Security Guidelines and User Charter
for Computing Resources
Part 1 - Computer Security Guidelines
I. INTRODUCTION
Effective use of computing resources and communications networks is a major
facilitating factor for the development and success of Grindwell Norton Ltd.,
(GNO). These tools provide faster and efficient access to information and better
communication within and outside GNO.
Hence the security and reliability of these resources must remain a permanent
priority for GNO and the users of these tools. Likewise the protection of
confidential data, compliance with the legislation in force, especially on
intellectual and electronic data processing, and loyalty to the company are part of
the duties and responsibilities of each user.
The purpose of this document is to highlight these imperatives and to draw users'
attention to the rules to be applied in these areas. Compliance with these rules
and the proper use of these technologies are conditions for safeguarding the
industrial, commercial and financial interests of GNO and also for maintaining its
public image.
The guidelines described by this document and the enclosed User Charter apply to
all those employees of GNO who, to carry out the mission entrusted to them, are
required whether directly or indirectly to organize, put in place, modify or use
GNO's Computing Resources.
They also apply to all those who, although not on the payroll of GNO, are required,
while working within or in the interests of GNO, whether directly or indirectly, to
organize, put in place, modify or use its Computing Resources, (Trainees, Service
Providers, Customers, Subcontractors, Personnel from Group Companies,
Consultants et al.).
1 References to GNO Computing Resources include but not limited to: Personal Computers,
Workstation, Mobile Computers, Personal Digital Assistants (PDAs), Servers, Local and
Wide Area Networks, Operating / Application Software, Tools / Utilities, Services like
Internet Access, e-mail etc.,
2 Reference to Service Providers in this document is to be understood to mean all
Organizations / Individuals authorized by GNO management and deployed either On-Site
or Off-Site to provide IT related Services like Facility Management, Help Desk, Network
Services, Application Support etc., to GNO.
Grindwell Norton Ltd., Confidential
Security Guidelines and User Charter for Computing Resources
Respective officers of GNO, with whom such persons have signed a contract or are
in contact, must inform them of the existence and content of this document.
II. APPROVED USE OF COMPUTING RESOURCES
Computing resources and communication networks (including the
Workstations, Mobile Computers, Servers, Peripherals, Communication and
Networking Devices, along with all the software incorporated in them for various
applications, as well as the information and data they contain, to which access is
possible by any means of any description) are working tools made available to you
by the company to enable you to carry out the mission entrusted to you.
These tools are therefore for business use only. Use is subject to audit at
any time by management.
Personal use of GNO computing equipment may be approved by GNO
management if such use is clearly insignificant, does not interfere or compete
with GNO business, and does not involve any incremental cost to GNO. Any
questions concerning personal use of GNO computing resources should be
discussed with your Sponsor.
III. RESPECTING LAWS CONCERNING INTELLECTUAL PROPERTIES
It is your responsibility to ensure that, any software installed by the service
providers or any other person on your computer, is licensed. If you are in doubt,
please bring the matter to the immediate attention of your Sponsor or the IT
Department.
You must have a valid license for all licensed software that you personally obtain
and install on your computer.
Never copy or duplicate licensed software, except as explicitly allowed in the
license terms and conditions.
IV. PROTECTION OF COMPUTING RESOURCES
The company makes computing / communication resources (PCs, Workstations,
Servers, PDAs, Multi-function Telephones, Fax Machines, Mobile Phones etc.)
available to you for business use. You must take every care to protect these
resources against modification, misuse and theft.
If you are provided with a Mobile Computer, you should take extra precautions to
preserve the security of your computer and the data that it contains.
1 2 Grindwell Norton Ltd., Confidential
 Security Guidelines and User Charter for Computing Resources
The resources made available to all users, and especially hard disk
drives can be subjected to inspections and checks by the company with the aim of
ensuring the security of information systems and networks.
Every user's Workstation, as a general rule, is provided with anti-virus software.
However the use of communicating applications (Internet, email, etc.) and
storage media (diskettes, CD-Rom) may, despite all of the precautions taken,
cause transmission and installation on the user's Workstation, without the
his/her knowledge, programs or files that alter or steal the data and software that
the Workstation contains.
If any anomaly occurs on your Workstation you must stop using your device,
disconnect it from the network and immediately inform IT Department.
Every employee is responsible to help reduce the possibility of theft of GNO
computer workstations and information they contain.
· Always use “Power-on” and “Keyboard / Screen-Saver”
passwords to disable unauthorized access to your workstation.
When you leave your work area at the end of the work day:
· Make sure that you completely log-out of the network, shut-
down the computer and then power-off
· If you use a mobile computer, lock it in a desk or filling cabinet,
or take the computer with you.
· If you work in an office that can be locked, lock the office.
When traveling:
· Keep portable computers in your possession.
· Do not leave them exposed in cars or hotel rooms. Do not
leave them with hotel personnel, and do not leave them in
checked-in baggage while you travel by air.
If you are making a long journey by car and if you don't intend to work
during the journey, lock the computer in the car trunk when you begin your
