EEO POLICY STATEMENT AND POLICY AGAINST NON-

DISCRIMINATION AND SEXUAL HARASSEMENT AT

WORKPLACE

NTL (USA) -HRO/Apr’18

EEO POLICY STATEMENT

NIIT Technologies Limited and NIIT Technologies Inc. ( Company) provides equal employment
opportunities (EEO) to all employees and applicants for employment without regard to race,
color, religion, gender, sexual orientation, gender identity or expression, national origin, age,
disability, genetic information, marital status, amnesty, or status as a covered veteran in
accordance with applicable federal, state and local laws. Company complies with applicable
state and local laws governing non-discrimination in employment in every location in which the
company has facilities. This policy applies to all terms and conditions of employment,
including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer,
leaves of absence, compensation, and training.

Company expressly prohibits any form of unlawful employee harassment based on race, color,
religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic
information, disability, or veteran status. Improper interference with the ability Company
employees to perform their expected job duties is absolutely not tolerated.

1.0 OBJECTIVE:

1.1 NIIT Technologies Limited and NIIT Technologies Inc. (Company) is committed to providing a
work environment, free from harassment of any kind especially from sexual harassment. We
respect dignity of everyone at our workplace, whether they are NIITians or our clients. We
require all NIITians to make sure that they maintain mutual respect and positive regard
towards one another.

2.0 PURPOSE:

2.1 The purpose of this document is to specify

a. A clear definition of sexual harassment and related retaliation

b. A procedure to follow when an employee is believed to violate the Policy

NTL (USA) -Internal Page 1

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

c. Define practice to ensure all allegations are investigated and dealt with effectively and
appropriately so that we preserve a healthy working culture.

3.0 SCOPE:

3.1 The policy extends to all employees of NIIT Technologies Limited, NIIT Technologies Inc.
and NIIT GIS Limited and is deemed to be incorporated in the service conditions of all
employees with immediate effect.

Note: “Employee” means any person on the payrolls of the Company including those on
deputation, training, contract, temporary, part time or working as consultants.

4.1 DEFINITION OF DISCRIMINATION & SEXUAL HARASSMENT

Discrimination is the treatment of a person less favorably than others have been, or should be
treated, based on characteristics race, color, religion, gender, sexual orientation, gender
identity or expression, national origin, age, genetic information, disability, or veteran status
and Sex.
1 Although a form of discrimination, sexual harassment is dealt with in more detail in a
separate policy statement.
2 It is important to note that treatment that may be perceived as “unfair” may not
necessarily be unlawful or a violation of Company policies. Employment actions may be
perceived by the employee as harsh, insensitive or unjust, but they do not become
unlawful under the above laws or violate the Company’s policies unless the unfair
treatment is motivated in part because of a person’s protected status.

Harassment of a person based upon that person’s protected status is a form of discrimination
and is also unlawful. While it is not possible to list all circumstances that may be considered
to be impermissible discrimination or harassment, some examples of conduct that may
violate the CDPH Non-Discrimination and Harassment Policy includes, but is not limited to,
the following:
• Making derogatory comments, slurs, jokes, remarks, rumors, or epithets;
• Displaying objects, cartoons, pictures or posters of a derogatory or discriminatory nature;

NTL (USA) -Internal Page 2

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

• Treating an individual differently based on the individual’s membership in one of the

protected classes described above;
• Hazing of employees;
• Implying or actually withholding support for appointment, promotion, transfer, or change of
assignment; initiating a rejection during probation or adverse action without a justified
nondiscriminatory business related reason;
• Displaying, transmitting, or forwarding Internet material of a discriminatory and/or offensive
nature;
• Engaging in reprisals or threats against anyone who opposes discriminatory, harassing or
offensive behavior.
4.1 Explanation 1: Unwelcome “sexually determined behavior” shall include but not limited to the
following instances:
a. where submission to or rejection of sexual advances, requests or conduct is made either
explicitly or implicitly a term or condition of employment or as a basis for employment
decisions; or such advances, requests or conduct (whether direct or implied) have the purpose
or effect of interfering with an individual’s work performance by creating an intimidating,
hostile, humiliating or sexually offensive work environment.

4.2 Explanation 2: Creating a “hostile work environment” means:

a. Creating a workplace where Sexual Harassment may go unheeded, where despite complaints
no action is taken, and where complainant is placed under fear, disadvantage or threat of
victimization.

b. It will also mean Retaliation which includes;

