HCL Vendor Code of Conduct
PART I: HCL Vendor Code of Conduct
HCL Infosystems Limited. All rights reserved.
HCL Infosystems Limited and/or all of its India and worldwide subsidiaries (hereinafter to be referred as “HCL”) always strive to conduct business in an ethical and lawful manner. We value our employees, customers, business partners, Vendors/ Suppliers/ Contractors and recognize that they are key to the growth and successive achievements of HCL.
HCL understands that Vendors are integral part of HCL’s commercial operations and have an identity of its own; however, the business practices and actions of our Vendors may make an impact on us and therefore require them to adhere to certain moral and ethical principles in their business operations for sustained growth of HCL and the relevant economy.
HCL expects all Vendors, Suppliers, Service Providers (collectively, “Vendors” and each a “Vendor”) and their employees, agents, and subcontractors (Vendors’ employees, agents, and subcontractors shall hereinafter be referred to collectively as “Representatives”) to adhere to this Vendor Code of Conduct while they are conducting business with and/or on behalf of HCL. Vendors should educate their Representatives to ensure they understand and comply with this Vendor Code of Conduct while conducting business with and/or on behalf of HCL.
LEGAL AND REGULATORY COMPLIANCE PRACTICES
All HCL Vendors and their Representatives shall conduct their business activities in full compliance with the applicable laws and regulations of their respective countries. While conducting business with HCL or on behalf of HCL, in addition to any specific obligations under Vendor’s agreement with HCL, all HCL Vendors shall, without limitation:
- Comply with all applicable trade controls, as well as all applicable export, re-export and import laws and regulations.
- Conduct business in full compliance with antitrust and fair competition laws that govern the jurisdictions in which they conduct business.
- Comply with all applicable environmental laws and regulations regarding hazardous materials, air emissions, waste and wastewater discharges, including the manufacture, transportation, storage, disposal, and release to the environment of such materials.
- Be honest, direct, and truthful in discussions with regulatory agency representatives and government officials.
- Comply with all applicable anti-corruption laws of the countries in which it does business (including anti-bribery laws, laws governing lobbying, gifts and payments to public officials, political campaign contribution laws, and other related regulations), and will not make any direct or indirect payments or promises of payments to foreign government officials or employees for the purpose of obtaining or retaining business on its own behalf or on behalf of HCL or any affiliate, partner or customer of HCL.
- Not to undertake any business or project that is detrimental to national interest.
INTEGRITY, FAIRNESS & BUSINESS ETHICS
HCL Vendors and their Representatives shall conduct their business interactions and activities with integrity and in accordance with their obligations under their specific agreements with HCL. In addition to any specific obligations under Vendor’s agreement with HCL, all HCL Vendors shall, without limitation:
- Honestly and accurately record and report all business information and comply with all applicable laws regarding their completion and accuracy.
- Obtain and all hold all necessary statutory licenses and approvals for conduct of the business.
- Prepare and maintain accounts fairly and accurately in accordance with the accounting and financial standards generally acceptable.
- Create, retain, and dispose of business records in full compliance with all applicable legal and regulatory requirements.
- Protect and responsibly use both the physical and intellectual assets of HCL including property, supplies, consumables and equipment when authorized by HCL to use such assets.
- Use HCL provided information technology and systems (including e-mail) only for authorized HCL business-related purposes. HCL strictly prohibits Vendors and their Representatives from using HCL provided technology and systems to create, access, store, print, solicit, or send any material that is illegal, intimidating, harassing, threatening, abusive, sexually explicit or otherwise offensive or inappropriate and/or send any false, derogatory, or malicious communications using HCL provided information assets and systems.
- Comply with all HCL requirements for maintenance of passwords, confidentiality, security, and privacy procedures as a condition of providing HCL with goods or services or receiving access to HCL’s internal corporate network, all systems and buildings. All data stored or transmitted on HCL owned or leased equipment is to be considered private and is the property of HCL. HCL may monitor all use of the corporate networks and all systems (including e-mail) and/or access all data stored or transmitted using the HCL network.
- Comply with the intellectual property ownership rights of HCL and others including but not limited to copyrights, patents, trademarks, and trade secrets.
- Speak to the press on HCL’s behalf only if Vendor and/or Representative(s) is expressly authorized in writing to do so by HCL.
