The YTL Group Electronic Communications Usage Policy

Kindly review the Electronic Communications Usage Policy (Policy) below.

You are required to accept this Policy in order to use the Groups electronic communications and IT
facilities and to access the Intranet. Upon your agreement, the Policy will be binding on you and must be
observed at all times.
If there are revisions to the Policy you will be notified of the revisions at such time.

This Policy is endorsed by the Board of Directors and will be communicated to all employees, advisors,
consultants or any other person working on behalf of any Group company. It may be altered or withdrawn
at any time.
Compliance with this Policy is mandatory and any breach will attract disciplinary action

1.

Policy Statement

This Policy is written to ensure that all users of the YTL Groups (Group) electronic communications, mobile communications and computer
resources do so in a manner consistent with the values and objectives of the Group, whilst ensuring the security of the Groups computer based
infrastructure. This Policy describes the scope, roles, responsibilities and risks associated with use of these resources, and all users are
responsible for understanding and complying with this Policy when using the resources of the Group.
This Policy will apply to all users of the resources, principally employees, and will extend to advisers, consultants and any other person working
for or on behalf of any company of the GroupThis Policy is intended to act as a guide and to serve as a single reference point for identifying the
range of controls in relation to electronic communications. However, it does not purport to be a comprehensive set of rules. All employees will
also need to be guided by their contracts of employment, confidentiality undertakings and their duties to their respective Group employers.
The following purposes for using electronic communications equipment are recognised:
1.

E-mail exchange is required to achieve the Groups business objectives;

2.

Use of electronic communication resources will enhance cost-effective communications within the Group;

3.

Electronic communication resources can facilitate improved communication with the various business parties involved in
interaction with the Group;

4.

E-mail communications, the Intranets and developments in employee communications can promote effective two-way
communication;

5.

Use of the Intranet and Internet will develop a knowledge-sharing culture;

6.

Electronic communications resources allow documents to be read without difficulties caused by incompatible software.

It is the responsibility of all users of these resources to observe the policies and guidelines on use of computer systems, networks and data, as
amended from time to time. Breach of this Policy will be treated seriously and may result in action being taken against individual employees
under other procedures (e.g. Disciplinary Rules).
Heads of Department are responsible for the day-to-day implementation of this Policy and for ensuring that those for whom they are responsible
use the systems and networks in the appropriate manner and follow company rules.
The scope of this Policy is defined in the following sub-sections:

1.1

Sending and Receiving e-mail

Where electronic correspondence is sent to an external organisation and the sender is representing any Group company, it should be treated as if
it were correspondence on company headed paper. Users should be aware that exchange of e-mail may enter into or vary contractual
relationships on the Companys behalf, and such exchanges must therefore be made only with appropriate authorisation.
Notwithstanding that, users are to ensure that every e-mail sent out (including response to any e-mail) shall include the following statement:

This message (including any attachments) is for the use of the addressee only. It may contain private proprietary or legally
privileged statements and information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the
intended recipient, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the
sender. You must not, directly or indirectly, use, disclose, distribute, print, copy or rely on any part of the message if you are not
the intended recipient. Any views expressed in this message (including any attachments) are those of the individual sender and not
those of any member of YTL Group, except where the message stated otherwise and the sender is authorised to state them to be
the views of any such entity.
Inappropriate language, obscenity, and libellous or defamatory statements and statements containing any rumours or unsubstantiated facts or
conjecture are prohibited at all times. Words should be chosen carefully as they might be misunderstood or misconstrued, either by the initial
recipient or by anyone else to whom it may be forwarded. Language that may be misunderstood or misconstrued as harassment, racial bias, age
or gender discrimination, or any other improper treatment should never be used. Derogatory statements and language should never be used in
relation to internal or external matters as this could render the company liable to third parties if any statement is untrue, offensive or misleading.
E-mail must not be used for any illegal purpose, or for accessing, receiving or transmitting any material deemed illegal, indecent, offensive or
otherwise unacceptable under Malaysian law, the laws of any destination country or any country via which such material travels to reach its
destination or Group policy.
E-mail file attachments whose contents cannot be verified should not be stored.
Sensitive or confidential information should not be sent from or held on external e-mail systems on the Internet, unless authorised by the
responsible Director.
Information received by e-mail will be treated in the same manner as all other written memos, and therefore e-mails should not be forwarded or
further disseminated except where it is for an identified business purpose.
E-mail users must ensure the correct e-mail address(es) is chosen from the address book or typed in as accurately as possible. The reply to all
function should not be used unless it is necessary that all recipients see the reply. As e-mail is intended to be a person-to-person form of
communication, users should note that e-mails will be received directly by the addressee. Any message received in error should be forwarded to
the correct addressee if identifiable, or forwarded to the Group e-mail Administrator.