 Marginalizing someone in the workplace with regard to his/her roles and responsibilities
 Socially ostracizing
 Intimidating someone physically, psychologically, emotionally or someone close to or
 related to the victim
 spreading rumor

c. And any other behavior that may commonly be construed as retaliatory

NTL (USA) -Internal Page 3

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

4.3 Explanation 3: In addition the following are some examples of conduct which if unwelcome, may
constitute sexual harassment depending upon the totality of the circumstances including the
severity of the conduct and its pervasiveness:
a. Unwelcome sexual advances -- whether they involve physical touching or not;
b. Sexual epithets, jokes, written or oral references to sexual conduct, gossip regarding one's
sex life; comment on an individual's body, comment about an individual's sexual activity,
deficiencies, or prowess;
c. Displaying sexually suggestive objects, pictures, cartoons, displaying body parts;
d. Unwelcome leering, whistling, brushing against the body, sexual gestures, suggestive or insulting
comments
e. Inquiries into one's sexual experiences;
f. Discussion of one's sexual activities.
g. Abuse of authority (Quid Pro Quo) - demand by a person in authority, for sexual favours in
exchange for work related benefits (e.g. a wage increase, a promotion, training opportunity, a
transfer or the job itself).
h. The behavior that creates an environment that is intimidating, hostile, or offensive for members
of one sex, and thus interferes with a person's ability to work.

5.0 POLICY STATEMENT:

5.1 NIITians will maintain high standards of dignity, respect and positive regard for one another in
all their dealings.

5.2 NIITians will understand and appreciate the rights of the individual to be treated with dignity.

5.3 NIITians are required to maintain a work environment, which is free from any kind of
harassment.

5.4 NIITians will refrain from committing any acts of sexual harassment at workplace.

5.5 Allegations of sexual harassment will be dealt seriously, expeditiously, sensitively and with
confidentiality.

NTL (USA) -Internal Page 4

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

5.6 NIITians will be protected against victimization, retaliation for filing or reporting a complaint
on sexual harassment and will also be protected from false accusations.

6.1 RESPONSIBILITIES:

Employee: Any employee who believes that a supervisor’s, manager’s or other employee’s
actions or words constitute unwelcome harassment has a responsibility to report or complain
about the situation as soon as possible to the department head or Sexual harassment Redressal
Committee (SHRC-US) at shrcUS@niit-tech.com

Managers, Supervisors and Departmental Heads: As soon as the departmental head receives any
such complaint of sexual harassment, he /she should inform in writing to the SHRC immediately for
further action.

 Managers and supervisors may create liability (against Company, themselves, or both) for acts
of discriminatory and harassing conduct occurring in the workplace, if the managers and
supervisors know or should have known of the conduct, unless they can show that they took
timely and appropriate corrective action. Ignorance of discriminatory activity is not an
acceptable defense for inaction of a manager or supervisor if, through reasonable care, they
should have been aware of the conduct.
 Managers and supervisors may create liability for discriminatory or harassing acts by non-
employees where the managers and supervisors know or should have known of the conduct
and fail to take timely and appropriate corrective action. In reviewing these cases, the extent
of the managers’ and supervisors’ control, and any other legal responsibility which they may
have with respect to the conduct of such non-employees, will be taken into consideration.
 Managers and supervisors who are aware of discriminatory conduct, even if the occurrence is
not directly within their line of supervision or responsibility, have the obligation to immediately
and concurrently report the harassment to the SHRC-US.
 Managers and supervisors who engage in harassing or retaliatory conduct may be held
personally liable for such conduct. Managers, supervisors, or employees who engage in
discrimination, harassment or retaliation will also face discipline, up to and including
termination of employment.
 Managers and supervisors must:

NTL (USA) -Internal Page 5

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

a) Provide a discrimination-free work environment, and take proactive steps to communicate to

the subordinates that discrimination and harassment in the workplace will not be tolerated;
b) Ensure that all of their subordinate employees are informed of the Company’s policy against
discrimination and harassment and its discrimination complaint process;
c) Ensure that their subordinate employees are not discouraged from filing complaints (formal or
informal) so that complaints may be investigated in a thorough, confidential manner;
d) Set an example by their own behavior and let others know that they support the Company’s
policy and will take appropriate corrective action if discrimination occurs;
e) Ensure that all employees attend training at least once every three years to make them
aware of (1) conduct that is discriminatory, and (2) the consequences of such conduct;
f) Immediately report all discrimination complaints to the SHRC-US even if the complainant
does not want you to proceed;
g) Take all complaints seriously. Do not shrug off or minimize the complaint, or otherwise
discourage employees from reporting such complaints;
h) Monitor the workplace to identify subtle discriminatory conduct or behavior;
i) Strictly follow directions and instructions from the SHRC-US, that office being charged with
oversight and control over all complaints or incidents of discrimination. Do not initiate any
investigation unless specifically directed to by the SHRC-US;
j) Consult with the SHRC-US office prior to taking any action in order to determine the
appropriate action(s) to take;
k) Promptly initiate appropriate action, as directed by the OCR and executive level management,
to remedy a discriminatory situation in a manner that will protect the complainant,
respondent, and other employees, and to prevent further discriminatory acts or harassment
from occurring; and
l) Protect the employee(s) complaining of discrimination from any form of reprisal or retaliation.

