TCS SBWS Governance Utility FAQs

General

Q What is the purpose of this Utility?

A We are deploying this SBWS Governance Utility (“Utility”) in order to effectively govern the work that is
being performed by you while you perform your work from a Secure Borderless Work Space (“SBWS”).
This Utility is designed to capture information required to support the timesheet-keeping and billing
process, as you are assigned to different client projects with different technical (IT) security
requirements.

Q Who is supposed to run this Utility?

A Every TCS employee and business associates, who perform their work activities on a TCS or personal
or customer provided device and who is permitted to work under the SBWS model, is required to install
this Utility in the device that they are using to perform activities enabled by SBWS.

Q Is this Utility required to be installed by associates in all Geographies? A

Yes.

Q Who should I contact if I need more information about this Utility?

A Should you have any questions regarding the same, please connect with your HR representative.

Technical

Q How often is this Utility to be run?

A The Utility is designed to start on its own after a system reboot. However, there have been cases where
this has not worked. The user is expected to check if the Utility is running after every reboot and if not,
start this manually again by double clicking on the file in the download folder.

Q Is this Utility required to be installed on a personal device if it is used to perform activities enabled by
SBWS?
A Yes, TCS employees and business associates are asked to install this Utility on their personal devices
(desktops/ laptops) if the same are used to perform any activity enabled by SBWS and the individual
has received TCS and / or customer approval to use a personal device.

Q Is this Utility required to be installed on personal mobile phones if the phone is used to respond to TCS/
Customer emails?
A No, the Utility is not required to be installed on mobile phones.

Q Can this Utility be trusted?

A The Utility has been digitally signed by TCS. User could and should verify that before execution by right-
clicking on the executable and going to “Digital Signatures” Tab. The Utility will not capture any other
usage of the device outside TCS and / or our Clients network and systems. Also, this file has been
tested by our AV vendors (McAfee and Symantec) who have updated their signatures post their testing.
If you have the updated signature file, the AV agent on your machine should not raising any alerts.

Q Will the Utility be uninstalled once normal operations are resumed, especially from Personal devices? A
You may delete the exe file after the SBWS is revoked.

Q Will this Utility install on non-Windows (e.g. Mac, Linux) and thin Client machines?
A The Utility will work on all Windows machines. Currently, the Utility for Linux or Mac machines are not
released.

TCS Confidential
Q Will the Utility have access to the content of the applications and collect such content?
A No. The Utility will only be able to determine, which application is running, but not the content of the
application or what activities the user performs.

Q Does the Utility have a keylogger feature?

A No. The Utility will not perform screen monitoring activities, either.

Q Installation steps for sbwsgovutil on Linux machines (Ubuntu/CentOS/RHEL) :

A Below Is the two Step process
1. Setup dependencies
2. Install sbwsgovutil

1. Setup dependencies

Ubuntu
Installing gtk3 library –
sudo apt-get install libgtk-3-dev
Installing openssl 1.1.1 –
sudo apt-get install openssl
Check version of openssl –
openssl version -a
Version should be 1.1.1
If not, build and deploy version 1.1.1
wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openssl/1.1.1-
1ubuntu2.1~18.04.5/openssl_1.1.1.orig.tar.gz
tar xvf openssl_1.1.1.orig.tar.gz
cd openssl-1.1.1/
./config
Make
make test
make install
Check version of openssl –
openssl version -a

RHEL/CentOS
Installing gtk3 library –
yum install gtk3-devel
Installing openssl 1.1.1 –
wget https://ftp.openssl.org/source/old/1.1.1/openssl-1.1.1.tar.gz
tar xvf openssl-1.1.1.tar.gz
cd openssl-1.1.1/
./config --prefix=/usr --openssldir=/etc/ssl
make
make test
make install
check openssl version –
openssl version

TCS Confidential
 2. Installing sbwsgovutil –

Copy sbwsgovutil.tar to your home directory.

tar xvf sbwsgovutil.tar
cd sbws
./install.sh
Running the utility.
cd <home directory>
./sbws/sbwsgovutil
Following screen should pop up.

Read the SBWS Governance Utility notice.

And ensure that “I Agree” box is checked
Enter employee number
Click on Save.
Tips - Checking if sbwsgovutil is running –
Check the contents of the sbws folder created under the sbws directory
This folder will contain the log files
Check the timestamp of the logfiles

TCS Confidential
Data Protection

Q What information is collected by this Utility?

A At the time of installation, the Utility will request from you certain authentication information (not all of
which are personal data), such as your employee id, connection model (i.e. how you are connected to
perform the work) and will auto-capture the device ID and operating system. Once installed, the Utility
will capture the device ID, operating system, the domain name and network name, and the network
connection status as well as the applications being used. The Utility is not designed to capture any
other personal information from the system. It will not collect the content of the applications, which are
running, either.

Q How will this information be used and by whom?

A The information collected will not be shared with anyone, except on a need basis with a client for whom
you are allocated to work. Within TCS access is limited to the relevant HR manager and the finance
team. We are deploying this Utility for legitimate business purposes, i.e. to be able to demonstrate
compliance with local labor laws (especially in relation to our contractual obligations to our clients); and
to ensure compliance with TCS policies of security, privacy and confidentiality of information.

Q The Utility will capture network connection status and applications being used. Does it monitor the time
spent on each application? Does it monitor the break periods?
A The Utility will not monitor what time is spent on each application, but when applications are run. The
Utility captures the time, when the user is logged on to the system, but does not differentiate between
working time and break time, which is typically supposed to be captured by an employee in the
Timesheet application of TCS.

Q For how long will the records be kept, which are created by the Utility?
A Data collected will be retained for a period of 1 year, from the date your authorisation to work from a
SBWS, such as your home, is withdrawn or cancelled and you cease to operate from the SBWS.

Q Where will the personal data, which are collected by the Utility, be stored? Who will be able to access it
within TCS?
A The data will be stored on TCS servers in India. Access to the data is limited to the HR managers and
the finance team.

Q Have you asked the opinion of the respective (European) national data protection authority for this tool?
If yes, please share it.
A The EU General Data Protection Regulation generally does not require that every data processing activity
is notified to the national data protection authority and does not require prior approval by such authority.
Where a data-protection impact assessment is mandated and indicates that processing activities
involve a high risk, which the controller cannot mitigate by appropriate and commercially reasonable
measure.
The consultation of the supervisory authority should take place prior to the processing.

Customer-Specific

Q Is it necessary to obtain an approval from the customer before installing the Utility on the customer asset
or TCS device installed with customer SOE?
A Yes, prior approval by the Customer will be required. Please follow the existing process for software
usage on customer provided assets. Client Partners can reach out to their HR Heads to seek a copy of
what should be communicated to the customer.

TCS Confidential
Q For voice projects where customer has provided their app to be directly installed on associate's mobile
phone thru which associate is involved in inbound/outbound call how will this tool apply?
A This tool will not apply to non-Windows end point systems.

TCS Confidential