DATA SECURITY POLICY &

NON DISCLOSURE AGREEMENT BY EMPLOYEES

I have received a copy of HESL (Karnataka) security policy # SP 2001/01, dated 20.06.2002
covering

a) Network, Internet, Intranet & Email usage & Security Policy – Annexure I
b) Password & Disk Non-Sharing Security Policy – Annexure II

I recognize and understand that the company’s electronic communication and network
infrastructure are to be used for conducting the company’s business.

As part of HESL and as a user of HESL’s networking infrastructure including Internet,

Intranet and email system, I understand that this Policy applies to me. I have read the
aforementioned document and agree to follow all policies and procedures that are set forth
herein. I further agree to abide by the standards set in the document for the duration of my
employment with HESL.

I am aware that violations of this Policy may subject me to disciplinary action, up to and
including discharge from employment. I further understand that all my communications
reflect HESL worldwide to our competitors, consumers, customers and suppliers.

Furthermore, I understand that this document can be amended at any time.

Employee’s Signature Date

Employee’s Printed Name

HR Head’s Signature
 Annexure I

NETWORK, INTERNET, INTRANET & EMAIL USAGE POLICY

The uses of Internet, Intranet and Email are the means to make business and
communication very effective. These are valuable and costly Corporate resources to
facilitate the business of the company. Irresponsible use of these resources not only reduces
the availability of these resources for critical business operations but may compromise on
Corporate Data Security and network Integrity leaving the company open to potential
damaging litigation.

For effective and secured uses of above facilities, the following policy needs to be adhered
to by the employee:

1. Acceptable uses of company Internet, Intranet and Email facility access:

The company provides the above for business usage. Every staff member has
the responsibility to maintain and enhance the company’s public image and to
use company e-mail and access to Internet & Intranet in a responsible and
productive manner that reflects well on the company. The company recognizes
that there may be occasional personal use (with the approval of management),
but this shall not be excessive or unreasonable.

2. Unacceptable uses of company e-mail and Internet access:

The company e-mail and Internet access my not be used for transmitting,
retrieving or storage of any communications of a discriminatory or harassing
nature or materials that are obscene or involving gambling or “X-rated” material.
No messages with derogatory or inflammatory remarks about an individual’s
race, age, disability, religion, national origin, physical attributes or sexual
preference shall be transmitted. This should not be used for any other purpose
that is illegal or against company policy or contrary to the company’s best
interests. Solicitation of non-company business, or any use of the company’s e-
mail and Internet for personal gain, is prohibited.

3. Communications
Each employee is responsible for the content of all text, audio or images that is
place or send over the company’s e-mail and Internet system. No e-mail or other
electronic communications may be sent that hides the identity of the sender or
represents the sender as someone else or someone from another company. All
messages communicated on the company’s e-mail and Internet system should
contain the employee’s name.

Any messages or information sent by and employee or another individual outside

of the company via an electronic network (e.g., bulletin board, online service or
Internet) are statements that reflect on the company. While some users include
personal “disclaimers” in electronic messages, there is still a connection to the
company, and the statements may legally be tied to the company. Therefore, it is
required that all communications sent by employees via the company’s email and
Internet system comply with all company policies and not disclose any
confidential proprietary company information.
4. Unauthorized Software Downloading:
To prevent computer viruses form being transmitted through the company’s
e-mail and Internet system, there should not be any downloading of any
unauthorized software. All software downloaded must be registered to the
company. Employees should contact IS if they have any question.

5. Copyright Issues:
Employees on the company’s e-mail and Internet system may not transmit
copyrighted materials belonging to entities other than this company. Please note
that non-adherence to this policy puts the company in serious legal jeopardy and
opens the company up to significant lawsuits and public embarrassment. All
employees obtaining access to other companies’ or individuals’ material must
respect all copyrights and may not copy, retrieve, modify or forward copyrighted
materials, except with permission. Failure to observe copyright or license
agreement may result in disciplinary action. If you have questions about any of
these legal issues, please speak with your Functional Head/IS/Legal before
proceeding.

6. Security :
The company may routinely monitors usage patterns in its e-mail and Internet
communications. The reasons for this monitoring are many, including cost
analysis, security, bandwidth allocation and the general management. All
messages created, sent or retrieved over the company’s E-mail, Intranet and
Internet is the property of the company. Pl. note that the company does not
presently intend to examine the content of the communication over the Internet
whether in email, chat or any other media. However, intention to monitor the
extensions of the tracks being generated much like the telephone bills tracks the
calls made, number of the call and the time of the call but not the conversation.
However, the company reserves the right to access and monitor the content of all
messages and files on the company’s e-mail and Internet system at any time in
the future with or without notice. Employees should not assume electronic
communications are totally private and should transmit highly confidential data in
other ways. E-mail messages regarding sensitive matters should not warn that
such communications are not intended to be secure or confidential. This is just
good business sense.
 PASSWORD & DISK NON-SHARING POLICY

We, in HESL, are handling very sensitive and confidential data. It is important as
well as mandatory to ensure the security of data. We recommend the following
with a request to adhere to the same”

1. Password security – One of the critical entity is password.

a. Sharing of login/password with a various systems and modules in place,

sharing of password/login is a major data security risk. It immediately lead to
problems of inconsistency and prone to mis-use. Due to what, whenever
problem arises, it becomes difficult to track down as to who has done it.

Please note that the activity done on an individual’s password is the

responsibility of the person concerned and he/she is accountable for the
same. Sharing of password for reasons what so ever cannot be treated as an
excuse. Accordingly please ensure not to share the password.

b. Password changes: Due to reasons mentioned above, it is in the interest of

an individual to ensure that password is changed frequently, preferably at
least once a week.

c. Deciding password: It has also been observed that people are using most
common personal elements for defining their password. It is strongly
recommended that password should be unique and should not have any
resemblance to common personal information e.g. your name/spouse’s
name/telephone no./vehicle no./date of birth etc. Moreover, please memorize
and avoid to write down your password specially at most obvious & visible
places like calendar on your desk, diary, scratch pads etc.

2. Sharing of Disk – Please avoid sharing of your hard disk. In exceptional

cases even if you have to share within a group, please make sure that
sharing is done through proper password protection otherwise any hacker can
hack into your hard disk, go through your files and may even delete your files.
Risk is yours.