NOVATIUM SOLUTIONS (P) LTD.

TYPE OF DOCUMENT Human Resources Policies & Procedure Manual

TITLE Information Security Policy
DATE OF PRINTOUT August 1, 2008 Page 1 of 5
FILED UNDER C:\Users\George\Documents\Novatium MyD\HR-Policies\Information
Security Policy.DOC

LOCATIONS Novatium Solutions (P) Ltd., Chennai

AUTHOR/ SIGNATURE HR – Head/ VP - CIM
APPROVED BY CEO
DATE OF ESTABLISHMENT August 2008
VERSION/ EFFECTIVE DATE Version 1 / Effective August 2008
REVISION/REVIEWING FREQUENCY Annually
NEXT REVIEW / BY WHOM August 2009 / VP - CIM & Head – HR

Introduction
Novatium is a product & solution development Company focusing on thin client, network
computing, and security solutions. Therefore systems and Internet form part of the daily
routine of the employees.

This policy aims to define the DO's and DONT's for each employee while working on the
premises of the company or while being connected to any utility of the company.

Every employee of Novatium Solution Private Limited is expected to be aware of and follow
the guidelines mentioned in this document. If they have any doubt regarding any of the
points mentioned in this document, they should get it clarified from the Tech Ops/ CIM
department.

Any violation of the policies may lead to severe disciplinary action.

Overview
This company provides access to the vast information resources of the Internet to help you
do your job faster and smarter, and be a well-informed business citizen. The facilities to
provide that access represent a considerable commitment of company resources for
telecommunications, networking, software, storage, etc. This Internet usage policy is
designed to help you understand our expectations for the use of those resources in the
particular conditions of the Internet, and to help you use those resources wisely.

While we have set forth explicit requirements for Internet usage below, we would like to
start by describing our Internet usage policy. First and foremost, the Internet for this
company is a business tool, provided to you at significant cost. That means we expect you to
use your Internet access [primarily] for business-related purposes, i.e., to communicate with
customers and partners, to research relevant topics and obtain useful business information
[except as outlined below].

We insist that you conduct yourself honestly and appropriately on the Internet, and respect
the copyrights, software licensing rules, property rights, privacy and prerogatives of others.
To be absolutely clear on this point, all existing company policies apply to your conduct on
the Internet, especially (but not exclusively) those that deal with intellectual property
protection, privacy, misuse of company resources, sexual harassment, information and data
security, and confidentiality.

Unnecessary or unauthorized Internet usage causes network and server congestion. It

slows other users, takes away from work time, consumes supplies, and ties up printers and
other shared resources. Unlawful Internet usage may also garner negative publicity for the
company and expose the firm to significant legal liabilities.

“Novatium Confidential”
Hard Copies Are Uncontrolled Unless With Signature & Stamp.
 NOVATIUM SOLUTIONS (P) LTD.

TYPE OF DOCUMENT Human Resources Policies & Procedure Manual

TITLE Information Security Policy
DATE OF PRINTOUT August 1, 2008 Page 2 of 5
FILED UNDER C:\Users\George\Documents\Novatium MyD\HR-Policies\Information
Security Policy.DOC

While our direct connection to the Internet offers vast information of potential benefits, it
can also open the door to some significant risks to our data and systems if we do not follow
appropriate security discipline. As presented in greater detail below, that may mean
preventing machines with sensitive data or applications from connecting to the Internet
entirely, or it may mean that certain users must be prevented from using certain Internet
features like file transfers. The overriding principle is that security is to be everyone's first
concern. An Internet user can be held accountable for any breaches of security or
confidentiality.

Systems Management, Internet Usage:

1. The company has software and systems in place that can record all Internet usage.
Our security systems are capable of recording (for each and every user) each World
Wide Web site visit, each Jabber chat, news groups or email message, and each file
transfer into and out of our internal networks, and we reserve the right to do so at
any time. Our managers could review Internet activity and analyze usage patterns,
and they may choose to publicize this data to assure that company Internet
resources are devoted to maintaining the highest levels of productivity. We reserve
the right to inspect any and all files stored in private areas of our network in order
to assure compliance with policy.