CONSEQUENCES

Managers and supervisors who become aware of discrimination, harassment, or retaliation and do not
take immediate and appropriate corrective action will be held accountable. Failure to adhere to the
above responsibilities will result in appropriate corrective and/or disciplinary action, up to and
including dismissal from State service, regardless of job level or classification. In addition, individuals
may be sued in their personal capacity, and could be required to provide for the cost of their own
defense.

NTL (USA) -Internal Page 6

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

SHRC: The Company will have a complaints committee set up to specifically to address any
complaint of sexual harassment. The Committee will comprise at least of three members centrally, of
which at least one would be a woman and two location specific members of which one would be a
woman. The location specific committee members will include the location HR head and one member
nominated by the Centre Head. While the centrally nominated members will review all cases of sexual
harassment reported within the Company, involvement of the location specific members will be
determined by the location at which the complaint is registered (i.e. location of the complainant).

In addition to handling a complaint of sexual harassment, the committee may also co-ordinate
preventive activities within their respective locations to create a sexual harassment free
atmosphere via:
 Information Mailers
 Circulating Articles on the same, from time to time

Confidentiality:
The company will do everything consistent with enforcement of this policy and with the law to
protect the privacy of the individuals involved and to ensure that the complainant and the accused
are treated fairly. Information about individual complaints and their disposition is considered
confidential and will be shared only on a “need to know” basis.
RETALIATION
Retaliation is an adverse employment action taken as a result of an employee participating in a
protected activity. The Company prohibits retaliation against anyone for reporting discriminatory
activity or harassment, registering a complaint pursuant to the policy, assisting in making a
discrimination complaint, or cooperating in an investigation. Some examples of conduct which may
violate the Company retaliation policy include, but are not limited to the following:

• Termination, demotion, disadvantageous transfers or assignments, refusals to promote, threats,

reprimands, negative evaluations;
• Co-worker hostility or retaliatory harassment, including intimidation, gossip, rumors, insults, or
otherwise offensive conduct that would subject a person to public ridicule or humiliation;
• Any action or combination of actions that are reasonably likely to materially and adversely affect an
employee’s job performance or opportunity for advancement.

NTL (USA) -Internal Page 7

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

Anyone experiencing or witnessing conduct they believe to be retaliation should immediately inform
the SHRC US. Complaints of retaliation will be promptly investigated. If retaliation is substantiated,
appropriate disciplinary action, up to and including possible dismissal, will be taken.
A complaint relating to retaliation for the filing of a discrimination complaint may be filed directly with
the SHRC US.

CONSEQUENCES
An employee found to have engaged in discrimination, harassment, or retaliation will face formal
adverse action up to and including dismissal, regardless of job level or classification. Employees do not
necessarily need to violate State or federal discrimination laws, regulations, rules, guidelines, or
executive orders to be in violation of the Company’s policy. All employees will be held accountable for
their conduct, and any employee who fails to adhere to the Company’s policies will be subject to
inquiry or investigation. If it is determined through the investigation process that a violation of the
Company’s policy has occurred, the Company will take immediate and appropriate action up to and
including dismissal.

6.0 COMPLAINTS COMMITTEE:

6.1 The Central members of the Committee & SHRC shall be as under:

 Dheeraj Bhardwaj
 Vicki Williams
 Sheeja Thomas
 Deepa V. Mukherjee
 S. Viswanathan
 Bhaskar Chavali
 Ranjeev Anand
 Nadeem Khan
 Babita Karki
 Surabhi Sharma
 Lalit Sharma

NTL (USA) -Internal Page 8

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

6.2 The Committee may appoint a third party for his/her advice, if it deems necessary. The
committee will be re-constituted in case any of the above members are unavailable due to
any reason, what so ever. The re-constituted committee will be as per the norms given below:

 Presiding Officer, who shall be a woman employed at a senior level at workplace from
amongst the employees
 At least one-half of the total Members so nominated shall be women

6.3 The complaints committee email id will be shrcUS@niit-tech.com.

6.4 In case any committee member happens to be Manager/Supervisor of the complainant or the
person against whom the complaint is made, he/she shall not act as a member of the
Committee for that respective matter.

6.5 For the purpose of making inquiry, the Complaints Committee shall have the powers in
respect of the following matters, namely:—

 summoning and enforcing the attendance of any person and examining him or her on
oath;
 investigating, inquiring, cross examining any person ;
 directing the discovery and production of documents; and
 any other matter which may be prescribed.

7.1 GUIDELINES FOR COMMITTEE MEMBERS:

The committee members, HR representatives and reporting managers will be provided necessary
training inputs to handle such issues effectively and with the required sensitivity and concern.
 The first responsibility of SHRC is to believe in the reality of the complaint.
 To empathize with the complainant and does not judge him/her by their moral standards.
 Formalize and publicize complaint procedures that are easy and non-threatening.
 Provide safety for friends and supporters of the complainant.
 To organize a formal meeting with the accused.
 Treat the complainant with respect.
 To gather all witnesses of the incident.

NTL (USA) -Internal Page 9

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

 Consult the complainant for punitive action.