travel. Upon reaching your destination, if you must leave the computer in
the car, leave it locked in the car trunk.
3 Note: Computer workstations available for shared use in GNO like Intranet Kiosks,
Canteen and similar environments are not required to have power-on and
keyboard/screen-saver passwords applied. GNO employees must not place GNO
Confidential information on such workstations.
Grindwell Norton Ltd., Confidential
Security Guidelines and User Charter for Computing Resources
· Whenever you use valet parking services in hotels, make sure that
you do not leave the computer in the car.
· When staying at a hotel; if you must leave the computer in the
hotel, lock it in the hotel safe if one is available, or store the
computer out of open view in your hotel room.
· You should either protect / encrypt the GNO Confidential information
on your computer or you should remove unprotected GNO
Confidential material from the computer during business travel.
Individual Files containing Confidential Information must be
password protected.
The loss or theft of a portable computer containing unprotected /
unencrypted GNO Confidential information results in the loss of both a
physical asset and proprietary assets.
V. PASSWORD SECURITY
A Computer access password is the primary key to computer security. The
password uniquely identifies you, and allows you access to the computing
resources and information they contain. At all times you should keep your
password confidential and under no circumstances you should share it with
anyone.
· Please follow these guidelines while selecting your passwords,
to make them difficult to guess. Passwords must:
Ø Be at least 6 characters in length
Ø Contain at least one alphabetic and one non-alphabetic
character.
Ø Contain an alphabetic or other non-numeric character in the
first and last position.
Ø Contain no more than three identical consecutive characters in
any position from the previous password
Ø Contain no more than two identical consecutive characters
Ø Not contain your user id as part of the password.
Ø Be changed at least once every month.
· When changing your password, you must select a new password,
i.e., do not change the password to one that you used in the past.
· If you access computer systems outside the GNO Network,
please make sure that you do not use the same password as you
use for GNO internal systems.
3 4 Grindwell Norton Ltd., Confidential
 Security Guidelines and User Charter for Computing Resources
VI. PROTECTING CONFIDENTIAL INFORMATION
You must avoid any risk of releasing data of a confidential nature that you may
have to send or receive over the network or process as part of you work. These
include, but not limited to: files comprising Financial Results; Order Books; Sales
Data, Strategic Industrial and/or Commercial Projects; Market Research or New
Products; Production Recipe / Parameters, information relating to Personnel etc.
Given the lack of security of the Internet, you must not use it to send confidential
information or have it sent, without taking adequate measures required to avoid
its accidental release. You must also take all necessary precautions when you
send any confidential information by e-mail.
Access to GNO Confidential information may only be given to people who have a
business need to know the information.
· When you store GNO Confidential information on your Computer or on
the Local Area Network Servers, you must use software security
controls to manage and limit access to the information. Security
controls must never be set to allow unrestricted access (e.g.,
“Everyone”, “The World” etc.,) to GNO confidential information.
Please take the help of IT Department if you have difficulty in setting
security options.
· When you store GNO Confidential information on computer diskettes,
CDs and tapes, you must label them properly and protect them
against theft and unauthorized access. Always keep them in a locked
area when they are not in use.
· When you print GNO Confidential information you must protect the
information against unauthorized access. GNO Confidential
information may only be printed on a personal printer. In case if you
are forced to use a printer located an open area in GNO internal office
space, make sure that you pick up such Confidential printout material
within 5 minutes.
When you use Telephones and Fax:
· Do not use of cordless phones / parallel phones to discuss GNO
Confidential information.
· Never leave GNO Confidential messages on voice mails.
· Avoid sending GNO Confidential documents via FAX devices. If
confidential material must be sent via FAX., exercise caution to verify
the destination FAX machine's phone number and that the
information has reached the intended recipient.
Grindwell Norton Ltd., Confidential
Security Guidelines and User Charter for Computing Resources
During the course of the work, if the person employed either directly on the
payroll of the Company or on Contract through the third party shall not disclose
the Confidential information of the Company as well that of group/associate or
any other Company where Saint-Gobain has interest either directly or indirectly,
which he/she might have come across while executing the job to anyone. This
clause shall survive for a period of two years after the termination of the direct or
indirect employee contract. The Confidential information received for one project
shall not be used interchangeably with any other project.
VII. PROTECTING AGAINST COMPUTER VIRUSES
A “computer virus” is a program designed to copy itself into other programs. The
virus may also be designed to cause the loss or alteration of data on a computer, or
in extreme case, to completely disable a computer. The virus is activated when
the program “infected” by it is executed on a computer.
· Be alert to the potential dangers of accepting programs from public
sources such as internet. Do not execute a program if you are
uncertain of expected results or do not know the source of the
program.
· Always ensure that the current versions of the Anti-virus programs
that GNO has licensed (McAfee - Norton AntiVirus) is running and
enabled on your computer. If programs on your machine are