2. Any software or files downloaded via the Internet into the company network become
the property of the company. Any such files or software may be used only in ways
that are consistent with their licenses or copyrights.

3. No employee should use company facilities knowingly to download or distribute

pirated software or data.

4. No employee should use the company's Internet facilities to deliberately propagate

any virus, worm, or any other code with malicious intent.

5. Employees may use their Internet facilities for common browsing or information
search during mealtime or other breaks, or outside of work hours, provided that all
other usage policies are adhered to.

6. Employees with Internet access may download only software with direct business
use, and must arrange to have such software properly licensed and registered.
Downloaded software must be used only under the terms of its license.

7. Employees with Internet access should not use company Internet facilities to
download entertainment software or games, or to play games against opponents
over the Internet.

8. Internet may used for reading newspapers or magazines in leisure time.

9. All software used to access the Internet shall be configured to use the firewall http
proxy.

10. Port scanning or security scanning is expressly prohibited, if project work demands
for such test, it should be informed to systems and networking department with all
details of the work.
“Novatium Confidential”
Hard Copies Are Uncontrolled Unless With Signature & Stamp.
 NOVATIUM SOLUTIONS (P) LTD.

TYPE OF DOCUMENT Human Resources Policies & Procedure Manual

TITLE Information Security Policy
DATE OF PRINTOUT August 1, 2008 Page 3 of 5
FILED UNDER C:\Users\George\Documents\Novatium MyD\HR-Policies\Information
Security Policy.DOC

11. The following are strictly prohibited and violation of the same would attract
disciplinary action

a) Making fraudulent offers of products, items, or services originating from any

Novatium Solution Group account.

b) Effecting security breaches or disruptions of network communication.

Security breaches include, but are not limited to, accessing data of which
the employee is not an intended recipient or logging into a server or account
that the employee is not expressly authorized to access, unless these duties
are within the scope of regular duties. For purposes of this section,
"disruption" includes, but is not limited to, network sniffing, pinged floods,
packet spoofing, denial of service, and forged routing information for
malicious purposes.

c) Executing any form of network monitoring which will intercept data not
intended for the employee's host, unless this activity is a part of the
employee's normal job.

d) Circumventing user authentication or security of any host, network or

account.

e) Interfering with or denying service to any user other than the employee's
host (for example, denial of service attack)

f) Using any program/script/command, or sending messages of any kind, with

the intent to interfere with, or disable, a user's terminal session, via any
means, locally or via the Internet/Intranet/Extranet.

Official Email Usage:

1. Evolution is the company's preferred email client, and all employees provided with
@novatium.com accounts are expected to use this software for accessing their mails.

2. Always add descriptive subjects for emails. It is a good practice to add the name of
the project or the issue being discussed in the mail.

3. Harassment, whether through language, frequency, or size of messages, is

prohibited.

4. Employees may not forward or otherwise propagate chain letters / pyramid letters,
whether or not the recipient wishes to receive such mailings.

5. Malicious email, including but not limited to "mailbombing" (flooding a user or site
with very large or numerous pieces of email) and "trolling" (posting outrageous
messages to generate numerous responses) is prohibited.

6. Forging of header or any other information is not permitted.

“Novatium Confidential”
Hard Copies Are Uncontrolled Unless With Signature & Stamp.
 NOVATIUM SOLUTIONS (P) LTD.

TYPE OF DOCUMENT Human Resources Policies & Procedure Manual

TITLE Information Security Policy
DATE OF PRINTOUT August 1, 2008 Page 4 of 5
FILED UNDER C:\Users\George\Documents\Novatium MyD\HR-Policies\Information
Security Policy.DOC

7. Employees are advised not to send email attachments that are more than 1MB of
size [For any exception for individual for any official purpose, it has to be granted
by reporting managers].