 If the management does not accept the recommended action, it should give three valid
reasons.
 Help the complainant regain his/her self-respect.

8.0 REDRESSAL PROCESS:

8.1 If any of NIITian believes that he or she has been subjected to sexual harassment, then the
complaint / grievance should be reported in writing to the SHRC within 30 days from the date
of occurrence of the alleged incident a shrcUS@niit-tech.com. If the complaint is made orally,
the Complainant will be requested to confirm the complaint in writing compiled by SHRC and
sign it.
8.2 All complaints / grievances of sexual harassment will be taken seriously, hearing will be held in
strict confidence and the incident will be investigated promptly in an impartial manner. The
accused or witnesses should not be victimized or discriminated against while dealing with
Complaints.
8.3 The Committee will hold a meeting with the Complainant within 10 working days of the receipt
of the complaint. The Committee, or a minimum of 3 members of the full Committee, will meet
with the Complainant latest within 7 days of receipt of the complaint. They will inform the
Complainant of this meeting date at the earliest.
8.4 At the first meeting, the Committee members shall hear the Complainant and record her/his
allegations. The Complainant can also submit any documentary proof, oral or written material,
etc., to substantiate his / her complaint. The Committee will record the proceedings of the
enquiry, and the attendance of all parties present at any of the meetings.

8.5 If the Complainant does not wish to depose personally due to embarrassment of narration of
event, a lady officer from NIIT for lady employees and a male officer from NIIT for
male employees involved shall meet the Complainant and record the statement.

8.6 Thereafter, the staff member in question will be called for a meeting with the Committee
through an email communication which will mention the fact that a complaint has been
registered against him/her and shall be given an opportunity to give an explanation
(written/oral), where after, an “Enquiry” shall be conducted and concluded. A copy of the

NTL (USA) -Internal Page 10

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

explanation submitted by the person against whom complaint is made shall be provided to the
Complainant, on his/her demand.

8.7 The Committee shall provide every reasonable opportunity to the Complainant and to the
staff member in question, for putting forward and defending their respective case. If the staff
member in question wishes to tender any documentary evidence, he/she will be requested to
provide true copies of those documents to the Complaints Committee. To ensure that the
documents are considered as true copies, parties will be required to sign the documents
submitted.

8.8 Each complaint procedure should be resolved within a period of 90 days from the complaint
and communicated to the parties involved. The Committee will complete the enquiry as soon
as is reasonably possible, and communicate its findings and its recommendations for the
disciplinary action, if any. Should the preliminary enquiry establish that the complaint does not
fall under the purview of a Committee for the Prevention of Sexual Harassment, or the
complaint does not prime facie appear to be an offence of Sexual Harassment, the Committee
may decide to refer the Complainant to the HR Head, who can look into the case taking into
consideration the principles of good conduct as laid down in the company’s Code of Conduct.

8.9 In case the Committee finds the offence is covered by law under Title of the Civil Rights Act of
1964, then this fact shall be mentioned in its report and appropriate action shall be initiated
for making a Police Complaint.

8.10 In case the complaint is found to be false, the Complainant shall, if deemed fit, be liable for
appropriate disciplinary action.

8.11 Any victimization of, or retaliation against, the complainant or any NIITian who gives evidence
regarding sexual harassment or bullying will be subject to disciplinary action up to and
including termination of employment.

NTL (USA) -Internal Page 11

 EEO POLICY STATEMENT AND POLICY AGAINST NON-
DISCRIMINATION AND SEXUAL HARASSEMENT AT
WORKPLACE

NTL (USA) -HRO/Apr’18

9.0 DISCIPLINARY ACTION:

9.1 Where the complaint Committee arrives at the conclusion that the allegation against the
respondent has been proved, it shall recommend to the management/ HR Head to take
appropriate action as regards sexual harassment as misconduct in accordance with the
provisions of the service rules.

The disciplinary action will be carried out by the concerned HR department. All related
documents will be maintained in the associate’s folder, ensuring confidentiality.

VER. PREPARED REVIEWED REVISION APPROVED RELEASE REASONS FOR NEW

S. NO.
NO. BY BY DATE BY DATE RELEASE

Rosita
1 1.0 01-Apr-13 01-Apr-2016 Baseline version
Rabindra

Annual Review/ Addition

Sheeja Dheeraj S.
2 2.0 29-Mar-18 01-Apr-2018 and Deletion of
Thomas Bhardwaj Viswanathan
Committee Members

NTL (USA) -Internal Page 12

New Ideas, More Value
TM
Acceptable Use Policy V 1.9
Acceptable Use Policy:

(Reference: Para 8.1.3 of Asset Management Policy)

Computing and Network Facilities

The computing and networking facilities include all computing platforms, including local area networks,
wide area networks, systems and applications used in NTL.

