Search Results

Bring Your Own Device (BYOD) Policy   Objective This policy establishes [Company Name] guidelines for employee use of personally owned electronic devices for work-related purposes. Scope Employees of [Company Name] may have the opportunity to use their personal electronic devices for work purposes when authorized in writing, in advance, by the employee and management. Personal electronic devices include personally owned cellphones, smartphones, tablets, laptops and computers. The use of personal devices is limited to certain employees and may be limited based on compatibility of technology. Contact the human resource (HR) department for more details. Procedure Device protocols To ensure the security of [Company Name] information, authorized employees are required to have anti-virus and mobile device management (MDM) software installed on their personal mobile devices. This MDM software will store all company-related information, including calendars, e-mails and other applications in one area that is password-protected and secure. [Company Name]’s IT department must install this software prior to using the personal device for work purposes. Employees may store company-related information only in this area. Employees may not use cloud-based apps or backup that allows company-related data to be transferred to unsecure parties. Due to security issues, personal devices may not be synchronized with other devices in employees’ homes. Making any modifications to the device hardware or software beyond authorized and routine installation updates is prohibited unless approved by IT. Employees may not use unsecure Internet sites. All employees must use a preset ringtone and alert for company-related messages and calls. Personal devices should be turned off or set to silent or vibrate mode during meetings and conferences and in other locations where incoming calls may disrupt normal workflow. Restrictions on authorized use Employees whose personal devices have camera, video or recording capability are restricted from using those functions anywhere in the building or on company property at any time unless authorized in advance by management. While at work, employees are expected to exercise the same discretion in using their personal devices as is expected for the use of company devices. [Company Name] policies pertaining to harassment, discrimination, retaliation, trade secrets, confidential information and ethics apply to employee use of personal devices for work-related activities. Excessive personal calls, e-mails or text messaging during the workday, regardless of the device used, can interfere with employee productivity and be distracting to others. Employees must handle personal matters on nonwork time and ensure that friends and family members are aware of the policy. Exceptions may be made for emergency situations and as approved in advance by management. Managers reserve the right to request employees’ cellphone bills and use reports for calls and messaging made during working hours to determine if use is excessive. Nonexempt employees may not use their personal devices for work purposes outside of their normal work schedule without authorization in advance from management. This includes reviewing, sending and responding to e-mails or text messages, responding to phone calls, or making phone calls. Employees may not use their personal devices for work purposes during periods of unpaid leave without authorization from management. [Company Name] reserves the right to deactivate the company’s application and access on the employee’s personal device during periods of unpaid leave. An employee may not store information from or related to former employment on the company’s application. Family and friends should not use personal devices that are used for company purposes. Privacy/company access No employee using his or her personal device should expect any privacy except that which is governed by law. [Company Name] has the right, at any time, to monitor and preserve any communications that use the [Company Name]’s networks in any way, including data, voice mail, telephone logs, Internet use and network traffic, to determine proper use. Management reserves the right to review or retain personal and company-related data on personal devices or to release the data to government agencies or third parties during an investigation or litigation. Management may review the activity and analyze use patterns and may choose to publicize these data to ensure that [Company Name]’s resources in these areas are being use according to this policy. Furthermore, no employee may knowingly disable any network software or system identified as a monitoring tool. Company stipend Employees authorized to use personal devices under this policy will receive an agreed-on monthly stipend based on the position and estimated use of the device. If an employee obtains or currently has a plan that exceeds the monthly stipend, [Company Name] will not be liable for the cost difference. Safety Employees are expected to follow applicable local, state and federal laws and regulations regarding the use of electronic devices at all times. Employees whose job responsibilities include regular or occasional driving are expected to refrain from using their personal devices while driving. Regardless of the circumstances, including slow or stopped traffic, employees are required to pull off to the side of the road and safely stop the vehicle before placing or accepting a call or texting. Special care should be taken in situations involving traffic, inclement weather or unfamiliar areas. Employees who are charged with traffic violations resulting from the use of their personal devices while driving will be solely responsible for all liabilities that result from such actions. Employees who work in hazardous areas must refrain from using personal devices while at work in those areas, as such use can potentially be a major safety hazard. Lost, stolen, hacked or damaged equipment Employees are expected to protect personal devices used for work-related purposes from loss, damage or theft. In an effort to secure sensitive company data, employees are required to have “remote-wipe” software installed on their personal devices by the IT department prior to using the devices for work purposes. This software allows the company-related data to be erased remotely in the event the device is lost or stolen. Wiping company data may affect other applications and data. [Company Name] will not be responsible for loss or damage of personal applications or data resulting from the use of company applications or the wiping of company information. Employees must immediately notify management in the event their personal device is lost, stolen or damaged. If IT is unable to repair the device, the employee will be responsible for the cost of replacement. Employees may receive disciplinary action up to and including termination of employment for damage to personal devices caused willfully by the employee. Termination of employment Upon resignation or termination of employment, or at any time on request, the employee may be asked to produce the personal device for inspection. All company data on personal devices will be removed by IT upon termination of employment. Violations of policy Employees who have not received authorization in writing from [Company Name] management and who have not provided written consent will not be permitted to use personal devices for work purposes. Failure to follow [Company Name] policies and procedures may result in disciplinary action, up to and including termination of employment. Download PDF Document In English. (Rs.40/-)

FORM NO. 10 WARRANT TO SEARCH AFTER INFORMATION OF A PARTICULAR OFFENCE ( See  Section 93) To, (name and designation of the police officer or other person or persons who is or are to execute the warrant). Whereas  information has been laid (or complaint has been made) before me of the commission (or suspected commission) of the offence of (mention the offence concisely), and it has been made to appear to me that the production of (specify the thing clearly) is essential to the inquiry now being made (or about to be made) into the said offence (or suspected offence); This is to authorise and require you to search for the said (the thing specified) in the (describe the house or place or part thereof to which the search is to be confined), and, if found, to produce the same forthwith before this Court, returning this warrant, with an endorsement certifying what you have done under it, immediately upon its execution. Dated, this....................day of................,20... (Signature) (Seal of the Court) Download Word Document In English. (Rs.15/-) Download PDF Document In Hindi. (Rs.15/-)