- Use good judgment, discretion, and moderation when offering gifts or entertainment to HCL employees.
- Avoid the appearance of or actual improprieties and/or conflicts of interests. Vendor or Representatives shall immediately disclose actual or potential conflict of interest to HCL. A conflict of interest may arise where directly or indirectly (a) an employee of the Vendor/Representative is in a position to derive a personal benefit or a benefit to any of his relatives including spouse by making or influencing decisions relating to any transaction and (b) HCL’s best interest cannot be judged or exercised independently.
- Dealing directly in the course of negotiating the Vendor agreement or performing the Vendor’s obligations with a spouse, domestic partner, or other family member or relative who is employed by HCL is also prohibited.
- Avoid insider trading by buying or selling HCL’s or another company’s stock when in possession of information about HCL or another company that is not available to the investing public and that could influence an investor’s decision to buy or sell stock.
- Not engage in activities that generate or support formation of dominant market positions, monopolies and similar unfair trade practices.
All HCL Vendors and their Representatives also shall not use money or other consideration paid by HCL for any unlawful purpose, including any purposes violating the applicable anti-bribery laws, such as making direct or indirect payments or giving anything of value, in connection with the services, proposed services, or Vendor’s business dealings on HCL’s behalf, for the purpose of assisting HCL in obtaining or retaining business, to any of the following:
- Government officials (including any person holding an executive, legislative, judicial or administrative office, whether elected or appointed, or of any public international organization, such as the United Nations or World Bank, or any person acting in any official capacity for or on behalf of such government, public enterprise or state-owned business);
- Political parties or officials of political parties;
- Candidates for political office; or
- Any person, while knowing that all or a portion of such money or thing of value will be offered, given or promised, directly or indirectly, to any of the above-identified persons or organizations.
GIFTS & GRATUITIES
Any Vendor or its Representative or their immediate family member must not directly or indirectly give any gifts or gratuities with aggregate value exceeding INR 2000 per calendar quarter from any one current or potential client, business partner or other service provider. For purposes of this policy, “gift” includes supplier or vendor or partner paid travels, vouchers, cash, items, vacation package, tickets to sporting or cultural events, concert tickets, and similar spectator or participatory activities.
Vendor or its Representative must inform the HCL employee’s Reporting Managers prior to giving the gift within the defined value limit. Any exceptions must be approved by the Code of Conduct Administration Body.
HCL expects its Vendors to share its commitment to human rights and equal opportunity in the workplace. HCL Vendors shall conduct their employment practices in full compliance with all applicable laws and regulations. All HCL Vendors shall, without limitation:
- Cooperate with HCL’s commitment to a workforce free of harassment and unlawful discrimination. While we recognize and respect cultural differences, we believe that Vendor companies should not engage in discrimination in hiring, compensation, access to training, promotion, termination or retirement based on race, color, sex, national origin, religion, age, disability, gender identity or expression, marital status, sexual orientation, or veteran status.
- Provide a safe and healthy work environment and fully comply with all applicable safety and health laws, regulations and practices. Adequate steps shall be taken to minimize the causes of hazards inherent in the working environment.
- Prohibit the use, possession, distribution, and/or sale of illegal drugs while on HCL owned or leased property.
- Use only voluntary labor. The use of forced labor whether in the form of indentured labor, bonded labor, or prison labor by a HCL Vendor and/or its subcontractors is prohibited.
- Comply with all local and national laws on minimum working age and not utilize child labor. Workers under the age of 18 cannot perform hazardous work and may be restricted from night work, with consideration given to educational needs.
- Not engage in physical discipline or abuse. Physical abuse or discipline, the threat of physical abuse, sexual or other harassment and verbal abuse or other forms of intimidation is prohibited.
- Comply with applicable wage laws including minimum wages, working hours, overtime payments, etc. and keep proper records of employment. Vendors should provide all benefits required under laws and regulations including PF, ESI, etc.
COMPLIANCE WITH THE VENDOR CODE OF CONDUCT
It is the responsibility of the Vendor to ensure that its Representatives understand and comply with this Vendor Code of Conduct and to inform its HCL contact (or a member of HCL management) if and when any situation develops that causes the Vendor to operate in violation of the code set forth in this document. HCL Vendors are expected to self-monitor their compliance with this Vendor Code of Conduct. In addition to any other rights HCL may have under its agreement with Vendor, HCL may request the immediate removal of any Representative who behaves in a manner that is unlawful or inconsistent with this Code or any HCL policy and also require the Vendor to implement a corrective action plan, if he is in violation of the Code of Conduct.