infected by virus, report the virus infection immediately to the IT
Department.
Refer to GNO's Anti-Virus intranet web page http://village.saint-gobain.com to
obtain tools for removing Viruses that are not cleaned by the software installed on
your system.
· Harmful code false alarms and hoaxes are also a problem in
networked environments. GNO employees are not to send or forward
e-mail notices concerning virus or harmful code warnings to other
employees.
· If you receive an e-mail notice about a supposed virus or harmful code
threat, you should check the Anti-Virus Internet web pages (like
http://www.mcafee.com) to see information on real and hoax
alerts.
VIII. GNO INTERNAL NETWORKS
· When connected to and using GNO internal networks, including Local
Area Networks:
Ø Do not misrepresent yourself as someone else on the network.
Ø Do not add any communication device such as a Modem to your
workstation without first obtaining permission from the IT
Department
5 6 Grindwell Norton Ltd., Confidential
 Security Guidelines and User Charter for Computing Resources
· When you need to share data files with other users on the
network, you should place the files on the Network Attached
Storage Device (SNAP Server) or at other locations maintained
for this purpose.
· You must not allow unauthenticated access programs (like
Anonymous FTP, TFTP) on your workstation. Please check with the IT
Department if you are in doubt.
· You must establish a procedure to regularly backup the files to in your
workstation to ensure that the programs or data they contain can be
recovered in the event of a hardware or software failure. The backup
media must be labeled properly and protected against unauthorized
access (i.e., stored in a locked area or cabinet).
· Operating Systems such as Windows include options which allow you
to configure your workstation to operate in Peer-to-Peer mode.
Workstations configured this way can communicate directly with each
other, share each other's resources, and simultaneously act as both a
network Client and network Server. If you have shared your
workstation in this manner, consider the following:
Ø Sharing workstation resources in Peer-to-Peer mode without
adequate security controls can easily result in allowing excessive
or undesired access to important files. For example; it is possible
for you to change the default security options and configure your
portable workstation to share its disk drives and files on a private
Local Area Network without requiring network users to enter a
valid access password. When you subsequently connect the
workstation to the GNO internal network (or to the Internet) your
workstation disk drives and files can be accessed by everyone else
on the network.
Ø If you configure your workstation to share resources in Peer-to-
Peer mode, you must select either user id access control or
password access control when defining the Share options for the
workstation disk drives and files.
Ø To check the Sharing option on your workstation; inspect the
Settings/Properties options in your DISK and FILE folders. If
you do not understand the options that are set on your
workstations; refer to the product installation manuals, or
ask for assistance from IT Department.
Grindwell Norton Ltd., Confidential
Security Guidelines and User Charter for Computing Resources
While properly configured Peer-to-Peer mode operation can be a productive
approach in private networks, connecting substantial numbers of peer mode
workstations may result in network performance degradation.
IX. EXTERNAL CONNECTIONS AND REMOTE ACCESS
Connecting GNO systems and networks to non-GNO systems and networks
through modems or direct lines, can present a very serious risk to GNO. It is
possible to expose the entire GNO network and the systems and data on it,
without even knowing you are doing so. Because of the potential risk, all such
connections between GNO and non-GNO systems and networks are strictly
controlled, and must be approved by GNO management.
If you need to connect to GNO systems and networks from outside GNO premises,
you must connect only through GNO VPN and the Secure-ID® Strong
Authentication Mechanism. Check with IT Department to use this service. If you
are in another Saint-Gobain facility that has connection to SG-Net, you will be
able to connect directly to GNO's internal network.
X. E-MAIL
Business Use:
GNO's internal e-mail system is only to be used for conducting GNO's business or
for purposes authorized by GNO management. Use is subject to audit at any time
by GNO Management.
You must never write any e-mail messages with content that you would not state
verbally or communicate by any other means (postal service, fax, etc.), since an
electronic message can:
· be stored, reused, exploited for purposes that the you did not think of
when writing it
· form proof or at least a suspicion of written proof.
Just like anywhere else, common courtesy is a basic rule in all e-mail
exchanges.
· You should write short and clear messages in order to avoid any data
overload that would affect the efficiency of this kind of communication.
· You must also apply good judgment when using personal and collective
7 8 Grindwell Norton Ltd., Confidential
 Security Guidelines and User Charter for Computing Resources
distribution lists and they must avoid sending copies to an uncalled
number of addressees.
You should stick to the following Guidelines, when using electronic mail to
communicate with people on the Internet:
· Do not send mail so that it appears to have come from
someone else.
· Do not send unsolicited advertising via mail
Security Guidelines and User Charter for Computing Resources
Furthermore, all your activities as well as data about you (sites accessed,
messages exchanged, data provided using forms, data collected without your
knowledge etc.) may be recorded by third parties and analyzed in order to deduce
your centers of interest, the company's preoccupations, etc. and used for
commercial or other purposes. Consequently you must take every care.
For statistical, quality of service and security purposes, Internet traffic is
subject to supervision, checks and regular audits by the company.