Canteen Policy Policy Statement  The provision of an efficient and effective canteen at the school provides opportunities to reinforce healthy eating practices, provides a service for members of the school community, and presents an opportunity to raise funds.  • Provide an effective canteen service that provides healthy food in a manner that complies with all health regulations and operates in a financially secure and professional manner. Implementation: Setup  • The Act requires all premises that sell, prepare, package, store, handle, serve or supply any food for sale be regarded as a food premises by the local Council. This includes the canteen. Both canteens will be registered with City Council and operate within their regulations.  Management  • A Canteen Manager will be appointed at both canteens to oversee the day-to-day operations of the canteen and menu selection.  • The Canteen Manager will ensure that all health regulations and food preparation requirements are complied with, in particular the “Food Safety Program for Canteens”.  • The Canteen Manager will be responsible for the overall cleanliness and presentation of the canteen inside and outside.  • The Business Manager will be responsible for the oversight of the Canteen Manager and the canteen. The Business Manager will report to Council through the Finance Committee on issues concerning the canteen as well as prepare yearly profit and loss statements.  The Canteens, with approval from School Council may operate at a deficit if the College deems that the service provided to staff and students outweigh the impact of the financial loss.  • The Business Manager will monitor the canteen as part of the EOM procedures and perform an end of year stock take.  • Council will be responsible for maintenance and replacement of equipment.  • School Council will be responsible for payment of all expenses including wages, licensing, gas and electricity usage, and general purchases.  • All orders and purchases for the canteen are to be coordinated through the campuses office in line with the Financial Management and Control Policy.  • Daily takings are to be prepared for banking by the Canteen Manager. The campus office will cross check the total as part of standard banking procedures.  • At the discretion of the Canteen Manager, credit may be given to staff to the limit of Rs. 400 . All accounts must be settled before the end of each term.  Download PDF Document In English. (Rs.20/-)

EQUAL EMPLOYMENT OPPORTUNITY POLICY This policy applies to all (Company Name) (“Company”) employees (“employees”) and operations. (Company Name) aims to create employment opportunities such that all employees achieve their full potential. I. Policy It is the policy of (Company Name) to provide equal employment opportunities, without any discrimination on the grounds of age, color, disability, marital status, nationality, race, religion, sex, sexual orientation. The Company strives to maintain a work environment that is free from any harassment based on above considerations. This Equal Opportunities Policy is subject to applicable regulations, qualifications and merit of the individual. This Equal Employment Opportunity Policy is consistently applied throughout the period of employment of the individual right from the recruitment process till superannuation. II. Equal Opportunity for Persons with Disabilities In accordance with the provisions of the Rights of Persons with Disabilities Act, 2016 and Rules, it is Company’s Policy to ensure that the work environment is free from any discrimination against persons with disabilities. Further, the Company will take all actions to ensure that a conducive environment is provided to persons with disabilities to perform their role and excel in the same. The Company will build systems and processes to ensure: That appropriate facilities and amenities are provided to persons with disabilities to enable them to effectively discharge their duties in the establishment. That provision is made for an accessible environment and of availability of assistive devices as required. That the HR Department will ensure a Liaison officer is designated to oversee the provision of required facilities/amenities including the process of recruitment for persons with disabilities. Such Liaison Officer shall be part of the Human Resources team reporting to the Executive Director Human Resources of the Company. That a Grievance Redressal mechanism for addressing the matters related to the employment of persons with disabilities is available. That the Business Integrity Committee will ensure if any grievance does arise and is brought up to the Committee concerning selection of person(s) with disability for any position, training, promotion, transfer posting, leave & preference in accommodation allocation etc. is dealt with in a fair and equitable manner free from any discrimination. That no opportunity is denied to persons with disabilities, merely on ground of disability. Individuals with disabilities who apply or employees who believe themselves to be covered by the Rights of Persons with Disabilities Act, 2016, should contact the Human Resources Representative in any given location.  Any information obtained is voluntary, will be kept confidential, and will be used in accordance with applicable laws. Refusal to provide information will not subject an employee or applicant to any adverse treatment. Employees and applicants will be protected from coercion, intimidation, interference, discrimination or retaliation for filing a complaint or assisting in an investigation under the Act. III. Responsibility Every member of (Company Name) management is responsible giving effect to this policy. Each Company location is responsible for obtaining and utilizing up‐to‐date information regarding applicable state and local laws and regulations. The Human Resources Managers have the functional responsibility of assuring compliance with Company policy; developing, coordinating and implementing all programs; and reporting findings and progress. Any employee who violates this Policy, or in any manner discriminates with any person with disability, or renders any harassment to such person shall be dealt with under the Code of Business Principles of the Company. The Executive Director, Human Resources is accountable to the CEO to oversee and promote this policy. IV. Communication of Policy This Policy will be available to all employees via the (Company Name) Intranet sites and normal communication vehicles within the business. Suitable material will be included in Company publications, management conferences, and supervisory training courses. All recruitment literature and employment advertising will indicate that the Company is an Equal Opportunity Employer. Download PDF Document In English. (Rs.20/-)

EMPLOYEE SMOKING POLICY Employees must utilize the only designated smoking area located directly outside the main employee entrance during lunch and break periods only. Smoking is not permitted anywhere else on company property. Smoking is only permitted at the designated area immediately outside the main employee entrance. The designated smoking area must be maintained litter-free. It is the responsibility of smokers to police the designated area. If any abuse of this policy is discovered, the policy will be discontinued immediately and will result in discontinuance of any smoking on company premises. Company work rules state “Smoking other than in specifically designed areas and during specified periods of the day” will result in appropriate disciplinary action up to and including termination. Employees who wish to take the opportunity to quit smoking should contact the HR department, or their own physician, for a listing of Smoking Cessation Programs. Download PDF Document In English. (Rs.15/-)