8. Emails that contain pornographic, racist, politically incorrect content are forbidden.

9. No employee may access or attempt to access electronic mail sent to another

employee, without the permission of that user, except when necessary as part of
that person's duties in respect of the operation of the electronic mail system.

10. Sending unsolicited email messages, including the sending of "junk mail" or other
advertising material to individuals who did not specifically request such material
(email spam).

User Accounts, Passwords, Privacy Security:

1. Associates must use only those server accounts that have been authorized for their
use.

2. Choose a password that would be hard to guess.

3. Associate should share his iFolder, gforge, [Desktop], Server Authentication, etc to
his manager.

4. Employees must identify their computing work with their own names so that
responsibility for the work can be determined and Employees can be contacted in
unusual situations.

5. Employees must use their computer accounts only for the purposes for which they
are authorized.

6. Employees must not attempt to modify system facilities by any means.

7. Employees must not attempt to subvert the restrictions associated with their
computer accounts.

8. Employees are responsible for the usage of their computing server accounts. They
should maintain secure passwords for systems that support them and take
precautions against others obtaining access to their computer resources. Each user is
responsible for all transactions made under the authorization of his or her system
account.

9. Revealing username(s) / password(s) to colleagues through email, phone is strictly

prohibited.

Thin client / Desktop / Software Usage:

1. No employee should install / un-install any software without the knowledge of the
Facilities Senior Associates or higher authority.

“Novatium Confidential”
Hard Copies Are Uncontrolled Unless With Signature & Stamp.
 NOVATIUM SOLUTIONS (P) LTD.

TYPE OF DOCUMENT Human Resources Policies & Procedure Manual

TITLE Information Security Policy
DATE OF PRINTOUT August 1, 2008 Page 5 of 5
FILED UNDER C:\Users\George\Documents\Novatium MyD\HR-Policies\Information
Security Policy.DOC

2. All use of software provided by Novatium Solution and all use of computer and
license agreements, this policy statement, and applicable laws govern
telecommunications equipment. Employees agree to comply with all such
restrictions.

3. Inform Systems Dept. immediately if you think that your workstation may have a
virus.

4. Compact Discs and other media should not be brought in to the Company by any
individual, the same would be procured by the company and they should be checked
for viruses by Systems Dept. before use.

5. USB Sticks & external Hard discs are strictly prohibited with the exception of the
ones being used in projects. These should be duly authorised by the Functional Head
& the Tech – Ops team and be duly marked and endorsed in the Assets register.

6. Protect equipment from theft and keep it away from food and drinks. It is suggested
that food and drinks not be brought to workstations.

7. Anyone having Laptop is susceptible to spot checking from system department for
inspection.

8. Employee's user login, development-PC will be audited periodically

9. Logins to, and use of the Company's network are monitored and audited

10. Power off the thin client and/or computer when it is required to be.
Note: No Storage device (USB Sticks/Hard drives/ CD/ DVD) is to move out of the Company
premises without the written approval of HR – Head/ CFO/ COO. Violation of the same
would amount to Data being stolen and would attract severe disciplinary action.

Company Data Confidentiality:

Novatium Solution core data generation comes for software production, all code; documents
created by developers are the sole property of Novatium Solution. Revealing source code /
documents to outsiders through email or any other means is strictly prohibited.

Document covers just about any kind of file that can be read on a computer screen as if it
were a printed page, including the so-called HTML files read in an Internet browser, any file
meant to be accessed by a word processing or desk-top publishing program or its viewer, or
the files prepared for the Adobe Acrobat reader and other electronic publishing tools.

Hard copies of source code / documents shall not be taken out of the premises without
written consent.

If any code or specification has to be sent to an employee of Novatium Solution's client,

verify with the management, if it is appropriate.

“Novatium Confidential”
Hard Copies Are Uncontrolled Unless With Signature & Stamp.