· Do not automatically forward GNO internal mail to an Internet This document describes the basic Internet usage and security measures all GNO
site employees are obligated to follow. This includes employees of all GNO Plants,
· Do not use auto reply functions to respond to your Internet Service Providers, Vendors, and others authorized by GNO management to use
mail when you are away; be sure to select the option that GNO internal computer systems.
excludes sending the notices to Internet users.
Internet access includes, but is not limited to; viewing web sites, sending and
· Do not send or reply to chain letters receiving electronic mail, transmitting or receiving files, and running Internet
· Do not use Internet to send internal business e-mail to applications.
another GNO employee. Always use the employee's GNO
Noncompliance with the principles described in this document will result
internal e-mail address.
in disciplinary action.
Finally, it should be restated that the electronic messages sent from one Saint-
Gobain Group entity to another are, generally, considered to be secure. In most Security:

other cases, electronic messages transit over the Internet and can therefore be As we use the Internet to connect with our customers, suppliers and other
intercepted, displayed, stored, modified and used for other ends by third parties, organizations, it is important to remember the following points:
at any time.
· The Internet is used by millions of people worldwide, not all Internet
XI. THE INTERNET
users have GNO's best interests in mind.
Introduction:
· You should presume that any unprotected information sent across the
The Internet is a rapidly growing and important resource for GNO. Effective use of
Internet will be read by a number of unknown people.
the Internet can provide a competitive advantage to us in the form of new
business opportunities, information gathering, improved external · GNO's information, computing assets, and corporate image on the
communications, and increased customer responsiveness. The GNO Internet Internet are critical to our success, and as a result, must be protected
presence is a reflection of our corporate image, and this must be considered in all from loss, modification or destruction.
our Internet activities.
Privacy:
Internet access from within the GNO Network is a tool made available to you for
business purposes. You must therefore make appropriate use of it. This access is All electronic documents created or stored or communicated using GNO's
provided so that you can visit websites around the world in the company's name, computers are the property of GNO. GNO may access documents or
for it must be remembered that when a user from the company network browses communications stored on its property or in its systems whenever
the web, he/she is identified under the "Saint-Gobain" name to outside computer warranted by business need or legal requirements; and reserve
sites. the right to monitor its systems for accounting purposes, to ensure proper