WHISTLE BLOWER POLICY
HCL has established a single, no threat window; whereby any Vendor or its Representatives or any Party, who is aware of any, perceived wrongdoing in the organization, is able to raise it & it ensures that appropriate investigations of the report, timely institutional response & remedial action. The protected disclosure could be submitted; in person, in writing or anonymously; through any of the channels mentioned below:
Chairman of the Audit Committee
Mr. Kaushik Dutta
Thought Arbitrage Research Institute
C-16, Qutub Institutional Area,
New Delhi – 110016
Landline – +91-11-41022447 / _91-11-41022448
Mobile – +91-9811051015
Email at firstname.lastname@example.org
All Protected Disclosures concerning any protected disclosure pertaining to other HCL employees should be addressed to the Chief Human Resources Officer (Ethics Officer).
Chief Ethics Officer
HCL Infosystems Ltd.
E – 4,5,6 Sector-11, Noida-201301
Tel No.: 0120-2520977/ +91- 9810217997
Acquiring and Using Information
- Furnish Complete and Correct Particulars.
In case the particulars furnished by the Vendor are found to be false, incorrect or incomplete, their service engagement with the Company shall be liable to be terminated or cancelled forthwith without any further notice Moreover, the Vendor will be squarely liable, and hence shall indemnify HCL for all losses and/ or liabilities incurred on account of furnishing of such false, incomplete or incorrect information.
- Information about Others.
In the normal course of business, it is not unusual to acquire information through appropriate sources; about other organizations, including competitors for purposes such as; extending credit, evaluating suppliers, evaluating the relative merits of HCL’s own products, services, and marketing methods against that of competitors
No Vendor should use improper means to acquire another’s trade secrets or other confidential information because improper solicitation or receipt of confidential data from any source, including any of HCL’s client, a competitor’s employees or any other Party, is inappropriate.
No Vendor must engage in or facilitate any improper or illegal practices designed to collect potentially confidential or sensitive information from competitors or others, such as wiretapping, surveillance, hacking, bribery, theft or trespassing.
Information about other organizations and individuals should be treated with sensitivity and discretion. When working with information, the Vendor should use that information in the proper context and make it available only to persons with a legitimate need to know. In presenting such information, the Vendor should disclose the identity of the organization or the individuals only if necessary.
- Personal Information about Individuals.
The Vendor may have information about consumers or employees of clients, suppliers, HCL business partners and others that they should use only to the extent necessary to fulfill the Vendor’s assigned responsibilities
The Vendor shall not use or alter the personal information about others, for personal gain or disclose it to anyone who does not have a legitimate need for such information.
- Keep Company Information Confidential.
“Confidential/Proprietary Information” for the purposes as stated above, shall mean and include all information, regardless of the form and whether oral, written, stored in a computer database or otherwise, which has been disclosed by the Company or any of its employees or promoters and which in any way relates to markets, customers (including, but not limited to customers of the Company upon whom the Vendor called or with whom the Vendor or its personnel became acquainted while being associated with the Company), products, patents, inventions, know-how, software, procedures, methods, designs, strategies, plans, assets, liabilities, revenues, profits, all ideas and intellectual property which are derived from or related to Vendor’s access or knowledge of any of the enumerated materials and information, Company, employees, agents, distributors or business in general of the Company. Confidential/Proprietary Information does not include any of the foregoing items which have become publicly known and made generally available through no wrongful act of the Vendor or of others who were under confidentiality obligations as to the item or items involved.
