Committee
105 Serra Way, PMB #112, Milpitas, CA 95035