Grindwell Norton Ltd., Confidential 9 10 Grindwell Norton Ltd., Confidential

 Security Guidelines and User Charter for Computing Resources
use, and to detect violations. Employees should not expect that their
communications using the company's systems are private.
Conduct
When Accessing the Internet from a saint-gobain.co.in or saint-gobain.com
address designation:
· Adhere to GNO's Business Conduct Guidelines
· Adhere to the security and usage guidelines defined in this document
· Use only services you have authorization to access. Do not try to get
into open Internet System or server ports without prior authorization
· Don't misrepresent yourself
· Do not place any material on the Internet that would be considered
inappropriate, offensive or disrespectful to others, and do not access
such material
Intellectual Property Rights
You must obtain the necessary prior authorization, if you wish to reproduce or
distribute over the network, including the Intranet, any published press article,
book excerpt, photograph, trademark (name or logotype), drawing or model
(shape of an object) etc…
Any information sent, received or stored on a station or a server belonging to the
company remains the company's property.
When uploading materials to the Internet:
· Ensure that any GNO copyright documents transferred via the
Intranet clearly indicate our company as holder of the copyright. GNO
employees must comply with all applicable licensing agreements and
copyrights when uploading any GNO or OEM software products to the
Internet.
When downloading materials from the Internet:
Most information and software that is accessible on the Internet is subject to
copyright or other intellectual property right protection. Therefore, nothing
should be copied or downloaded from the Internet for use within GNO unless
express permission to do so is stated by the material owner.
Grindwell Norton Ltd., Confidential 11
Security Guidelines and User Charter for Computing Resources
· Materials distributed over the Internet in the form of shareware,
often come with express requirements or limitations attached (for
example, not to be used for commercial purposes; can not charge
others f or use or distribution; subject to a copyright or attribution
notice being affixed to each copy, must distribute source code, etc.)
If there are such terms applied, you must read and understand
them before downloading the software, and make a copy of the
terms if possible. If you think that GNO will not be able to comply
with any part of the terms, do not download the material.
· GNO employees must seek assistance and approval from the
management before incorporating anything downloaded from the
Internet (or any external on-line service) into a product or material
GNO intends to distribute externally.
Inappropriate Internet Web Sites:
· Numerous Internet web sites contain or distribute material that is
objectionable in the workplace. While it is impossible to list every
possible web site or form of objectionable material, some clear
examples include:
Ø Web sites that contain sexually explicit images and related
material
Ø Web sites that advocate illegal activity
Ø Web sites that advocate intolerance for others
· GNO employees are not to access such web sites, or distribute or
obtain similar material through the Internet. Compliance with this
policy is a condition of employment.
· Questions concerning other inappropriate web sites or objectionable
material should be discussed by employees with their Sponsors.
· GNO does not routinely scan Internet web sites for inappropriate
material, nor does it attempt to maintain a complete list of
inappropriate web sites. GNO employees should not presume that
GNO approves access to all web sites not blocked by its technical
control measures.
Receiving Unsolicited E-MAIL
GNO employees holding an Internet e-mail address may be recipients of
unsolicited non-business e-mail (sometimes referred to as spam or junk-mail).
This situation is very similar to receiving unsolicited telephone calls or unsolicited
postal mail.
12 Grindwell Norton Ltd., Confidential
 Security Guidelines and User Charter for Computing Resources
· The easiest, and generally most effective response to unsolicited
e- mail is simply to ignore the mailing.
· Many times, such mails (especially news letters) have
“Unsubscribe” option at the bottom. Use this option if you don't want
to continue receiving such mails
· You can also setup Rules in your mail client (like Outlook) to
automatically delete spam mails upon their receipt.
Personal Use:
Access to the Internet from the saint-gobain.co.in or saint-gobain.com business
address designation is to be for GNO business-related activity. However; access
to Internet Services for personal use during normal work hours is allowed if such
use is clearly insignificant as compared to your business use. In addition,
personal use during or outside of normal work hours must;
· not interface or compete with GNO business,
· not interfere with your job or the jobs of other GNO employees,
· not interface with the operation of GNO's Mail Servers and Internet
gateways,
· comply with the security and use guidelines described within this
document.
Questions concerning personal use of Internet services and GNO computing
resources should be discussed with your Sponsor.
XII. Document Availability:
This document is available on the GNO Intranet at :
http://village.saint-gobain.com
Grindwell Norton Ltd., Confidential
Security Guidelines and User Charter for Computing Resources