Conditions of use

 Appropriate and reasonable use of the computing and networking facilities is defined as use that
is consistent with objectives of the Company and with the specific objectives of the project or
role for which such use was authorized. NTL reserves the right to limit, restrict access to them.
 All persons using the computing and networking facilities shall be responsible for the appropriate
use of the facilities provided as specified in the “Code of Practice" section of this document.
 IT Operations shall implement Windows Bitlocker Encryption on all drives of NTL laptops. Users
should ensure that the bitlocker encryption is enabled on the drives containing critical,
personally identifiable and confidential data.
 The company recognizes the need to protect the confidentiality of information and material
furnished by clients or staff, and all computing personnel should protect the confidentiality of
such information and material.
 The Company reserves the right to restrict or limit permanently, any user's usage of the
computing and networking facilities with or without notice to the user in order to protect the
integrity of the computing and networking facilities against unauthorized or improper use, and to
protect other users.
 The Company, through authorized individuals, reserves the right to periodically check and
monitor and take any action to protect computing and networking facilities from misuse.

An action will be deemed as misuse if the user is:

 Responsible for willful physical damage to any of the computing and networking facilities;
 In possession of confidential information obtained improperly;
 Responsible for wilful destruction of information including official mails;
 Responsible for deliberate interruption of normal services provided by the computing facilities;
 Responsible for the infringement of any copyright, licensing, violation of condition for use or any
other agreements;
 Using, gaining or attempting to gain unauthorized access to accounts and passwords;
 Gaining or attempting to gain access to restricted areas without the authorization.

Code of Practice for Use

Objectionable Material

NTL’s computing and networking facilities must not be used for transmission, obtaining possession,
demonstration, and advertisement

Or

Requesting transmission of objectionable material knowing it to be objectionable material.

The material may include, but is not limited to:

© 2019 NIIT Technologies Ltd Classification - Internal Page 1

New Ideas, More Value
TM
Acceptable Use Policy V 1.9

 Material meant for entertainment.

 Pornography Material or an article that describes or depicts, in a manner that is likely to cause
offense to reasonable adults.
 An article that promotes crime or violence, or incites or instructs in matters of crime or violence.
 An article that may disturb communal harmony.

Use of Sensitive System Tools and Utilities

Unless authorized, use of sensitive system tools and utilities such as password cracking tools, network
sniffers, etc. are prohibited.

Harassment

Company policy prohibits all forms of harassment. Computing and networking facilities are not to be used
to defame, insult, or harass any other person. The following, not limited to, constitute examples of
harassment:

 Intentionally using the facilities to annoy, harass, terrify, intimidate, threaten, offend or bother
another person by conveying obscene language, pictures, or other materials, or threats of
physical harm to the recipient, or the recipient's family;
 Intentionally using the computer to contact another person repeatedly with the intent to annoy,
harass, or bother, whether or not any actual message is communicated, and/or where no purpose
of legitimate communication exists, and where the recipient has expressed a desire for the
communication to cease;
 Intentionally using the computer to disrupt or damage work done by colleagues;
 Intentionally using the computer to invade the privacy, academic or otherwise, of another
person, or the threatened invasion of the privacy of another person.

Use of Desktop/Laptop Systems

Users are responsible for the security and integrity of NTL’s information stored on their desktop/laptop
system. Users should avoid storing passwords or other information that can be used to gain access to
computing resources in a manner that could be easily accessed by unauthorized persons.

All end user systems (laptops and desktops) shall have Data Leak Prevention and Content Filtering
agents deployed to safeguard organizational information. IT Ops. Support shall ensure deployment and
monitoring for violations. Exemptions shall need to be approved by Business Heads/ IMS Head/ CISO.

Network Login Account

 Company provides a Login ID and password to every individual user to get access to the
network resources.
 You must not share your account with family, friends or any other person.
 It is recommended that you change your password every 60 days, or earlier.
 You may not use the account of any other person. If you inadvertently gain such access to any
unauthorized information, you should report it as a security incident immediately.
 In certain circumstances you may have to share an account with others where shared duties
apply. This would need specific authorization by the Information Asset Owner. In such cases all
sharers are jointly responsible for the account, but may not share with others outside the group.

Electronic Mail Facilities

© 2019 NIIT Technologies Ltd Classification - Internal Page 2

New Ideas, More Value
TM
Acceptable Use Policy V 1.9

Electronic mail is critical to the normal conduct of business. The conditions of use cover all electronic
mail systems owned by NTL, or any other electronic mail systems used from within NTL network, or
while acting in an official capacity.

Conditions of Use

1. All employees will have an e-mail account. The e-mail system will provide a single externally
accessible e-mail address for employees. The address will not contain the name of internal systems or
groups.

2. Appropriate and reasonable use of the e-mail facilities is defined as use that is consistent with
objectives of the Company and with the specific objectives of the project or role for which such use was
authorized. Electronic mail and communications facilities provided by NTL are for official
communication. Limited personal use is acceptable as long as it does not hurt the interests of the
company. NTL reserves the right to limit, restrict or extend access to them.