STAFF COLONY POLICY The accommodation in the Staff Colony is only available for the Company employees and their family members.  No relatives or siblings are allowed into the premises/room to stay without prior permission of Factory Manager. Company will pay Rs.200 additionally as Gas charges to the employees who are staying in the colony accommodation provided by the company. The cost of Electricity usage up to 100 units will be borne by the company. Additional charges against consumption of Electricity of more than 100 units will be liable to deduct the amount as per the extra unit consumption as per the rate charged by the electricity supply company from the salary of respective employees who has been allotted the flat/ accommodation. Employee who has been provided accommodation in the Staff Colony has to provide the ID Proof and permanent residence proof himself and his family members who are going to reside with the staff in the colony.  Staff/Resident has to follow the rules and regulations instructed by the company Employees has to submit police verification report before getting the position of the room Staff/Resident shall keep the unit clean, sanitary and free from objectionable odors at all times. Staff/Resident shall refrain from creating, or allowing to be created, any noise that is disturbing to other Staff/Resident s  Staff/Resident shall not make or allow any excessive noise in the unit nor permit any actions which will interfere with the rights comforts or conveniences of other persons Room shall refrain from playing musical instruments, television sets, stereos, radios, and other entertainment items at a volume which will disturb other personnel SMOKING IS NOT PERMITTED  in the Room and colony. Staff/Resident s will be responsible for permanent odors   caused by cooking, smoking, or pets. Staff/Resident himself/herself will be responsible for the security of his and his family.  Company/Property manager assumes no responsibility or liability, unless otherwise provided by law, for Staff/Resident s’ safety and security, or for injury or damage caused by criminal acts         of other persons. Staff/Resident s are prohibited from drinking alcohol around building premises outside of Staff/Resident ’s apartment. Staff/Resident s shall refrain from using illegal drugs or the selling illegal drugs in or around building premises. Staff/Resident should ensure that all doors are locked during Staff/Resident ’s absence. Staff/Resident should ensure that all appliances are turned off before departing from the premises. When leaving for an extended period, Staff/Resident should notify the company/Property manager how long Staff/Resident will be away. Prior to any planned absence from the unit, Staff/Resident shall give Company/Property manager authority to all entry to the unit to any person or provide Company/Property manager with the name of any person or entity permitted by Staff/Resident to enter the unit. Staff/Resident shall refrain from smoking in bed. Staff/Resident shall refrain from using or storing gasoline cleaning solvent or other combustibles in the unit. Staff/Resident shall refrain from using charcoal barbecues o porches, balconies or patios adjacent to building if such use would constitute a fire hazard. Staff/Resident shall ensure that no personal belongings, including bicycles, play equipment or other items shall be left unattended in the halls,  garage area , or about the building. Staff/Resident s are not allowed to sublet their apartment at any time. Staff/Resident s shall refrain from accessing the roof and fire escape areas unless for emergencies purposes.  Staff/Residents are prohibited from congregating on the roof, drinking alcohol, barbequing, smoking, starting fires or leaving garbage in and around roof and fire escape area.  Any Staff/Resident found responsible for violating the roof and fire escape rules will be reported immediately to the Police Department and will be grounds for immediate termination of their agreement and / or eviction. Staff/Resident shall advise Company/Property manager of any items requiring repair, such as dripping faucets or light switches. Staff/Resident shall make repair requests as soon after the defect is noted as is practical. Staff/Resident shall refrain from making service request to maintenance personnel unless Staff/Resident is directed to do so by Company/Property manager. Staff/Resident shall refrain from making any alterations or improvements to the unit without the consent of Company/Property manager. Staff/Resident shall refrain from using adhesives, glue or tape to affix pictures or decorations. Staff/Resident shall refrain from using aluminium foil as a window covering and shall obtain the approval of Company/Property manager before using any window covering visible from the exterior of the building. Staff/Resident shall only use assigned parking spaces and shall ensure that park their vehicle only in unassigned areas or designated parking areas.  Staff/Resident shall ensure that posted and designated fire zones or “No Parking” areas remain clear of vehicles at all times.  Staff/Resident  shall refrain from parking in unauthorized areas or in another Staff/Resident ’s designated parking space. (Vehicles parked in unauthorized areas or in another Staff/Resident ’s space may be towed away at the vehicle company/Property manager ’s expense.) Staff/Resident s, who park in carports or on street parking, park their vehicles at their own risk.  The Property Company/Property manager, or Property Manager are not responsible for any damages to Staff/Resident ’s vehicles due to theft or vandalism. Staff/Resident s are prohibited from making any auto repairs in carports or around building premises. This includes street Parking area in or around building premises. Staff/Resident s are responsible for cleaning up any oil spills caused by leaks from their vehicle. Staff/Resident s will also be responsible for the cost to clean up any damaged area caused by oil or        any other fluids leaking from their automobile. ALL  automobiles parked on the premises must have parking sticker, current registration, Valid PUC Certificate and be in operable condition.  There is to be no guest parking on the premises. All guests must park on the street. Unauthorized vehicles will be towed away.  Staff/Resident vehicle(s) must fit within the designated parking space. Vehicles that block, hinder or prohibit the use of the parking area by other Staff/Resident s are not allowed. Staff/Resident is responsible for all keys to the apartment building and apartment unit.  If Staff/Resident is locked out of his or her apartment unit or has had their keys lost or stolen, Staff/Resident will be responsible for calling a locksmith to gain. Entry or replace the lock. The Staff/Resident is responsible for all costs and must provide to Company WITH COPY OF NEW KEY (S.) UNAUTHORIZED SUBLETTING IS STRICTLY PROHIBITED. In the event that a Staff/Resident is replacing a roommate or has requested to add a new person to the agreement, the new roommate is required to submit a signed and completed application, copy of valid ID Proof and Permanent Staff/Resident Proof with 3 Passport size photographs to the company. Staff/Residents are required to break down all cardboard boxes and put in proper recycling containers. Staff/Resident s are required to separate recycled materials including glass, plastic and aluminium and place in proper Storage containers. Upon MOVE OUT, Staff/Residents are required to dispose of any house hold items, trash, garbage at their own cost and will be charged a hauling fee if items take up the garbage or recycled containers. Staff/Resident s are not allowed to change the Room without prior approval of Factory Manager. Staff/Resident s shall have to vacant the Room allotted by the company at the time of his Resignation / Termination or Transfer within 7 days from the said effect date. I __________________________________________________have read and understood the STAFF COLONY POLICY . I and my family members will abide by the same. Date: ________ Place: ________   Sign  Download PDF Document In English. (Rs.50/-)