Part 2 - Computer User Charter
an
I. PRINCIPLES:
1. This Charter applies to all those employees of GNO who, to carry out the
mission entrusted to them, are required whether directly or indirectly to
organize, put in place, modify or use GNO's Computing Resource
2. It also applies to all those who, although not on the payroll of GNO, are
required, while working within or in the interests of GNO, whether
directly or indirectly, to organize, put in place, modify or use its
Computing Resources (Trainees, Service Providers, Customers,
Subcontractors, Personnel from Group Companies, Consultants et al.).
Note:
Respective officers of GNO, with whom such persons have signed a
contract or are in contact, must inform them of the existence and
content of this Charter.
3. All such users covered by this Charter, must give a written acceptance to
the rules set out here.
II. GENERAL:
All Hardware and Software provided to the Users:
· form an authorized means for accessing the GNO's IT systems and its
communication networks
· are intended for professional use on an individual and by name basis
· are company's property and are set into service under the User's
responsibility.
The use of these resources in a configuration or an environment that does not
conform to the intended purpose may have serious consequences on the integrity
and security of the company's IT systems, resources and networks.
4 Reference to GNO Computing Resources include but not limited to: Personal Computers,
Workstation, Mobile Computers, Personal Digital Assistants (PDAs), Servers, Local and
Wide Area Networks, Operating / Application Software, Tools / Utilities, Services like
Internet Access, e-mail etc.,
5 Reference to Service Providers in this document is to be understood to mean all
Organizations / Individuals authorized by GNO management and deployed either On-Site
or Off-Site to provide IT related Services like Facility Management, Help Desk, Network
Services, Application Support etc.,toGNO.
13 14 Grindwell Norton Ltd., Confidential
 Security Guidelines and User Charter for Computing Resources
III. PROTECTION AND SECURITY OF RESOURCES AND NETWORKS
1. General rules
Preserving the security and the integrity of the resources and networks is a
priority and is one of the user's responsibilities for that part of the system
entrusted to them.
Consequently, the user must not under any circumstances take part in any of the
activities listed below:
· Loading, storing, publishing, releasing or distributing, by means of
the company's resources, any documents, information, pictures,
videos, etc. that:
Ø have violent or pornographic content or that are contrary to good
taste or are likely to affect respect for persons, their dignity, or
relating to the protection of children,
Ø are libelous or generally illicit,
Ø affect the company's resources and more particularly the integrity
and preservation of the company's data,
Ø affect the image of the Saint-Gobain Group, whether internally or
externally.
Accessing web servers that cover these subjects is forbidden due to the risk of
seeing the user's e-mail address reused in mass mailings comprising illicit
attachments. If the user does receive such transmissions, against their will, they
are bound to destroy them immediately.
The user must also refrain from:
· Using the company's resources for the purposes of harassing,
threatening or insulting and, more generally, to violate applicable
rights.
· Making copies of software or introducing or installing software or
hardware themselves, of whatever kind, that are protected by
intellectual property laws, without requesting and receiving prior
authorization from the IT Department.
· Knowingly loading or transmitting files that contain viruses or altered
data.
· Falsifying the source of any elements contained in a file.
· Sending mass messages (with more than 20 addressees, other than
when using the company's distribution lists for business reasons) or
chain messages (messages received individually as part of a collective
Grindwell Norton Ltd., Confidential 15
Security Guidelines and User Charter for Computing Resources
distribution process with an invitation to re-send them collectively).
· Using the company's resources in such a way as to hinder access by other
users.
· Masking their own identity when using their account.
· Using an account other than his/her own.
The user will immediately inform his/her sponsor and the IT department of any attempt
to violate the security of their account and more generally, of any anomaly that they
may observe while using or operating resources and networks.
The user will refrain from:
· Modifying any data sent to them, except with prior authorization, when this
modification is not a part of their professional assignments, gaining
knowledge of any information not destined for them, or copying, modifying
or destroying such information.
· Requesting access rights that are more extensive than those required to
fulfill their own task.
· Releasing the passwords for "administrator" accounts to people who do not
require this knowledge to fulfill their task.
Users are reminded that some of the above mentioned activities may represent
violations of a penal nature.
The company reserves the ability to perform regular checks and inspections in order to
ensure the security of information systems and networks.
1. Security measures
In order for GNO to implement a first level of protection, users must comply with the
following set of basic rules:
