Professional Documents
Culture Documents
NIIT Technologies Limited and NIIT Technologies Inc. ( Company) provides equal employment
opportunities (EEO) to all employees and applicants for employment without regard to race,
color, religion, gender, sexual orientation, gender identity or expression, national origin, age,
disability, genetic information, marital status, amnesty, or status as a covered veteran in
accordance with applicable federal, state and local laws. Company complies with applicable
state and local laws governing non-discrimination in employment in every location in which the
company has facilities. This policy applies to all terms and conditions of employment,
including, but not limited to, hiring, placement, promotion, termination, layoff, recall, transfer,
leaves of absence, compensation, and training.
Company expressly prohibits any form of unlawful employee harassment based on race, color,
religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic
information, disability, or veteran status. Improper interference with the ability Company
employees to perform their expected job duties is absolutely not tolerated.
1.0 OBJECTIVE:
1.1 NIIT Technologies Limited and NIIT Technologies Inc. (Company) is committed to providing a
work environment, free from harassment of any kind especially from sexual harassment. We
respect dignity of everyone at our workplace, whether they are NIITians or our clients. We
require all NIITians to make sure that they maintain mutual respect and positive regard
towards one another.
2.0 PURPOSE:
c. Define practice to ensure all allegations are investigated and dealt with effectively and
appropriately so that we preserve a healthy working culture.
3.0 SCOPE:
3.1 The policy extends to all employees of NIIT Technologies Limited, NIIT Technologies Inc.
and NIIT GIS Limited and is deemed to be incorporated in the service conditions of all
employees with immediate effect.
Note: “Employee” means any person on the payrolls of the Company including those on
deputation, training, contract, temporary, part time or working as consultants.
Discrimination is the treatment of a person less favorably than others have been, or should be
treated, based on characteristics race, color, religion, gender, sexual orientation, gender
identity or expression, national origin, age, genetic information, disability, or veteran status
and Sex.
1 Although a form of discrimination, sexual harassment is dealt with in more detail in a
separate policy statement.
2 It is important to note that treatment that may be perceived as “unfair” may not
necessarily be unlawful or a violation of Company policies. Employment actions may be
perceived by the employee as harsh, insensitive or unjust, but they do not become
unlawful under the above laws or violate the Company’s policies unless the unfair
treatment is motivated in part because of a person’s protected status.
Harassment of a person based upon that person’s protected status is a form of discrimination
and is also unlawful. While it is not possible to list all circumstances that may be considered
to be impermissible discrimination or harassment, some examples of conduct that may
violate the CDPH Non-Discrimination and Harassment Policy includes, but is not limited to,
the following:
• Making derogatory comments, slurs, jokes, remarks, rumors, or epithets;
• Displaying objects, cartoons, pictures or posters of a derogatory or discriminatory nature;
a. Creating a workplace where Sexual Harassment may go unheeded, where despite complaints
no action is taken, and where complainant is placed under fear, disadvantage or threat of
victimization.
4.3 Explanation 3: In addition the following are some examples of conduct which if unwelcome, may
constitute sexual harassment depending upon the totality of the circumstances including the
severity of the conduct and its pervasiveness:
a. Unwelcome sexual advances -- whether they involve physical touching or not;
b. Sexual epithets, jokes, written or oral references to sexual conduct, gossip regarding one's
sex life; comment on an individual's body, comment about an individual's sexual activity,
deficiencies, or prowess;
c. Displaying sexually suggestive objects, pictures, cartoons, displaying body parts;
d. Unwelcome leering, whistling, brushing against the body, sexual gestures, suggestive or insulting
comments
e. Inquiries into one's sexual experiences;
f. Discussion of one's sexual activities.
g. Abuse of authority (Quid Pro Quo) - demand by a person in authority, for sexual favours in
exchange for work related benefits (e.g. a wage increase, a promotion, training opportunity, a
transfer or the job itself).
h. The behavior that creates an environment that is intimidating, hostile, or offensive for members
of one sex, and thus interferes with a person's ability to work.
5.1 NIITians will maintain high standards of dignity, respect and positive regard for one another in
all their dealings.
5.2 NIITians will understand and appreciate the rights of the individual to be treated with dignity.
5.3 NIITians are required to maintain a work environment, which is free from any kind of
harassment.
5.4 NIITians will refrain from committing any acts of sexual harassment at workplace.
5.5 Allegations of sexual harassment will be dealt seriously, expeditiously, sensitively and with
confidentiality.
5.6 NIITians will be protected against victimization, retaliation for filing or reporting a complaint
on sexual harassment and will also be protected from false accusations.
6.1 RESPONSIBILITIES:
Employee: Any employee who believes that a supervisor’s, manager’s or other employee’s
actions or words constitute unwelcome harassment has a responsibility to report or complain
about the situation as soon as possible to the department head or Sexual harassment Redressal
Committee (SHRC-US) at shrcUS@niit-tech.com
Managers, Supervisors and Departmental Heads: As soon as the departmental head receives any
such complaint of sexual harassment, he /she should inform in writing to the SHRC immediately for
further action.
Managers and supervisors may create liability (against Company, themselves, or both) for acts
of discriminatory and harassing conduct occurring in the workplace, if the managers and
supervisors know or should have known of the conduct, unless they can show that they took
timely and appropriate corrective action. Ignorance of discriminatory activity is not an
acceptable defense for inaction of a manager or supervisor if, through reasonable care, they
should have been aware of the conduct.