FORM NO. 54 WARRANT OF IMPRISONMENT ON BREACH OF A BOND TO KEEP THE PEACE ( See  Section 446) To The Superintendent (or Keeper) of the Civil Jail  at................................ Whereas proof has been given before me and duly recorded that (name and description) has committed a breach of the bond entered into by him to keep the peace, whereby he has forfeited to Government the sum of rupees....................... and whereas the said (name) has failed to pay the said sum or to show cause why the said sum should not be paid, although duly called upon to do so, and payment thereof cannot be enforced by attachment of his movable property, and an order has been made for the imprisonment of the said (name) in the Civil Jail for the period of (term of imprisonment); This is to authorise and require you, the said Superintendent (or Keeper) of the said Civil Jail to receive the said (name) into your custody, together with this warrant, and to keep him safely in the said Jail for the said period of (term of imprisonment), and to return this warrant with an endorsement certifying the manner of its execution. Dated, this ............................. day of ..................., 20... (Signature) (Seal of the Court) Download Word Document In English. (Rs.15/-) Download PDF Document In Hindi. (Rs.15/-)

FORM NO. 9 WARRANT IN THE FIRST INSTANCE TO BRING UP A WITNESS ( See  Section 87) To, (name and designation of the police officer or other person or persons who is or are to execute the warrant). Whereas  complaint has been made before me that (name and description of accused) of (address) has (or is suspected to have) committed the offence of (mention the offence concisely), and it appears likely that (name and description of witness) can give evidence concerning the said complaint, and whereas I have good and sufficient reason to believe that he will not attend as a witness on the hearing of the said complaint unless compelled to do so; This is to authorise and require you to arrest the said (name of witness), and on the .................. day of .......................... to bring him before this Court, to be examined touching the offence complained of. Dated, this....................day of................,20... (Signature) (Seal of the Court) Download Word Document In English. (Rs.15/-) Download PDF Document In Hindi. (Rs.15/-)

INFORMATION TECHNOLOGY CYBER SECURITY POLICY DEFINITION The use of the term “company” is in reverence to the following organization: (Insert Organization Name) . INTRODUCTION This Cyber Security Policy is a formal set of rules by which those people who are given access to company technology and information assets must abide.   The Cyber Security Policy serves several purposes. The main purpose is to inform company users: employees, contractors and other authorized users of their obligatory requirements for protecting the technology and information assets of the company.  The Cyber Security Policy describes the technology and information assets that we must protect and identifies many of the threats to those assets. The Cyber Security Policy also describes the user’s responsibilities and privileges. What is considered acceptable use? What are the rules regarding Internet access? The policy answers these questions, describes user limitations and informs users there will be penalties for violation of the policy. This document also contains procedures for responding to incidents that threaten the security of the company computer systems and network. WHAT ARE WE PROTECTING It is the obligation of all users of the company systems to protect the technology and information assets of the company.  This information must be protected from unauthorized access, theft and destruction. The technology and information assets of the company are made up of the following components: Computer hardware, CPU, disc, Email, web, application servers, PC systems, application software, system software, etc. System Software including: operating systems, database management systems, and backup and restore software, communications protocols, and so forth. Application Software: used by the various departments within the company.  This includes custom written software applications, and commercial off the shelf software packages. Communications Network hardware and software including: routers, routing tables, hubs, modems, multiplexers, switches, firewalls, private lines, and associated network management software and tools. Classification of Information User information found in computer system files and databases shall be classified as either confidential or non-confidential. The company shall classify the information controlled by them. The  (company designee) is required to review and approve the classification of the information and determine the appropriate level of security to best protect it. Furthermore, the (company designee)  shall classify information controlled by units not administered by a  (company designee) . Classification of Computer Systems Security Level Description Example RED This system contains confidential information – information that cannot be revealed to personnel outside of the company.  Even within the company, access to this information is provided on a “need to know” basis. The system provides mission-critical services vital to the operation of the business.  Failure of this system may have life threatening consequences and/or an adverse financial impact on the business of the company. Server containing confidential data and other department information on databases.  Network routers and firewalls containing confidential routing tables and security information. GREEN This system does not contain confidential information or perform critical services, but it provides the ability to access RED systems through the network. User department PCs used to access Server and application(s).  Management workstations used by systems and network administrators. WHITE This system is not externally accessible. It is on an isolated LAN segment, unable to access RED or GREEN systems.  It does not contain sensitive information or perform critical services. A test system used by system designers and programmers to develop new computer systems. BLACK This system is externally accessible.  It is isolated from RED or GREEN systems by a firewall.  While it performs important services, it does not contain confidential information. A public Web server with non-sensitive information. Local Area Network (LAN) Classifications A LAN will be classified by the systems directly connected to it. For example, if a LAN contains just one RED system and all network users will be subject to the same restrictions as RED systems users. A LAN will assume the Security Classification of the highest level systems attached to it. DEFINITIONS Externally accessible to public.  The system may be accessed via the Internet by persons outside of the company without a logon id or password. The system may be accessed via dial-up connection without providing a logon id or password. It is possible to “ping” the system from the Internet. The system may or may not be behind a firewall. A public Web Server is an example of this type of system. Non-Public, Externally accessible.  Users of the system must have a valid logon id and password. The system must have at least one level of firewall protection between its network and the Internet. The system may be accessed via the Internet or the private Intranet. A private FTP server used to exchange files with business partners is an example of this type of system. Internally accessible only.  Users of the system must have a valid logon id and password. The system must have at least two levels of firewall protection between its network and the Internet. The system is not visible to Internet users. It may have a private Internet (non-translated) address and it does not respond to a “ping” from the Internet. A private intranet Web Server is an example of this type of system. Chief Information Officer.  The Director of the Department of Information Technology (IT) shall serve as the Chief Information Officer. Security Administrator.  An employee of IT shall be designated as the Security Administrator for the company. Threats to Security Employees One of the biggest security threats is employees.  