BASIC CODE of

Information Technology
Policy

Dole Food Company, Inc.

Corporate Information Technology (IT)
One Dole Drive
Westlake Village, CA

Version: 3.01BC
Created/Revised By:
Frans Nio - Director, Global Information Security
Revision Date: August 17, 2007
Effective Date: October 01, 2007

© Copyright 2007 Dole Food Company – All Rights Reserved.

FINAL – Dole Sensitive and Confidential – For Internal Use Only
 Table of Contents
1 Information Security Mission Statement...........................................................2
2 Management Letter .............................................................................................2
3 Roles and Responsibilities.................................................................................3
4 Policy Principles..................................................................................................3
4.1 Legal, Statutory, and Regulatory Compliance ..............................................3
4.2 Timely and Accurate Reporting ....................................................................3
4.3 Enforcement and Compliance ......................................................................3
4.4 Third Party Services and Service Centers....................................................3
5 Computer Use Policies .......................................................................................4
5.1 Waiver of Privacy..........................................................................................4
5.2 Personal Use of the Internet and E-mail.......................................................4
5.3 Unauthorized Activities .................................................................................4
5.4 Unauthorized Software and Hardware Tools................................................4
5.5 Portable Computer Physical Security ...........................................................4
5.6 Backup of Local Computers .........................................................................5
6 Logical Access ....................................................................................................5
6.1 Access to Information ...................................................................................5
6.2 Protecting Passwords...................................................................................5
6.3 Clear Desk Policy .........................................................................................5
6.4 Unattended Computers and Information ......................................................6
7 Internet Connection Policies ..............................................................................6
7.1 Internet Access.............................................................................................6
7.2 Inappropriate Internet sites...........................................................................6
7.3 Prohibited Internet Activity............................................................................6
7.4 Externally Reachable Web Sites ..................................................................6
8 Virus Protection...................................................................................................6
9 Copyright Policies ...............................................................................................7
10 Contact Information ............................................................................................8

© Copyright 2007 Dole Food Company – All Rights Reserved. 1

FINAL – Dole Sensitive and Confidential – For Internal Use Only
1 Information Security Mission Statement

“Dole Information Technology organization is committed to protecting Dole’s

information and information systems assets from failure of availability, confidentiality,
and integrity, while at the same time, ensuring that important internal controls are in
place throughout Dole’s data center operations and other processing facilities
globally.”

2 Management Letter

To ALL DOLE EMPLOYEES:

As Dole continues to expand its operations globally, it becomes ever more critical for
each employee to do his or her part in protecting Dole’s information. Accordingly, we
have developed this policy document to establish the framework and provide
guidelines of information security practices through out the company.

It is your duty and obligation to adhere to the IT policies, procedures, and standards
outlined in these policy documents, and to report conduct not consistent with our
policy.

Thank you.

© Copyright 2007 Dole Food Company – All Rights Reserved. 2

FINAL – Dole Sensitive and Confidential – For Internal Use Only
3 Roles and Responsibilities
All individuals with access to Dole’s business information assets (Dole’s
employees, contractors, consultants, vendors, business partners, and temporary
employees) are responsible for the safe handling, and protection of business
information assets.

4 Policy Principles

4.1 Legal, Statutory, and Regulatory Compliance

All Dole employees, contractors, and other third parties must comply with the
legal, statutory, and regulatory requirements, both domestic and international,
pertaining to the protection, sharing, or disclosure of Dole’s information.

4.2 Timely and Accurate Reporting

All employees, contractors, and other third parties are required to report
information security violations, problems, or threats to the Business Unit IT
Management and/or to Global Information Security Director
Specific information regarding violations and vulnerabilities must not be
distributed to or shared with persons who do not have a valid ‘need-to-know’.

4.3 Enforcement and Compliance

All Dole companies, divisions, subsidiaries, business partners, managers, and
Business Unit personnel are responsible for pro-actively enforcing the
information security policies, standards, and procedures. Individuals who
violate the policy may be subject to disciplinary action up to and including
termination and may incur criminal or civil liability. Business Unit IT is
responsible for working with the HR department to ensure that employees,
consultants, and contractors are informed and understand the disciplinary action
that will take place upon non-compliance with the Information Technology
policies.

4.4 Third Party Services and Service Centers

Third parties that have access to Dole’s information must guard it with the same
diligence as Dole.
All contractors and consultants who will be accessing Dole’s information and
system assets must sign the Basic Code of Information Technology Policy
Acknowledgement form.

© Copyright 2007 Dole Food Company – All Rights Reserved. 3

FINAL – Dole Sensitive and Confidential – For Internal Use Only
5 Computer Use Policies
Dole communications systems, including e-mail, voice-mail, and computer
systems, are company property and should be used for business purposes only.

5.1 Waiver of Privacy

Users of Dole facilities waive all rights to privacy in anything they create, store,
send, or receive on Dole’s computers or through Dole’s connections to the
Internet. Dole reserves the right to monitor any and all aspects of its computer
system and network to ensure compliance with Dole policies. Monitoring
includes, but is not limited to, tracking the sites that users visit on the Internet,
monitoring chat groups and newsgroups, and reviewing material downloaded or
uploaded.