Users of e-mail should check their mailbox regularly and delete unwanted messages since they take up disk space. They should also retain e-mail
only as long as necessary and resist sending or forwarding long series of notes. The inbox is not a place for storing files. For exchanges of e-mail
where an audit trail is required (e.g. contractual agreements), archiving facilities should be used regularly.
When using e-mail facilities, you should be aware that junk or chain mail slows down the system for all users and is expensive and timeconsuming to remove. This includes sending or forwarding jokes or cartoons. Disciplinary action may be taken against users who forward such
mail. Using the Companys system to send mass e-mailings over the Internet (including Spam) is prohibited.
Do not store files if you cannot verify the contents.

1.2

Communications by Fax

Communications by fax are also a form of electronic communication and should be sent and received in accordance with guidelines on sending
and receiving e-mail.

1.3

Access to Internet

Users of the Groups electronic communications and computer resources do not automatically have access to the Internet from a browser within
the Group. This is not a service on demand but is provided to those who require the service to access business-related information on instruction
from the relevant Director.
Internet access must not be used for accessing, receiving, transmitting or downloading any material deemed illegal, pornographic in nature,
indecent, offensive or otherwise unacceptable under Malaysian law, the laws of any destination country or any country via which such material
travels to reach its destination or Group policy. Users are also prohibited from subscribing to Newsgroups not associated with the Groups
interests, and from posting information relating to the Group or on the Groups behalf. This includes a specific prohibition on the use of private
webmail accounts and associated chat rooms and forums.
When using any computer attached to a Group network, users must not access the Internet except through a Group approved Internet firewall.
Users must not access the Internet directly, whether through a modem or through another service provider, unless the accessing computer is
disconnected from all Group networks.

1.4

Privacy of Electronic Communications

Users of the Groups electronic communications should be aware that e-mail and other electronic communications are not private.
The Group may access or disclose private electronic messages or files of an employee with good cause, provided that it follows appropriate
procedures. Good cause shall include the need to protect system security, fulfil company obligations, detect employee wrong doing, comply with
legal process, or protect the rights or property of the Group. Procedures include review by senior managers and members of the Group IT
Security team to ensure that employee privacy is not infringed without good cause.
On occasion, it may be necessary for electronic mail and messaging service support staff to read an electronic mail message which has failed to
reach its destination. The purpose of this is to determine, if possible, the intended addressee and redirect the message to the correct address, not
to read nor discuss the content of the message.

1.4.1

Monitoring

The Group may engage in monitoring of electronic mail messages or other electronic files created by employees for valid business purposes,
including employee supervision. All users are made aware of such monitoring and acceptance of this Policy will be deemed to be consent to
such monitoring.
Employees should bear in mind that all Internet site visits are traceable.
Users must not engage in illegal copying of works which are protected by copyright, database right or other protection, nor may users make
available copies of such works. Users are responsible for observing copyright and licensing agreements that may apply to files, documents,
software and other materials that they wish to download. Users must obtain approval of the Groups IT Head of Department before downloading
any materials.

1.4.2

Security

The Internet and other external electronic communications are not secure. Any message sent over the Internet may potentially be intercepted and
read or altered by anyone, and Internet communications are not anonymous. E-mail notes could be easily forwarded to others, or printed and
made available to individuals not on the network (including competitors outside the Group).
Users should avoid communicating confidential, proprietary or sensitive information via the Internet or other comparable electronic
communications media. Users should note that e-mails (like company files, letters, memos, and other business correspondence) can generally be
discovered by opposing parties in litigation.
.