3. All persons using the e-mail facilities shall be responsible for the appropriate use of the facilities
provided as specified in the “Code of Practice" section of this document.

4. The company recognizes the need to protect the confidentiality of information and material furnished
by clients, suppliers or NIITians, and all users should protect the confidentiality of such information and
material. The company takes safeguard measures to protect information from losses within the NTL’s e-
mail facilities. The user must also take all reasonable measures to further safeguard against any loss of
information within the NTL’s e-mail facilities under his/her control.

5. Users of the e-mail facilities must recognize that when they cease to be formally associated with the
company, their information may be removed from NTL’s e-mail systems without notice.

6. The Company reserves the right to limit permanently, or restrict any user's usage of the e-mail
facilities with or without notice to the user in order to protect the integrity of the e-mail facilities against
unauthorized or improper use, and to protect other users.

7. The Company, through authorized individuals, reserves the right to periodically check and monitor
and take any action to protect e-mail facilities from misuse.

8. E-mails of all stakeholders and staff of Band 4 and above shall be covered by Legal Hold functionality
available in Office 365.

An action will be deemed as misuse if the user is:

 Responsible for willful physical damage to any of the e-mail facilities;

 In possession of confidential information obtained improperly. This includes transmission of
classified documents to any private email account;
 Responsible for willful destruction of information and e-mails;
 Responsible for deliberate interruption of normal services provided by the e-mail facilities;
 Gaining or attempting to gain unauthorized access to accounts and passwords;

Code of Practice

 Use of COMPANY e-mail to participate in chain letters is forbidden.

© 2019 NIIT Technologies Ltd Classification - Internal Page 3

New Ideas, More Value
TM
Acceptable Use Policy V 1.9

 The use of COMPANY e-mail in any way to facilitate the conduct of a private, commercial
purpose, gains, free offers or schemes is forbidden.
 If the COMPANY provides access to electronic mail to external users such as consultants,
temporary employees, or partners, they must read and adhere to Standards and Guidelines for
use of e-mail. The usage has to be strictly for services to NTL.
 Confidential or company proprietary information shall not be sent to private or non-NTL email
account.
 All electronic messages created and stored on NTL’S computers or networks are property of the
company, and may not be considered private.
 Users must not allow anyone else to send e-mail using their accounts. This includes their
supervisors, secretaries, assistants and any other subordinates.
 Incoming messages will be scanned for viruses and other malware content.
 As NTL’s networks and computers are the property of the company, NTL retains the right to
allow authorized NTL staff to monitor and examine the information stored within.
 It is recommended that personal confidential material not be stored on, or sent through NTL’s
equipment unless it is a clear business requirement and does not violate any regulatory
requirement.
 Users must ensure the integrity of their password and abide by guidelines on selection and
security of their password.
 As far as possible, Sensitive confidential material should be sent through the electronic mail
system after encryption or password protection.
 Transmission of Sensitive (Contract, Flow Chart, Network Diagram, IP Scheme, SOW,
Estimation, Financial Data, Customer Data, Software Requirement Specification (SRS), HLD,
LLD, any kind of Source Code, Project Plan etc. ) documents to private email accounts is
prohibited.
 Users should refrain from any sort of electronic communication activity that puts the Company
at risk or a lawsuit or financial loss.
 Users e-mailing to any person(s) outside of NTL should clearly identify the user by full name and
Designation. Additionally, the user’s official and personal telephone number should also be
provided.
 Subscription of any electronic communication distribution lists (e.g., subscriptions to stock
market updates, movie updates, weather updates that are received regularly) that are not
relevant to user’s assigned duties is strictly prohibited.
 Email facility should not be used to support, oppose, or put opinions about political issues
without prior approval from the management.

Communication Using Office 365

Office 365 services are available for staff to conduct and communicate organization business. Incidental
personal use of email or other tools is allowed with the understanding that the primary use should be
job-related, and that occasional use does not adversely impact work responsibilities or the performance
of the network.

Office 365 applications include email access, Skype for Business, Yammer and One Drive for Business.
For users having domain joined laptops, Office 365 applications (email, Skype for Business, One drive
for Business) cannot be accessed from personal machines unless the personal machine has windows 10
Professional/Enterprise edition installed and enrolled with Intune.
Users with domain joined laptops can access Office 365 services from their mobile device only after
enrolling their device through Intune (Company Portal).
Email on the mobile can be accessed only through outlook client and cannot be accessed through any
mobile native client.
One drive for business can only be accessed through One Drive client and not through any web browser.
Microsoft Teams, Microsoft Planner and Share Point is not included as part of office 365 applications.