They may do damage to your systems either through incompetence or on purpose.  You have to layer your security to compensate for that as well.  You mitigate this by doing the following. Only give out appropriate rights to systems. Limit access to only business hours.   Don’t share accounts to access systems.  Never share your login information with co-workers. When employees are separated or disciplined, you remove or limit access to systems. Advanced – Keep detailed system logs on all computer activity. Physically secure computer assets, so that only staff with appropriate need can access. Amateur Hackers and Vandals.  These people are the most common type of attackers on the Internet.  The probability of attack is extremely high and there is also likely to be a large number of attacks. These are usually crimes of opportunity.  These amateur hackers are scanning the Internet and looking for well known security holes that have not been plugged.  Web servers and electronic mail are their favorite targets.  Once they find a weakness they will exploit it to plant viruses, Trojan horses, or use the resources of your system for their own means.  If they do not find an obvious weakness they are likely to move on to an easier target.  Criminal Hackers and Saboteurs. The probability of this type of attack is low, but not entirely unlikely given the amount of sensitive information contained in databases.  The skill of these attackers is medium to high as they are likely to be trained in the use of the latest hacker tools.  The attacks are well planned and are based on any weaknesses discovered that will allow a foothold into the network. User Responsibilities This section establishes usage policy for the computer systems, networks and information resources of the office.  It pertains to all employees and contractors who use the computer systems, networks, and information resources as business partners, and individuals who are granted access to the network for the business purposes of the company. Acceptable Use User accounts on company computer systems are to be used only for business of the company and not to be used for personal activities.  Unauthorized use of the system may be in violation of the law, constitutes theft and can be punishable by law.  Therefore, unauthorized use of the company computing system and facilities may constitute grounds for either civil or criminal prosecution. Users are personally responsible for protecting all confidential information used and/or stored on their accounts.  This includes their logon IDs and passwords. Furthermore they are prohibited from making unauthorized copies of such confidential information and/or distributing it to unauthorized persons outside of the company. Users shall not purposely engage in activity with the intent to: harass other users; degrade the performance of the system; divert system resources to their own use; or gain access to company systems for which they do not have authorization.  Users shall not attach unauthorized devices on their PCs or workstations, unless they have received specific authorization from the employees’ manager and/or the company IT designee. Users shall not download unauthorized software from the Internet onto their PCs or workstations. Users are required to report any weaknesses in the company computer security, any incidents of misuse or violation of this policy to their immediate supervisor. Use of the Internet The company will provide Internet access to employees and contractors who are connected to the internal network and who has a business need for this access.  Employees and contractors must obtain permission from their supervisor and file a request with the Security Administrator. The Internet is a business tool for the company.  It is to be used for business-related purposes such as: communicating via electronic mail with suppliers and business partners, obtaining useful business information and relevant technical and business topics.   The Internet service may not be used for transmitting, retrieving or storing any communications of a discriminatory or harassing nature or which are derogatory to any individual or group, obscene or pornographic, or defamatory or threatening in nature for “chain letters” or any other purpose which is illegal or for personal gain. User Classification All users are expected to have knowledge of these security policies and are required to report violations to the Security Administrator.  Furthermore, all users must conform to the Acceptable Use Policy defined in this document. The company has established the following user groups and defined the access privileges and responsibilities: User Category Privileges & Responsibilities Department Users (Employees) Access to application and databases as required for job function. (RED and/or GREEN cleared) System Administrators Access to computer systems, routers, hubs, and other infrastructure technology required for job function. Access to confidential information on a “need to know” basis only. Security Administrator Highest level of security clearance. Allowed access to all computer systems, databases, firewalls, and network devices as required for job function. Systems Analyst/Programmer Access to applications and databases as required for specific job function.  Not authorized to access routers, firewalls, or other network devices. Contractors/Consultants Access to applications and databases as required for specific job functions. Access to routers and firewall only if required for job function. Knowledge of security policies. Access to company information and systems must be approved in writing by the company director/CEO. Other Agencies and Business Partners Access allowed to selected applications only when contract or inter-agency access agreement is in place or required by applicable laws. General Public Access is limited to applications running on public Web servers. The general public will not be allowed to access confidential information. Monitoring Use of Computer Systems The company has the right and capability to monitor electronic information created and/or communicated by persons using company computer systems and networks, including e-mail messages and usage of the Internet.  It is not the company policy or intent to continuously monitor all computer usage by employees or other users of the company computer systems and network.  However, users of the systems should be aware that the company may monitor usage, including, but not limited to, patterns of usage of the Internet (e.g. site accessed, on-line length, time of day access), and employees’ electronic files and messages to the extent necessary to ensure that the Internet and other electronic communications are being used in compliance with the law and with company policy. Access Control A fundamental component of our Cyber Security Policy is controlling access to the critical information resources that require protection from unauthorized disclosure or modification.  The fundamental meaning of access control is that permissions are assigned to individuals or systems that are authorized to access specific resources.  Access controls exist at various layers of the system, including the network.  Access control is implemented by logon ID and password.  At the application and database level, other access control methods can be implemented to further restrict access.  The application and database systems can limit the number of applications and databases available to users based on their job requirements. User System and Network Access – Normal User Identification All users will be required to have a unique logon ID and password for access to systems.  The user’s password should be kept confidential and MUST NOT be shared with management & supervisory personnel and/or any other employee whatsoever. All users must comply with the following rules regarding the creation and maintenance of passwords: Password must not be found in any English or foreign dictionary.  That is, do not use any common name, noun, verb, adverb, or adjective.  These can be easily cracked using standard “hacker tools”. Passwords should not be posted on or near computer terminals or otherwise be readily accessible in the area of the terminal. Password must be changed every (# of days).    