1.5

Security Rules when using Communications and Computer Resources

Users will be required to change your network password frequently and not to disclose your network password to others to protect your login
from unauthorised access. This will prevent other users from sending inappropriate information from your account. If users decide to disclose
their password to others (e.g. manager to secretary), then they accept responsibility for the third partys use of their account. There must be no
attempt to discover any other users password nor attempts to hack into another users e-mail account or the Groups computer systems.
In addition, when workstations are left unattended, users should either logout, or use a password-protected screensaver to prevent others from
using their account.
Users may acquire, copy, distribute and use software only in accordance with the applicable licensing agreement. It is the responsibility of users
to find out the terms of the licensing agreement. Details of licensing and other policies may be obtained from the IT Department. Users are not
allowed to copy or otherwise transfer company software of any electronic files held within the Groups computer systems for use outside the
Group.
All Group policies on confidential information apply to information held and processed by electronic communications, and must therefore be
complied with. In particular, where possible information relating to third parties, whether individuals or organisations, should not be sent via
electronic communications.
Anti-virus measures in place are there to protect the Groups systems against loss of data and serious disruption to the Groups business which
can result from viruses and must be complied with. Users should also store large files only where necessary (for example, photographs) as these
consume valuable network space.
If users suspect that another user is not complying with this Policy, they should alert their Head of Department or the Personnel Department.

1.6

Use of Electronic Communications and Computer Resources for Personal

Purposes

While access to e-mail and the Internet are via a Group-owned asset and computer system, the Group permits limited and reasonable use of these
facilities for occasional personal purposes. This does not include uses requiring substantial expenditures of time, uses for profit or uses that
would otherwise violate Group policies on employee time commitments or Group equipment. Excessive personal use will result in disciplinary
action.
Users should note that the Group reserves the right to monitor employee communications in order to prevent misuse. Personal messages will be
treated no differently from other messages, so users of the Groups equipment for personal purposes will be deemed to have waived any claim to
privacy.

1.7 Disciplinary Action

Users must take serious note that any breach of this Policy will be regarded as misconduct that could result in disciplinary action. Some activities
may be considered gross misconduct - the following list gives some examples of such activities, but is not exhaustive:
1.

Attempting to gain unauthorised entry to the system.

2.

Attempting to gain unauthorised entry to the system for mischievous purposes.

3.

Using unlicensed software.

4.

Using unauthorised versions of software unless evaluation is taking place.

5.

Using private software, including games or discs supplied with magazines.

6.

Copying Company software to the individuals own PC without authorisation.

7.

Non-compliance with license conditions

8.

Downloading or using materials from the Internet without the authorisation of the owner.

9.

Downloading or using any materials from the Internet deemed illegal, pornographic in nature, indecent, offensive or
otherwise unacceptable under Malaysian law, the laws of any destination country or any country via which such material
travels to reach its destination or Group policy.

10.

Sending or forwarding junk or chain e-mail or sending mass e-mailings over the Internet (e.g. Spam).

11.

Using, obtaining, holding or transferring personal information contrary to Data Protection legislation.

12.

Any other actions contrary to the conditions imposed by regulatory authorities or contrary to Group policy or employees
Contracts of Employment.

1.8

Indemnity for Breach

Users shall at all times indemnify and keep the relevant Group company indemnified against all and any action(s), suit(s), proceeding(s),
claim(s), summon(s), fine(s), penalty(ies), damage(s), loss(es) and/or expense(s) whatsoever (whether direct, indirect, special, consequential or
otherwise) which may at any time be brought, instituted or made against the relevant Group company or suffered, sustained or incurred by the
relevant Group company in respect of or in connection with any breach of this Policy. Users should take note of the fact that this includes the
cost of restoring the Groups computer systems which have been infected by viruses or other forms of contamination as a result of any breach of
this Policy.

Kindly indicate your acceptance of this Policy by signing and returning a copy of the Policy on or
before
. Please note that by accepting this Policy, you will also be deemed to accept
revisions to the Policy that may be introduced from time to time by the Board.

Signature : ------------------------------------------------Name : ----------------------------------------------------Company: ------------------------------------------------Department : ---------------------------------------------