5.2 Personal Use of the Internet and E-mail

While Dole recognizes that individuals who use computer systems may
occasionally need to use the Internet or e-mail for personal reasons, users
should understand that such usage is not considered private. All personal use
must not interfere with Dole’s business and should be limited to a minimum.

5.3 Unauthorized Activities

Dole resources must not be used for any of the following activities:
• Receiving, viewing, sharing, or distributing any materials that may be
deemed offensive or which is prohibited by the company policy.
• Commercial or personal advertisements.
• Solicitations or promotions of any outside business.
• Political lobbying or promoting political activities.
• Any commercial purpose other than official Dole business.
• Distribute chain letters or solicitation e-mails to others using company
email systems.

5.4 Unauthorized Software and Hardware Tools

Employees and others with access to Dole network, apart from the authorized
personnel in the Information Technology department, are prohibited from using
security testing tools, network packet analyzers, sniffers, port scanners,
password crackers, or any similar tools or technologies. Authorized personnel
must obtain approval from Business Unit IT leader for temporary use of such
tools.

5.5 Portable Computer Physical Security

• Portable computers must be kept physically secure. Employees,
contractors, and others assigned to a portable computer by Dole must
© Copyright 2007 Dole Food Company – All Rights Reserved. 4
FINAL – Dole Sensitive and Confidential – For Internal Use Only
 assume all responsibilities of the security of the portable computer and
the information/programs/data stored in it.
• Users must assume responsibilities of the security of all removable media
(disks, tapes, etc.).

5.6 Backup of Local Computers

Employees or others using Dole’s desktop/laptop computers are responsible for
ensuring that locally held Dole information is properly backed up and
recoverable.
All data stored on portable computers should be backed up on at least a biweekly
basis to a centralized server or removable media (floppy disks, CDs, external
drivers, or backup tape). Users or owners of the information stored in portable
computers are responsible for backing up their data.

6 Logical Access

6.1 Access to Information

Access to information must be granted based on an individual’s job
responsibilities and/or a valid need-to-know.
Unauthorized access or use of an individual’s account is prohibited.

6.2 Protecting Passwords

• Passwords should be considered personal and must be well protected.
• Passwords must not be written down and left in a place where
unauthorized persons might discover them.
• Passwords should not be sent through internet e-mail unless securely
encrypted.
• Passwords must not be disclosed or shared with anyone.
• In general, users should never disclose their password to anyone
(including to IT personnel or system administrator) in any circumstances.
User password must remain personal and confidential even in the event
of a user lock-out. Administrator should be able to assist users without
knowing the users' password.
• The sharing of user IDs is prohibited except in specific, approved
situations.

6.3 Clear Desk Policy

Sensitive documents, or removable media containing sensitive information,
should not be left unattended where someone could easily pick it up, such as in
the copying machine, printer, fax machine, or in an unsecured office or
workspace.

© Copyright 2007 Dole Food Company – All Rights Reserved. 5

FINAL – Dole Sensitive and Confidential – For Internal Use Only
 6.4 Unattended Computers and Information
Systems must have a feature that protects access to the information on the
screen and to further data in the machine if being left unattended after a defined
time (at the longest 20 minutes), and must not allow access until released by a
valid password.

7 Internet Connection Policies

7.1 Internet Access

All outbound access to the Internet must be made through a proxy server. Direct
connections outbound to the Internet must not be allowed.

7.2 Inappropriate Internet sites

Access to inappropriate sites through Dole facilities and equipment is prohibited.
Examples of such sites may include but are not limited to:
• Sexually explicit sites
• Hacker sites
• Warez (pirated software or hacker tools) related sites
• Sites that may conflict with Dole policies and/or business interests

7.3 Prohibited Internet Activity

• Downloading or installing of freeware and/or shareware is prohibited
unless approved by the Business Unit IT leader.
• Re-mailer services, drop-boxes, or identity stripping may not be used.
• Employees must not use the Internet for playing games.
• Sending or retrieving pornographic material, inappropriate text files, or
files dangerous to the integrity of the network.
• Any way that violates federal, state, or local laws or statutes.

7.4 Externally Reachable Web Sites

All web sites available to the public or entities outside of the Dole must be
approved by the Business Unit IT leader, and the Corporate Information Security
Director. Web sites for the Dole Intranet must be approved by Business Unit IT
leader.
Publishing personal Web Sites using Dole’s equipment of network is prohibited.

8 Virus Protection
Anti-virus software must be installed and activated on each desktop, laptop, and
server with real-time scanning enabled at all times.
Each floppy disk or other media to transfer data into a computer must be
scanned for viruses.
© Copyright 2007 Dole Food Company – All Rights Reserved. 6
FINAL – Dole Sensitive and Confidential – For Internal Use Only
9 Copyright Policies
The loading of pirated (unlicensed) software on Dole’s machines is prohibited.

© Copyright 2007 Dole Food Company – All Rights Reserved. 7

FINAL – Dole Sensitive and Confidential – For Internal Use Only
10 Contact Information
For questions, please contact:

Dole Food Company, Inc.

Corporate Information Technology (IT) Department

One Dole Drive
Westlake Village, CA 91362
Phone: (818) 879-6789
Fax: (818) 879-6671
E-Mail: [email protected]

© Copyright 2007 Dole Food Company – All Rights Reserved. 8

FINAL – Dole Sensitive and Confidential – For Internal Use Only