Any Vendor, being privy to Confidential/Proprietary Information including any Intellectual Property belonging to the Company by virtue of being in a service relationship with the Company, is under a contractual obligation, including but not limited to:
I. Protect and safeguard the Confidential/Proprietary Information against unauthorized use, publication or disclosure;
II. Not to use any of the Confidential/Proprietary Information except for Business Purposes;
III. Not to, directly or indirectly, in any way, reveal, report, publish, disclose, transfer or otherwise use any of the Confidential/Proprietary Information except as specifically authorized by the employer in accordance with this Non-Disclosure Agreement
IV. Not to use any Confidential/Proprietary Information to unfairly compete or obtain unfair advantage in relation to employer in any commercial activity which may be comparable to the commercial activity contemplated by the Vendor in connection with the Business Purposes
V. To restrict access to the Confidential/Proprietary Information to those of its officers, directors, and employees who clearly need such access to carry out the Business Purposes;
VI. To advise each of the persons to whom it provides access to any of the Confidential/Proprietary Information, that such persons are strictly prohibited from making any use, publishing or otherwise disclosing to others, or permitting others to use for their benefit or to the detriment of HCL, any of the Confidential/Proprietary Information, and, upon Request of the HCL, to provide the HCL with a copy of a written agreement to that effect signed by such persons;
VII. To comply with any other reasonable security measures requested in writing by HCL;
VIII. To refrain from directly contacting or communicating by whatsoever means to the Source(s) of Information without written consent of HCL;
IX. To undertake not to disclose any names and their particulars to third Parties without the written consent by the employer.
The Vendor shall also be responsible for maintaining and holding in the strictest confidence, any Third Party information that the Company has received and in the future may receive from third Parties, in trust for the Company and the third Party owner of such information and shall not use or disclose to anyone such information (other than Company personnel who need to know such information in connection with their work for the Company) except in connection with the Vendor’s work for the Company. Absence of any marking or statement that particular information is Confidential Information shall not affect its status as Confidential Information.
In addition, following the termination of service relationship of a Vendor with the Company, the Vendor shall not use any Confidential/Proprietary Information belonging to the Company, whether directly or indirectly, without the prior written consent of the Company. This prohibition does not prohibit Vendor’s use of general skills and know-how acquired during, prior and post to employment by the Company, as long as such use does not involve the use or disclosure of Confidential/Proprietary Information or Trade Secrets.
- Safe and Healthy Work Environment.
The Vendor must follow all safety guidelines and report any unsafe conditions or accidents. Any acts or threats of violence towards any other person or Company property must be reported promptly.
- Tobacco, Alcohol & Drug Free Workplace.
HCL has adopted a Tobacco, Alcohol and Drug Free Workplace policy, the purpose of which is to promote health and safety of each other and that of their employees, customers, other stakeholders and general public.
All Vendors & visitors are required to only use designated outdoor areas that HCL or building management, at its discretion, may establish as smoking areas.
All Vendors & visitors are prohibited from consuming, carrying or distributing drug, alcohol or any intoxicant substance during working hours as well as in the Company premises.
All Vendors working or visiting at client locations must strictly follow the client’s established policies pertaining to the above said subject.
- No Harassment (verbal/ physical/ sexual) / Misbehavior/ Discrimination.
During the term of the Vendor’s work engagement, the Vendor shall not engage in any form of harassment in the workplace, including verbal harassment (epithets, derogatory statements, slurs), physical harassment (hitting, pushing or other aggressive physical contact), visual harassment (posters, cartoons, drawings), sexual harassment.
The Company takes a very serious view of instances of sexual harassment and has Zero Tolerance in this regard. Any complaint relating to sexual harassment will be dealt with in accordance with the provisions of Redressal of Sexual Harassment at Work Place Policy. This policy aims at preventing any incident of sexual harassment and lays grievance redressal procedure for investigation & addressing any act of sexual harassment at workplace.
Fair Use & Protecting Company Assets
Vendors are required to protect HCL’s assets and ensure their efficient use. Misuse, theft, carelessness and waste of resources and assets have a direct impact on HCLs profitability and reputation. HCL’s assets include: The buildings, equipment, supplies, computer systems, software and other materials that comprise HCL workplaces.
- Company Assets – Property of the Company.
Each Vendor has a responsibility to use and maintain the Company assets with care and to guard against waste and abuse.
The Company’s assets must only be used for the business-related aspects or for any other use as duly notified and authorized in writing by the Company. In the event that the Vendor undertakes or executes any modification, alteration and/or up gradation of asset of the Company, such modified, altered, upgraded asset shall also belong exclusively to the Company. Upon the termination of service engagement with the Company, the Vendor must hand over all the Company assets in its possession to any such person as may be designated by the Company from time to time for this purpose. The Company further retains the absolute right to restrict, monitor, modify and delegate the use of its assets by any Vendor. The Vendor will be solely responsible for the use of all assets of the Company that have been entrusted to its custody by the Company and no acts of commission or omission on behalf of the Company shall constitute a waiver of such responsibility or liability on its part.