· Rule 1: Always set a password when they are asked to.
· Rule 2: Regularly change passwords even if no automatic request for
change is made. Avoid the use of trivial passwords such as common words,
first names, dates of birth, simple set of numbers (123456). Regarding this
aspect, users may refer to the guidelines described earlier in this
document.
Rule 3: Never lend their own identifier/password.This practice is
16 Grindwell Norton Ltd., Confidential
 Security Guidelines and User Charter for Computing Resources
however acceptable during maintenance operations.Whenever
possible, password entry by the account owner themselves is preferred.
· Rule 4: Specifically protect their own, GNO and Group
confidential information.
· Rule 5: Run an anti-virus application check on any document from
outside of the company.
· Rule 6: Never disable the anti-virus protection on stations (whether
fixed or mobile) and on servers and perform the automatic (networked
systems) or voluntary (mobile systems) updates regularly and in the
event of any alert.
· Rule 7: Never leave a station (or a server) where a current session is
accessible (screen save with password protection after 10 minutes of idle
time).
· Rule 8: Never answer e-mail mass mailing or chain letters.
· Rule 9: Shut down the systems using the appropriate menu and not
through the power switch in order to close sessions clean (except in cases
of technical lockup).
· Rule 10: Switch-off / Log-off every night when leaving the office.
· Rule 11: Never leave computer media containing confidential data freely
available in an open office (diskettes, cassettes, CD-Rom, etc.).
· Rule 12: Never forget to retrieve any sensitive documents sent, printed
or copied from the fax, printer or photocopier.
· Rule 13: Never install any hardware, software or application program on
the information systems and networks without first informing, receiving
the approval and the assistance of IT department.
· Rule 14: Taking all necessary physical measures necessary to protect the
hardware from theft, especially by locking the storage cabinets or
drawers used and the offices even during short absences.
· Rule 15: If any hardware is stolen, inform the Sponsor / IT / Insurance
Departments immediately.
· Rule 16: Complying with the application introduction sequence (whether
developed in-house or purchased off the shelf) by development
environment, test/acceptance and production, and only in this order.
Grindwell Norton Ltd., Confidential 17
Security Guidelines and User Charter for Computing Resources
3. Vigilance
Every user is required to warn of any attempt to violate the integrity of their
workstation, their files or data and their e-mail, as soon as they become aware of
it, by declaring this to the IT Department.
IV. APPLYING THE USER CHARTER
Every user of the resources made available to them by GNO commits to applying
this Charter and any specific charter that they may be provided with depending on
the equipment entrusted to them (such as a workstation or a mobile computer).
Inspection audits may be performed within the limits and under the conditions set
out in this document.
GNO commits to implementing all necessary means compatible with technical
state-of-the-art practice, to ensure the best possible security of the installations
made available to users.
V. SANCTIONS
Users are personally liable if they do not comply with the security measures called
for in this Charter from the moment that it is proven that the failures are
personally attributable to them. The sanctions laid out in the GNO internal
regulations will be applied in an appropriate way and proportionally to the
failings, to parties who break these rules.
VI. PUBLICIZING THIS CHARTER AND ITS APPLICATION
All applicable GNO staff in the rolls of the company as of 1 st September
2003, have been made aware of this Charter through individual
communication from HR Department.
· This document is also published on the GNO Intranet at :
http://village.saint-gobain.com
· All new staff joining beyond 1 st September 2003, will be provided with
this document by HR Department, and are required to sign their
acceptance as a part of the joining formalities
· All non-GNO personnel, to whom this Charter applies, have been
made aware of this Charter through individual communication from
respective officers of GNO, with whom such persons have signed a
contract or are in contact.
18 Grindwell Norton Ltd., Confidential
 Security Guidelines and User Charter for Computing Resources

Security Guidelines and User Charter

for Computing Resources

User Acceptance
· I hereby confirm that I have read and understood the
contents of this document.
· I accept to abide by the Rules set out in this document
concerning the usage and protection of GNO's Computing
Resources.
· I understand that I am personally liable if I do not
comply with the security measures called for in the User
Charter from the moment that it is proven that the
failures are personally attributable to me.

Signed : .........................................................Date :..........................

Name : ...............................................................

Employee No. : .............................................................

For non-GNO personnel :

Name : ...............................................................

Organization : ...............................................................

Contract Ref : ...............................................................

Grindwell Norton Ltd., Confidential 19