© 2019 NIIT Technologies Ltd Classification - Internal Page 4

New Ideas, More Value
TM
Acceptable Use Policy V 1.9
Unacceptable uses of the office 365 applications include, but are not limited to, the following:

 Storage and transmission of materials that infringes on the copyright laws, including intellectual
property rights.
 Storage of data and using the office 365 applications for conducting personal business.
 Storage of data and sending / forwarding e-mails that are abusive, defamatory, derogatory,
threatening, offensive or contains obscene or indecent materials.
 Unauthorized transmission of confidential material concerning business activities.
 Creation or transmission of anonymous email messages or using someone else’s
identity/password.
 Creation or transmission of material which is designed or likely to cause annoyance,
harassment, inconvenience or needless anxiety to the recipients.
 Provide unauthorized use of organization Office 365 facilities and skype for business to third
party.
 Storage and transmission of unsolicited commercial or advertising material, chain letters, spam
mail or other junk-mail of any kind.
 Storage of data and email activities that can corrupt other users’ information or cause network
interruptions, such as unauthorized broadcasting or mass mailings.

Internet Access Facilities

Connectivity and services offered via the Internet introduce new opportunities and new risks. In
response to the risks, this document describes NTL’s policy regarding Internet security. It applies to all
who use the Internet with NTL’s computing and networking resources.

The Internet is considered a valuable company asset. Users are encouraged to make use of the Internet
and explore its uses. With such open access, employees must maintain a diligent and professional
working environment. Employees are authorized incidental use which does not interfere with the
performance or professional duties, is of reasonable duration and frequency, serves a legitimate
company interest, such as enhancing professional interests or education, and does not overburden the
system or cause any additional expense to the company.

Access to certain websites such as hacking, pornography, sports and entertainment has been blocked.
Users should not attempt to access such sites.

Conditions of Use

1. At any time and without prior notice, the company reserves the right to examine e-mail,
Internet usage, personal file directories, and other information stored on NTL’s computers. This
examination assures compliance with internal policies, promotes purposeful usage, and assists in
management of NTL’s information systems.
2. Access to the Internet from a company-owned home computer or through company-owned
connections must adhere to all same policies that apply to use from within company facilities.
3. A firewall has been placed between NTL’s computing & networking facilities and the Internet to
protect our systems. Employees must not circumvent the firewall by using modems or any other
means to obtain direct connectivity to the Internet.

Code of Practice

 Use of the Internet should primarily be for business purposes only.

© 2019 NIIT Technologies Ltd Classification - Internal Page 5

New Ideas, More Value
TM
Acceptable Use Policy V 1.9

 Posting on the Internet any information or statements regarding NTL without prior approval from
the management is prohibited.
 Users should not interfere with the performance of professional duties.
 Users should not overburden the system or cause any additional expense to the company.
 Users should not access any obscene or pornographic sites, and should not access or use
information that would be considered harassing.
 Users should not engage in any Internet activity that puts the Company at risk of a lawsuit or
financial loss.
 Posting non-business related comments or statements on any web page or sending such
messages over the Internet is prohibited.
 Entering non-business related Internet chat rooms/channels on the NTL corporate network is
prohibited.
 Users should not subscribe to any services that broadcast material via the Internet. This
includes listening to music or radio stations or receiving news and/or stock information via the
Internet.
 Users should not use any publicly available material on internet in a manner that violates the
Copyrights or trademark.
 All users who require access to Internet services must do so by using COMPANY-approved
software and Internet Proxies.
 Users are not permitted to download software from the Internet unless authorized by their
supervisors. All such requirements should be forwarded to the supervisor for authorization.
Supervisors should verify licensing requirements and intended use before authorizing such
downloading and forward the request to DLA. DLA should ensure compliance of Intellectual
Property Rights and screen the malicious content prior to installation.
 Users are strictly not permitted to use software “crack” files and license key generators to avoid
IPR Infringement issues.
 Users should not misrepresent the source of anything they post or upload or impersonate
another individual or entity, such as with "spoofing"

Working with PI (Personal Information) and SPI (Sensitive Personal Information)

The Company respects the privacy of all its employees, business partners and customers. We must
handle PI and SPI responsibly and in compliance with all applicable privacy laws. Users who handle the
personal data of other employees, clients and vendors must:

 Act in accordance with applicable law;

 Act in accordance with any relevant contractual obligations;
 Collect, use and process such information only for legitimate business purposes;
 Limit access to the information to those who have a legitimate business purpose for seeing the
information;
 Take care to prevent unauthorized disclosure.

Code of Practice

In Office

 Users should lock their computers when they leave their desk;
 Users should avoid discussing PI/SPI in person or over the telephone when they are within
earshot of anyone who does not need to know the information;
 Users must never leave PI/SPI unattended on a desk, network printer, fax machine, or copier;

© 2019 NIIT Technologies Ltd Classification - Internal Page 6

New Ideas, More Value
TM
Acceptable Use Policy V 1.9
 Users should not leave the PI/SPI in a location where it can be readily obtained by another
individual (e.g., writing one’s PI on a note affixed to one’s monitor or keyboard).
 Users should use a privacy screen if they regularly access PI/SPI in an unsecured area where
those without a need to know or members of the public can see user’s screen, such as in a
reception area;
 Users are not permitted to post SPI on company intranet, SharePoint collaboration sites, shared
drives, multi-access calendars, or on the Internet (including social networking sites) that can be
accessed by individuals who do not have a “need to know.”
 Users should physically secure PI/SPI when not in use or not otherwise under the control of a
person with a need to know;
 Users should store SPI in a space where access control measures are employed to prevent
unauthorized access by members of the public or other persons without a need to know (e.g., a
locked room or floor, or other space where access is controlled by a guard, biometrics or card
reader);
 Users are not permitted to access and use the PI/SPI for reasons unrelated to their job.
 Users should protect the unprotected PI/SPI shared by someone in the same manner, as the
PI/SPI handled by them.
 Users should ensure that PI/SPI are shredded/disposed securely.