During the course of service related engagement with the Company, the Vendor could have access to a wide variety of data and documents, some of which may have been created by the Vendor alone or as a part of a team. The Company shall at all times retain absolute ownership of all such content, documents and/or data and the Vendor shall not copy, transmit, remove or alter such data except in pursuance of its official duties.
Vendor could have access to Company or customer or partner-provided messaging systems and tools that are provided to facilitate business. These systems and tools include e-mail, fax, instant messaging, telephones, voice-mail, mobile devices, and file sharing via Internet and internal networks. All information sent or received using such messaging systems is the property of specific Company or customer or partner, and may be monitored by them. The tone and content of all messaging is expected to be businesslike and to reflect well on the Company.
Definition of Company assets: Stationery, furniture / infrastructure, money, products, Employees’ time at work and work products, computer systems and software, telephones, wireless communication devices, photocopiers, company vehicles, proprietary information and Company’s trademarks, tangible and intangible materials (whether or not capable of being protected by laws affording protection to intellectual properties).
- Computer Systems.
All Vendors are required to operate both internal and client-facing computer systems for their intended business purposes only, and in full accordance with documentation and supervisors’ instructions. The Vendors have an absolute obligation to safeguard the hardware, software and data processed by HCL computers against damage, alterations, theft, fraudulent manipulation, unauthorized access, and unauthorized disclosure of proprietary or confidential information. HCL has an absolute right to monitor, limit and control the configuration and use of its computer systems and networks.
PART II: POLICY CONCERNING USE OF EMAIL AND / OR INTERNET RESOURCES
We, the Vendor, shall comply with HCL’s policy on usage of mail and internet resources, and shall comply with all laws applicable to use of email and internet resources, including without limitation, the policy (relevant text reproduced below):
SUB: SECURITY GUIDELINES FOR USE OF SYSTEM, EMAIL AND INTERNET
This is brought to your notice, that the security guidelines/ policy as enumerated herein below are required to be observed by all while using the Internal Computer Systems (hereinafter referred to as ‘the System’). These are the basic security measures designed to protect the internal data, confidential information, trade secrets and any/all vital information related to the business of the Company (viz. HCL Infosystems Ltd, and all of the subsidiaries of HCL Infosystems Ltd).
This guidelines/ policy is applicable on all the employees, contractors, vendors and other personnel (hereinafter referred to as ‘the user’) who are using or have the access to use the system of the Company.
This document contains proprietary information of HCL Infosystems Ltd. No part of this document may be reproduced, stored, copied, or transmitted in any form or by means of electronic, mechanical, photocopying or otherwise, without the express consent of HCL Infosystems Ltd. This document is intended for internal circulation only and not meant for external distribution.
This document will be reviewed regularly or whenever deemed necessary by the Company and shall be reissued upon revision.
Email Usage Policy
Ensure appropriate & effective use of e-mail for official purpose and prevent threat of tarnishing the public image of Company. When e-mail goes out from Company, the general public will tend to view that message as an official policy statement from the Company.
This policy covers appropriate use of any e-mail sent by HCL Infosystems team member from a HCL e-mail address and applies to all Vendor’s personnel and agents operating on behalf of HCL Infosystems Ltd.
3. Policy Statement
Email application will be protected against risks of malicious code, spams & unauthorized access and would be managed to ensure high availability. Email accounts will be provided to users with business requirements.
4. Email System Performance Objectives
4.1 Delivery Time Objective
All emails should get delivered within the internal network within max 5 minutes of the mail coming into the network; except in cases of destination server or link is down due to nonworking hours. In cases of server or link down, the queued mails to be distributed within 30 minutes of the link/server coming up.
4.2 Monitoring and Alert
Deploy appropriate monitoring at various levels, so as an alert is raised in situations likely to affect delivery time objective?. The alert should reach the concerned person responsible for correction within 15 minutes time during working hours, and within one hour during non-working hours.
4.3 Anti Virus Patches
As a process, latest anti-virus patches may be checked and applied on regular basis.