User accounts will be frozen after (# of days)  failed logon attempts. Logon IDs and passwords will be suspended after (# of days) days without use.  Users are not allowed to access password files on any network infrastructure component. Password files on servers will be monitored for access by unauthorized users.  Copying, reading, deleting or modifying a password file on any computer system is prohibited. Users will not be allowed to logon as a System Administrator. Users who need this level of access to production systems must request a Special Access account as outlined elsewhere in this document. Employee Logon IDs and passwords will be deactivated as soon as possible if the employee is terminated, fired, suspended, placed on leave, or otherwise leaves the employment of the company office. Supervisors / Managers shall immediately and directly contact the company IT Manager to report change in employee status that requires terminating or modifying employee logon access privileges. Employees who forget their password must call the IT department to get a new password assigned to their account.  The employee must identify himself/herself by (e.g. employee number)  to the IT department. Employees will be responsible for all transactions occurring during Logon sessions initiated by use of the employee’s password and ID.  Employees shall not logon to a computer and then allow another individual to use the computer or otherwise share access to the computer systems. System Administrator Access System Administrators, network administrators, and security administrators will have (type of access)  access to host systems, routers, hubs, and firewalls as required to fulfill the duties of their job. All system administrator passwords will be DELETED  immediately after any employee who has access to such passwords is terminated, fired, or otherwise leaves the employment of the company. Special Access Special access accounts are provided to individuals requiring temporary system administrator privileges in order to perform their job.  These accounts are monitored by the company and require the permission of the user’s company IT Manager.  Monitoring of the special access accounts is done by entering the users into a specific area and periodically generating reports to management.  The reports will show who currently has a special access account, for what reason, and when it will expire.  Special accounts will expire in (X # of)  days and will not be automatically renewed without written permission. Connecting to Third-Party Networks This policy is established to ensure a secure method of connectivity provided between the company and all third-part companies and other entities required to electronically exchange information with company. “Third-party” refers to vendors, consultants and business partners doing business with company, and other partners that have a need to exchange information with the company.  Third-party network connections are to be used only by the employees of the third-party, only for the business purposes of the company.  The third-party company will ensure that only authorized users will be allowed to access information on the company network.  The third-party will not allow Internet traffic or other private network traffic to flow into the network.  A third-party network connection is defined as one of the following connectivity options: A network connection will terminate on a (to be specified)  and the third-party will be subject to standard company authentication rules. This policy applies to all third-party connection requests and any existing third-party connections.  In cases where the existing third-party network connections do not meet the requirements outlined in this document, they will be re-designed as needed. All requests for third-party connections must be made by submitting a written request and be approved by the company. Connecting Devices to the Network Only authorized devices may be connected to the company network(s).  Authorized devices include PCs and workstations owned by company that comply with the configuration guidelines of the company.  Other authorized devices include network infrastructure devices used for network management and monitoring. Users shall not attach to the network: non-company computers that are not authorized, owned and/or controlled by company.  Users are specifically prohibited from attaching (specify)  to the company network.  NOTE: Users are not authorized to attach any device that would alter the topology characteristics of the Network or any unauthorized storage devices, e.g. thumb drives and writable CD’s. Remote Access Only authorized persons may remotely access the company network. Remote access is provided to those employees, contractors and business partners of the company that have a legitimate business need to exchange information, copy files or programs, or access computer applications.  Authorized connection can be remote PC to the network or a remote network to company network connection.  The only acceptable method of remotely connecting into the internal network is using a secure ID. Unauthorized Remote Access The attachment of (e.g. hubs)  to a user’s PC or workstation that is connected to the company LAN is not allowed without the written permission of the company. Additionally, users may not install personal software designed to provide remote control of the PC or workstation. This type of remote access bypasses the authorized highly secure methods of remote access and poses a threat to the security of the entire network. Penalty for Security Violation The company takes the issue of security seriously.  Those people who use the technology and information resources of company must be aware that they can be disciplined if they violate this policy.  Upon violation of this policy, an employee of company may be subject to discipline up to and including discharge.   The specific discipline imposed will be determined by a case-by-case basis, taking into consideration the nature and severity of the violation of the Cyber Security Policy, prior violations of the policy committed by the individual, state and federal laws and all other relevant information.  Discipline which may be taken against an employee shall be administrated in accordance with any appropriate rules or policies and the company Policy Manual. In a case where the accused person is not an employee of company the matter shall be submitted to the (company designee) .  The (company designee)  may refer the information to law enforcement agencies and/or prosecutors for consideration as to whether criminal charges should be filed against the alleged violator(s). Security Incident Handling Procedures This section provides some policy guidelines and procedures for handling security incidents.  The term “security incident” is defined as any irregular or adverse event that threatens the security, integrity, or availability of the information resources on any part of the company network.  Some examples of security incidents are: Illegal access of a company computer system.  For example, a hacker logs onto a production server and copies the password file. Damage to a company computer system or network caused by illegal access.  Releasing a virus or worm would be an example. Denial of service attack against a company web server.  For example, a hacker initiates a flood of packets against a Web server designed to cause the system to crash. Malicious use of system resources to launch an attack against other computer outside of the company network.  For example, the system administrator notices a connection to an unknown network and a strange process accumulating a lot of server time. Employees, who believe their terminal or computer systems have been subjected to a security incident, or has otherwise been improperly accessed or used, should report the situation to their (company designee)  immediately.  The employee shall not turn off the computer or delete suspicious files.  Leaving the computer in the condition it was in when the security incident was discovered will assist in identifying the source of the problem and in determining the steps that should be taken to remedy the problem. Download PDF Document In English. (Rs.50/-)