When working from home:

 Users must access PI/SPI only via NIIT approved Portable Electronic Devices (PED) such as
laptops, phones, USB flash drives, and external hard drives,
 Users should not use personal PEDs to access, save, store, or host PI/SPI unless they log in
through the NIIT provided VPN.
 Users are not permitted to transfer files to their home computer or print company records on
their home printer.
 Users should not forward emails containing PI/SPI to their personal email account (e.g. their
Yahoo, Gmail, or AOL e-mail account) so that they can work on it on their home computer.
 Users must obtain authorization from their supervisor to remove documents containing PI/SPI
from the office.
 Users must secure their PED and any hard copy PI/SPI while working from home, and ensure
that other household members cannot access them.

When Travelling:

 Users must access PI/SPI only via NIIT approved Portable Electronic Devices (PED) such as
laptops, phones, USB flash drives, and external hard drives,
 Users should not use personal PEDs to access, save, store, or host PI/SPI unless they log in
through the NIIT provided VPN.
 When transporting laptop or PED:
 If user has to leave the PED in a car, user should ensure to lock it in the trunk so that it is
out of sight. Users should never leave their laptop or PED in a car overnight.
 Users must not store a laptop or PED in an airport, a train or bus station, or any public
locker.
 Users should avoid leaving a PED in a hotel room. If they must leave it in a hotel room, they
should lock it inside an in-room safe or a piece of luggage.
 At airport security, users should place their laptop or PED on the conveyor belt only after the
belongings of the person ahead have cleared the scanner. If delayed, users must keep an
eye on it until they can pick it up. Users should not place a PED in checked luggage.
 If the PED is lost or stolen, users must report it as per company’s Incident/Security Incident
management processes.

© 2019 NIIT Technologies Ltd Classification - Internal Page 7

New Ideas, More Value
TM
Acceptable Use Policy V 1.9

Revision History

S. Ver. Prepared Reviewed Revision Approved Release Reasons for New

No. No. by by Date by Date Release
KK Resource 23 Mar
1 1.0 IST Initial Issue
Chaudhary Head - SSB 2009
Tapan KK Resource Revision History
2 1.1 18 Mar 2010 30 Mar 2010
Chowdhury Chaudhary Head - SSB Table added
Updated “code of
Tapan KK Resource
3 1.2 23 Jun 2010 23 Jun 2010 Practice” for Email
Chowdhury Chaudhary Head - SSB
and Internet uses
Reviewed and
Arun
Resource changes made in the
4 1.3 - Kumar 25-Jul-2012 14-Sep-2012
Head - SSB document as
Anand
required
Policy included to
Arun restrict use of
Tapan 18-Sep- Resource
5 1.4 Kumar 19-Sep-2013 “Crack” files and
Chowdhury 2013 Head - SSB
Anand “License key
generator”.
Arun Policy amended to
22-Sep- Resource
6 1.5 IST Kumar 22-Oct-2014 include “Laptop
2014 Head - SSB
Anand Encryption”.
Arun
30-Sep- Resource Reviewed and no
7 1.5 IST Kumar 30-Sep-2015
2015 Head - SSB changes.
Anand
Policy amended to
Arun
17-Mar- Resource include DLP and CF,
8 1.6 IST Kumar 23-Mar-2016
2016 Head - SSB and prohibited
Anand
websites.
Arun Policy updated to
Arvind
9. 1.7 IST Kumar 24-Feb- 27-Feb-2017 include Acceptable
Mehrotra
Anand 2017 Use of Office 365
Policy amended to
Arun
28-Jan- President update Approval
10 1.7 IST Kumar 05-Feb-2018
2018 IMS Authority names for
Anand
DLP deployment.
Arun
18-April- Arvind Policy updated to
11. 1.8 IST Kumar 24-05-2018
2018 Mehrotra include GDPR clause.
Anand
1. DLA replaced with
Tarun 22-Feb- Vamsi
12. 1.9 IST 19-Mar-2019 IT Support
Malik 2019 Krishna
2. President IMS

© 2019 NIIT Technologies Ltd Classification - Internal Page 8

New Ideas, More Value
TM
Acceptable Use Policy V 1.9

replaced with IMS

Head

© 2019 NIIT Technologies Ltd Classification - Internal Page 9