5.1 Email Accounts
a) Email Ids would be provided only for users having a business need for the same. The central Mail administrator will create email Ids for users.
b) Email ID would be created based on the set-naming standard. The naming standard can be in the form of email@example.com and firstname.lastname@example.org In case employee exists with the same name, the same would be created by mutual agreement between HR & Email ID Creation team.
c) For Associates/OJTs the naming standard in the form of email@example.com and for consultants it would be firstname.lastname@example.org
d) All mailboxes would be protected by a user-id/password.
e) For generic Email Ids (like HelpdeskTeam@hcl.com), which needs to be accessed by a team of users, an email alias or distribution list would be created for the same.
f) All email accounts would be deleted as soon the need for the same is over. Termination of email Ids would be due to various reasons including user leaving the organization, consultant completing the assignment or application being phased out. The respective delivery / Department Heads / Project Managers and HR is responsible for informing the Mail Administrator for terminating the email accounts.
g) Individual mail size would be restricted to 5MB for regions and 10MB for HO. The size of individual user mailbox would be restricted in the Company’s sole discretion.
h) The operating system of the mail server and the e-mail application would be secured as per the secure configuration standards/policies.
i) Mail server configured on Cluster for high availability of user’s mailbox.
j) E-mail servers accessible from the Internet would be protected by a Firewall.
k) E-mail servers used for transacting with Internet would be separated from the email server storing user mailboxes.
l) E-mail server would have adequate protection against SPAM and unauthorized mail relay.
5.2 Email Helpdesk
There would be a centralized team under MIS for e-mail administration and support.
5.3 Email Usage
a) Vendor’s personnel owning the email account would be fully responsible for the content of email originated, replied or forwarded from their account to other users inside or outside HCL domain. HCL is in no way responsible for the content of the email, be it body of mail or the attachment. Vendor’s personnel would not send emails with any libelous, defamatory, offensive, racist or obscene remarks. Vendor’s personnel would not send emails that contain virus or unsolicited mail (SPAM). Vendor’s personnel would not use HCL email systems to send chain mails, for charitable fund raising campaigns, political advocacy efforts, religious efforts, private business activities or personal amusement and entertainment. The email system would not be used to copy and/or transmit any document, software, or other information protected by copyright or any other law. User’s Email account can be terminated and HCL would take appropriate action in case misuse of the Email system is discovered.
b) All Emails stored locally on the users desktop would be protected by password.
c) Users would promptly report all suspected security vulnerabilities or problems that they notice with the email system to the Mail administrator.
d) Email Team is responsible for ensuring the security of the email servers. Email team would setup the Email application and the underlying operating system as per secure configuration document.
e) Selected set of Email servers will need access to/from Internet for transacting with external domains and for remote mailbox access. These servers would be protected from Internet using a Firewall. The Firewall would be configured to ensure that only required ports are opened to/from Internet. The ports that need to be allowed would include SMTP ports for mail transfer and Secure HTTP for web-mail access.
f) Email servers including SMTP relay server that directly interacts with the Internet would not host any mailboxes. This is to ensure that in the event of compromise of these servers, user mails are not at risk.
g) Adequate steps would be taken to protect the users from SPAM mail. Anti-SPAM software would have the capability to reject mails sent from well-known open relay servers.
h) Mailboxes can be accessed via internal network as well as through Internet. There would be facility to limit email access from Internet to selected email accounts. Access from Internet would only be through secure ports.
i) Mailboxes can be accessed via internet. There would be facility to access mail from anywhere to selected email accounts.
j) Company offices that are on Group Network can access the mailboxes through internal network. Access to mailboxes on the internal network would be through secure link. Remote Offices that are not on Company Network can access the mailboxes through secure ports.
k) Email to attach a disclaimer to all outbound external mails.
5.4 Retention of Email
The Company provides e-mail to Vendor’s personnel to conduct the business of the Company and, in so doing, expects them to manage and protect records resulting from e-mail communications. They should be aware of their responsibilities regarding the creation of e-mail messages; the routine removal of messages from electronic file folders; and, the storage and retention of electronic mail messages, which are official organizational records.
Vendor’s personnel should note that an e-mail communication could be used as electronic evidence in the event of litigation.