JOB ROTATION POLICY Purpose The purpose of [Company Name]'s job rotation policy is to enable staff members to develop knowledge, new skills and a broader understanding of our operations/programs and to utilize staff effectively. Job rotation is the systematic movement of employees from one job to another within the organization to achieve various human resources objectives such as orienting new employees, training employees, enhancing career development, and preventing job boredom or burnout. Guidelines [Company Name] encourages staff to take the opportunity to develop their knowledge and skills using various learning opportunities, including job rotations and developmental assignments. The job rotation program involves the temporary assignment of an employee in a position or department for a predetermined period to perform the specific duties of another position. This is normally a voluntary assignment where the employee treats the assigned duties as part of his or her regular responsibilities. Any supervisor or employee may initiate a request for job rotation assignment after careful evaluation of other available workforce strategies. Job rotation may be inter-departmental, within a division of [Company Name], or in a cross-functional division. All employees who have completed six months of regular (nontemporary) employment with [Company Name] are eligible to participate in job rotation. An employee on job rotation assignment shall remain in the same position number and compensation classification and shall retain all rights, benefits and privileges of his or her regular position. An employee on job rotation shall retain eligibility for promotional opportunities. Procedures A written request for job rotation must be submitted by the employee to his or her supervisor (the "sending supervisor"). The request should indicate the desired job, the location of the job, the duration of the assignment, and the expected outcome and benefit of the assignment. If a job rotation is suggested by a supervisor, the supervisor will assist the employee in completing the written request. The sending supervisor and employee should determine how the employee's current job duties will be performed before proceeding with a job rotation agreement. The employee, the sending supervisor and the receiving supervisor should meet to discuss the possibility of job rotation, the assigned duties, time frames, schedules, hours, etc., so that details can be negotiated and arranged. A job rotation request can be denied if it cannot be balanced with the needs of [Company Name]. The sending supervisor, receiving supervisor and the employee shall collaborate to determine the duration of job rotation. Rotations may be full-time, half-time or one day a week. Rotations can also be based on an allocation of time where an employee works at his or her regular job for a portion of each workday and during the rest of the day rotates to another job. Both the sending and receiving supervisors should obtain approval for job rotation assignments through their appropriate chains of command. If the arrangement is acceptable by all parties, the receiving supervisor will complete the job rotation agreement and have it signed by the employee, the sending supervisor and appropriate directors. Copies of the signed agreement should be provided to all parties. The original, signed agreement should be forwarded to Human Resources where it will be recorded for workforce planning efforts and maintained in the employee's personnel file. An employee on job rotation shall receive a performance evaluation at the regular time. The sending and receiving supervisors shall collaborate as appropriate on the evaluation. The sending supervisor shall retain responsibility for timely completion of the evaluation. If travel expenses are involved in the job rotation assignment, the receiving area will be responsible for payment of travel expenses, unless other payment arrangements are made and agreed to by the parties involved. A job rotation assignment may be extended by mutual agreement of the parties. Management may terminate the assignment at any time. If the rotation assignment is extended or terminated, the extension or termination should be documented in writing, signed by all individuals on the original agreement and copied to all parties, including Human Resources. Questions or concerns regarding the job rotation assignment should be addressed with management and/or Human Resources.  Download PDF Document In English. (Rs.30/-)

Violence in the Workplace Policy : It is the policy of the Company and the responsibility of its managers and all of its employees to maintain a workplace free from threats and acts of violence. The Company will work to provide a safe workplace for employees and for visitors to the workplace. Each employee, and everyone with whom we come into contact in our work, deserves to be treated with courtesy and respect. Description : The Company does not tolerate any type of workplace violence committed by or against employees. Employees are prohibited from making threats or engaging in violent activities. Prohibited Conduct The list of behaviours, while not exhaustive, provides examples of conduct that is prohibited:  Causing physical injury to another person.  Making threatening remarks.  Acting out in an aggressive or hostile manner that creates a reasonable fear of injury to another person or subjects another individual to emotional distress.  Intentionally damaging employer property or property of another employee.  Possessing a weapon while on Company property or while on Company business.  Committing acts motivated by, or related to, sexual harassment or domestic violence. Reporting Procedures Any potentially dangerous situations must be reported immediately to your supervisor, Incident Response Coordinator/Team, or the Human Resources Department. Reports of workplace violence may be made anonymously and investigated accordingly. Reports or incidents warranting confidentiality will be handled appropriately and information will be disclosed to others only on a need-to-know basis. All parties involved in a situation will be counselled and the results of investigations will be discussed with them. The Company will take appropriate action at any indication of a potentially hostile or violent situation. Risk Reduction Measures While the Company does not expect employees to be skilled at identifying potentially dangerous persons, employees are expected to exercise good judgment and to inform the Incident Response Coordinator/Team or Human Resources Department if any employee, claimant, customer or vendor exhibits behavior which could lead to a potentially dangerous situation. Such behavior includes, but is not limited to, the following: Discussing dangerous weapons and/or bringing such weapons into the workplace. Displaying overt signs or extreme stress, resentment, hostility, or anger. Making threatening remarks. Exhibiting sudden or significant deterioration of performance. Displaying irrational or inappropriate behaviour. The Incident Response Coordinator/Team and the Human Resources Department will identify and maintain a list of workplace violence incidents and will design a plan to prepare for possible emergency situations. Dangerous/Emergency Situations Employees who confront or encounter an armed or dangerous person should not attempt to challenge or disarm the individual. Employees should remain calm, make constant eye contact and talk to the individual. If a supervisor can be safely notified of the need for assistance without endangering the safety of the employee or others, such notice should be given. Enforcement Threats, threatening conduct, or any other acts of aggression or violence in the workplace will not be tolerated. Any employee determined to have committed such acts will be subject to disciplinary action, up to and including termination.  Non-employees engaged in violent acts on the employer's premises will be reported to the proper authorities and fully prosecuted. Commitments and Responsibilities Successful implementation of this policy requires the commitment and cooperation of all Company Personnel. Management Involvement and Commitment Demonstrate organizational concern for employees' and customers' emotional and physical health and safety. Oversee Violence in the Workplace Program to ensure that all managers, supervisors, and employees understand their obligations. Allocate authority and resources to responsible parties in the Incident Response Team. Provide a comprehensive program of medical care and psychological counselling and debriefing for employees experiencing or witnessing assaults and other violent incidents. Encourage employees to report violent incidents promptly. Incident Response Coordinator's/Incident Response Team's Involvement and Commitment Encourage employees to promptly report incidents and to suggest ways to reduce or eliminate risks. Develop and maintain a comprehensive plan for maintaining security in the workplace, including establishing a liaison with law enforcement and others. Conduct worksite analysis to determine existing or potential hazards for workplace violence. Record, track, monitor, and analyse workplace violence incidents. Conduct workplace security analysis. Assist with training and educating employees of potential workplace violence incidents. Human Resource Department's Involvement and Commitment  Create policy of zero tolerance for workplace violence, including verbal and nonverbal threats and related actions.  Ensure that employees who report or experience workplace violence will not experience retaliation of any kind.  Encourage employees to promptly report incidents and suggest ways to reduce or eliminate risks.  Conduct and/or provide training and education to employees regarding potential workplace violence incidents.  Support and implement appropriate recommendations from the Employee Safety and Health Committee. Employee Involvement and Commitment:  Understand and comply with the Violence in the Workplace Program and any other safety and/or security measures in place by the Company.  Participate in an employee suggestion procedure covering safety and security concerns.  Promptly report violent incidents or potential for violence to your manager, supervisor or Incident Response Coordinator/Team.  Participate in continuing education program that covers techniques to recognize escalating agitation, assaultive behaviour, or criminal intent. Download PDF Document In English. (Rs.30/-)

Code of Conduct Background  To succeed requires the highest standards of behavior from all of us.  The purpose of Code of Conduct & Ethics (the “Code”) is to conduct the business of the Company and its subsidiaries by the applicable laws, regulations, rules and with the highest standard of ethics and values. The matters covered in this Code are of utmost importance to the employees and other stakeholders of the Company. Applicability All the employees of ___________________(Full-timers, Consultants, Part-Timers, Interns etc.) Every employee shall be duty-bound to follow the provisions of the Company Code in letter and spirit. Any instance of non-compliance of any of the provisions shall be a breach of ethical conduct and shall be viewed seriously by the Company. Accordingly, the employees are expected to read and understand the Code and uphold these standards in their business dealings and activities. Provision has been made for employees to be able to report in confidence and make any protected disclosure under the Company’s Whistle Blower Policy arising out of unethical behavior, actual or suspected, fraud or violation of the company’s Code of Conduct and Ethics policy. Principles Employees are expected to work to exceed the following code of ethics and principles. They should seek the commitment of their supervisor/manager in implementing the code and should seek to achieve widespread acceptance of the code amongst fellow employees. Employees should raise any matter of concern of an ethical nature with their immediate supervisor/manager or another senior colleague, irrespective of whether it is explicitly mentioned in the code.   Employees should act professionally by: Conducting all their dealings/ interactions in a manner that will protect and   enhance _____________ name and reputation at all times.  Seeking to uphold and enhance the standing of the profession within and outside the organisation. Maintaining the highest possible standards of integrity in their internal & external business relationships. Rejecting any business practice that may be deemed improper (i.e. not in line with the Company Code of Ethics or in contravention of any other local policies or laws). Never using their authority for personal gain for themselves or their immediate family or friends.  Encouraging/Developing the highest possible professional competence amongst those who they are responsible for. Enhancing the stature and effectiveness of the organization by acquiring and I am maintaining high levels of professional skills. Using the resources, they are responsible for to provide the maximum benefit to Company. Complying with both the local legal regulations (letter and spirit) of the place where they operate. Complying with contractual obligations. Guidelines  In applying these principles, employees should follow the guidelines below: Personal Interest Employees must avoid situations in which their private interests, conflict or might reasonably be thought to conflict with, their Company duties. Any personal interest that may affect or be seen by others to affect their impartiality should be declared to their immediate supervisor and Head of the Department who will direct that employee not to perform that duty. Confidentiality Confidentiality of all information received from the client etc be respected and should never be used for personal gain. Any information given should be in a clear & honest way that is not deliberately misleading. Company information on strategic plans, business models, investment decisions, database, etc should not be given to third parties. Confidential information received from clients on strategic plans, investment decisions, expansion plans, product pricing, etc should not be given to other clients. Competition Grant all competitive clients equal consideration insofar as company policy permits. The nature and length of contracts & business relationships with clients can vary according to circumstances. These should always be constructed to ensure deliverables and benefits for Company. Arrangements that might in the long term prevent effective operation of fair competition should be avoided. Business Gifts  Employees must not solicit or accept from any person any remuneration, benefit, advantage or promise of further advantage whether for themselves, their immediate family, or any business concern or trust with which they are associated.  Business gifts, other than items of a very small intrinsic value (not more than the cost of a normal business lunch) such as diaries, pens, calendars, etc should not be accepted.  Any gifts should be able to be used at the normal place of work of the employee concerned and should contain the name/logo of the company providing the gift.  Hospitality An employee should not allow him or herself to be influenced or be perceived by others to be influenced as the result of hospitality. The frequency and scale of hospitality should be managed openly and with care. The value of any hospitality should not be greater than the employee’s company can reciprocate.  Meetings & client visits/audits All meetings and significant telephone conversations with clients should be documented and circulated via the established communication channels (e-mail, documents, etc). Transparency/Traceability All salient points concerning a business decision must be recorded in a document that is kept on file as per company policy. In particular, this document should contain the technical and financial factors that influenced the choice, as well as the opinions and authorizations that preceded it, under the procedures in force at the time the decision was made.  Decisions & Advice When it is not easy to decide what is and is not acceptable, advice should be sought from the employee’s supervisor/manager, the Head of Department or other senior colleague.  This code of Ethics has been written for the employees, but should be cascaded to and should be followed by all company personnel in contact with employees. Download PDF Document In English. (Rs.40/-)