Unmanaged and unidentified e-mail records residing on computers also pose a threat to the organizational ability to document and
reconstruct business and decision-making processes. Such records of the Company, which are directly related with the business of the Company, should be stored in a file structure or medium that leads itself to records retention audit procedures
5.5 E-Mail Monitoring
HCL has the authority to intercept or disclose, or assist in intercepting or disclosing, Email communications. The Email Administrator will however, require the approval from Head before initiating any of these activities.
Internet Usage Policy
The Internet usage Policy applies to all Internet users (individuals working for the company, including permanent full-time and part-time Vendor’s personnel, contract workers, temporary agency workers, business partners, and vendors) who access the Internet through the computing or networking resources. The company’s Internet users are expected to be familiar with and to comply with this policy, and are also required to use their common sense and exercise their good judgment while using Internet services.
2. Compliance is Mandatory
Compliance with this Policy is mandatory, and any employee failing to comply will be subject to disciplinary action.
2.1 Consequences of Violations
Violation of the Internet usage Policy will be documented and can lead to revocation of system privileges and/or disciplinary action up to and including termination. Additionally, the company may at its discretion seek legal remedies for damages incurred as a result of any violation.
The Company may also be required by law to report certain illegal activities to the proper enforcement agencies.
Before access to the Internet via company network is approved, the potential Internet user is required to read this Internet usage Policy.
3. Internet Services
Access to the Internet will be provided to users to support their business activities and `only on an as-needed basis to perform their jobs and professional roles.
3.1 User Services
3.1.1 Internet Services Allowed Internet access is to be used for business purposes only. Capabilities to access following standard Internet services will be provided to users as needed:
E-mail — Send/receive E-mail messages to/from the Internet (with or without document attachments).
Navigation — Internet services as necessary for business purposes, using a hypertext transfer protocol (HTTP) browser tool. Full access to the Internet; limited access from the Internet to dedicated company public web servers only.
Management reserves the right to add or delete services as business needs change or conditions warrant. All other services will be considered unauthorized access to/from the Internet and will not be allowed.
3.2. Removal of privileges
Internet access will be discontinued upon termination from services, completion of contract, end of service of non-employee, or disciplinary action arising from violation of this policy. In the case of a change in job function and/or transfer the original access code will be discontinued.
All user IDs that have been inactive for thirty (30) days will be revoked. The privileges granted to users must be re-evaluated by management annually. In response to feedback from management, systems administrators must promptly revoke all privileges no longer needed by users.
4. Usage Threats
Internet connectivity presents the company with new risks that must be addressed to safeguard the facility’s vital information assets. These risks include:
4.1 Inappropriate Use of Resources
Access to the Internet by personnel that is inconsistent with business needs results in the misuse of resources. These activities may adversely affect productivity due to time spent using or “surfing” the Internet. Additionally, the company may face loss of reputation and possible legal action through other types of misuse.
4.2 Misleading or False Information
All information found on the Internet should be considered suspect until confirmed by another reliable source. There is no quality control process on the Internet, and a considerable amount of its information may be outdated or inaccurate.
5 Usage Policies
5.1 Resource Usage
Access to the Internet will be approved and provided only if reasonable business needs are identified. Internet services will be granted based on an employee’s current job responsibilities. If an employee moves to another business unit or changes job functions old connection will be discontinued and a new Internet access request need to be submitted.
User Internet access requirements will be reviewed periodically by respective departments to ensure that continuing needs exist.
5.2 Allowed Usage
Internet usage is granted for the sole purpose of supporting business activities necessary to carry out job functions.
All users must follow the corporate principles regarding resource usage and exercise good judgment in using the Internet.
Acceptable use of the Internet for performing job functions might be wholly dependent on IT Dept’s Policy in force at the relevant point in time.
5.3 Personal Usage
Using company’s computing resources to access the Internet for personal purposes, without approval from the user’s manager and the IT department, may be considered cause for disciplinary action.
5.3.1 All users of the Internet should be aware that the company network creates an audit log reflecting request for service, both in-bound and out-bound addresses, and is periodically reviewed.
Users who choose to store or transmit personal information such as private keys, credit card numbers or certificates or make use of Internet “wallets” do so at their own risk. The company is not responsible for any loss of information, such as information stored in the wallet, or any consequential loss of personal property
5.4 Prohibited Usage
Information stored in the wallet, or any consequential loss of personal property. Acquisition, storage, and dissemination of data which is illegal, pornographic, or which negatively depicts race, sex or creed is strictly prohibited.
The company also prohibits the conduct of a business enterprise, political activity, engaging in any form of intelligence collection from our facilities, engaging in fraudulent activities, or knowingly disseminating false or otherwise libellous materials.
Other activities that are strictly prohibited include, but are not limited to:
- Accessing company information that is not within the scope of one’s role or work. This includes unauthorized reading of customer account information, unauthorized access of personnel file information, and accessing information that is not needed for the proper execution of job functions.
- Misusing, disclosing without proper authorization or altering customer or personnel information.
- Deliberate pointing or hyper-linking of company Web sites to other Internet / worldwide web sites whose content may be inconsistent with or in violation of the aims or policies of the company.
- Any conduct that would constitute or encourage a criminal offense, lead to civil liability, or otherwise violate any regulations, local, or international law including, without limitations, US export control laws and regulations.
- Use, transmission, duplication, or voluntary receipt of material that infringes on the copyrights, trademarks, trade secrets, or patent rights of any person or organization.
- Assume that all materials on the Internet are copyright and/or patented unless specific notices state otherwise.
- Transmission of any proprietary, confidential, or otherwise sensitive information without the proper controls.
- Creation, posting, transmission, or voluntary receipt of any unlawful, offensive, libelous, threatening, harassing material, including but not limited to comments based on race, national origin, sex, sexual orientation, age, disability, religion, or political beliefs.
- Any form of gambling.
- Unauthorized downloading of any shareware programs or files for use without authorization in advance from the IT Department and the user’s manager.
- Playing of any games.
- Forwarding of chain letters.
Bandwidth both within the company and in connecting to the Internet is a shared and finite resource. Users must make reasonable efforts to use this resource in ways that do not negatively affect other personnel.
5.5 Expectation of Privacy
5.5.1 Monitoring Users should consider their Internet activities to be periodically monitored and limit their activities accordingly.
Management reserves the right to examine E-mail, personal file directories, web access, and other information stored on company computers, at any time and without notice. This examination ensures compliance with internal policies and assists with the management of company information systems.
5.6 Maintaining Corporate Image
5.6.1 Representation When using company resources to access and use the Internet, Users must realize they represent the company they are working for. Whenever Vendor’s personnel state an affiliation to the company, they must also clearly indicate that “the opinions expressed are my own and not necessarily those of the Company”.
5.6.2 Company Materials
Users must not place company material (examples: internal memos, press releases, productor usage information, documentation, etc.) on any mailing list, public news group, or such service. Any posting of materials must be approved by the employee’s manager and the public relations department and will be placed by an authorized individual.
5.7 Periodic Reviews
5.7.1 Usage Compliance Reviews
In order to ensure compliance with this policy, periodic reviews will be conducted. These reviews will include testing the degree of compliance with usage policies.
5.7.2 Policy Maintenance Reviews
Periodic reviews will be conducted to ensure the appropriateness and the effectiveness of usage policies. These reviews may result in the modification, addition, or deletion of usage policies to better suit company information needs.
6 Authentication / Site Accessibility / Restrictions
Access will be allowed based on directory Authentication.
Access to social networking sites will be allowed from 12:30pm to 2:00pm and after office hours on normal working days. On holidays access will be available for complete day.
Access to free mail sites may be allowed from 12:30pm to 2:00pm and after office hours on normal working days. On holidays access will be available for complete day.
Downloading of games & media files like movies, songs etc. is strictly forbidden.
Default limit for file download during office hours will be 5MB and after office hours it will be 20MB.
Any deviation to above restriction should be duly approved by a duly designated Officer of the Company, appointed by the IS Department.
We, the Vendor, understand that this code of conduct shall govern all our dealings with HCL inter alia under various contracts executed with HCL. We also understand that execution / acceptance of this Agreement –cum- Undertaking does not entitle us or guarantee issue of email ID and / or internet resources. In case of conflicts in the terms of any other Agreement executed by us, and the terms of this HCL Vendor Code of Conduct, the conflicting terms of this HCL Vendor Code of Conduct shall prevail.
We, the Vendor, understand that this code of conduct shall govern all our dealings with HCL inter alia under various contracts executed with HCL.