Managers and supervisors may create liability for discriminatory or harassing acts by non-
employees where the managers and supervisors know or should have known of the conduct
and fail to take timely and appropriate corrective action. In reviewing these cases, the extent
of the managers’ and supervisors’ control, and any other legal responsibility which they may
have with respect to the conduct of such non-employees, will be taken into consideration.
Managers and supervisors who are aware of discriminatory conduct, even if the occurrence is
not directly within their line of supervision or responsibility, have the obligation to immediately
and concurrently report the harassment to the SHRC-US.
Managers and supervisors who engage in harassing or retaliatory conduct may be held
personally liable for such conduct. Managers, supervisors, or employees who engage in
discrimination, harassment or retaliation will also face discipline, up to and including
termination of employment.
Managers and supervisors must:
CONSEQUENCES
Managers and supervisors who become aware of discrimination, harassment, or retaliation and do not
take immediate and appropriate corrective action will be held accountable. Failure to adhere to the
above responsibilities will result in appropriate corrective and/or disciplinary action, up to and
including dismissal from State service, regardless of job level or classification. In addition, individuals
may be sued in their personal capacity, and could be required to provide for the cost of their own
defense.
SHRC: The Company will have a complaints committee set up to specifically to address any
complaint of sexual harassment. The Committee will comprise at least of three members centrally, of
which at least one would be a woman and two location specific members of which one would be a
woman. The location specific committee members will include the location HR head and one member
nominated by the Centre Head. While the centrally nominated members will review all cases of sexual
harassment reported within the Company, involvement of the location specific members will be
determined by the location at which the complaint is registered (i.e. location of the complainant).
In addition to handling a complaint of sexual harassment, the committee may also co-ordinate
preventive activities within their respective locations to create a sexual harassment free
atmosphere via:
Information Mailers
Circulating Articles on the same, from time to time
Confidentiality:
The company will do everything consistent with enforcement of this policy and with the law to
protect the privacy of the individuals involved and to ensure that the complainant and the accused
are treated fairly. Information about individual complaints and their disposition is considered
confidential and will be shared only on a “need to know” basis.
RETALIATION
Retaliation is an adverse employment action taken as a result of an employee participating in a
protected activity. The Company prohibits retaliation against anyone for reporting discriminatory
activity or harassment, registering a complaint pursuant to the policy, assisting in making a
discrimination complaint, or cooperating in an investigation. Some examples of conduct which may
violate the Company retaliation policy include, but are not limited to the following:
Anyone experiencing or witnessing conduct they believe to be retaliation should immediately inform
the SHRC US. Complaints of retaliation will be promptly investigated. If retaliation is substantiated,
appropriate disciplinary action, up to and including possible dismissal, will be taken.
A complaint relating to retaliation for the filing of a discrimination complaint may be filed directly with
the SHRC US.
CONSEQUENCES
An employee found to have engaged in discrimination, harassment, or retaliation will face formal
adverse action up to and including dismissal, regardless of job level or classification. Employees do not
necessarily need to violate State or federal discrimination laws, regulations, rules, guidelines, or
executive orders to be in violation of the Company’s policy. All employees will be held accountable for
their conduct, and any employee who fails to adhere to the Company’s policies will be subject to
inquiry or investigation. If it is determined through the investigation process that a violation of the
Company’s policy has occurred, the Company will take immediate and appropriate action up to and
including dismissal.
6.1 The Central members of the Committee & SHRC shall be as under:
Dheeraj Bhardwaj
Vicki Williams
Sheeja Thomas
Deepa V. Mukherjee
S. Viswanathan
Bhaskar Chavali
Ranjeev Anand
Nadeem Khan
Babita Karki
Surabhi Sharma
Lalit Sharma
6.2 The Committee may appoint a third party for his/her advice, if it deems necessary. The
committee will be re-constituted in case any of the above members are unavailable due to
any reason, what so ever. The re-constituted committee will be as per the norms given below:
Presiding Officer, who shall be a woman employed at a senior level at workplace from
amongst the employees
At least one-half of the total Members so nominated shall be women
6.4 In case any committee member happens to be Manager/Supervisor of the complainant or the
person against whom the complaint is made, he/she shall not act as a member of the
Committee for that respective matter.
6.5 For the purpose of making inquiry, the Complaints Committee shall have the powers in
respect of the following matters, namely:—
summoning and enforcing the attendance of any person and examining him or her on
oath;
investigating, inquiring, cross examining any person ;
directing the discovery and production of documents; and
any other matter which may be prescribed.
The committee members, HR representatives and reporting managers will be provided necessary
training inputs to handle such issues effectively and with the required sensitivity and concern.
The first responsibility of SHRC is to believe in the reality of the complaint.
To empathize with the complainant and does not judge him/her by their moral standards.
Formalize and publicize complaint procedures that are easy and non-threatening.
Provide safety for friends and supporters of the complainant.
To organize a formal meeting with the accused.
Treat the complainant with respect.
To gather all witnesses of the incident.
8.1 If any of NIITian believes that he or she has been subjected to sexual harassment, then the
complaint / grievance should be reported in writing to the SHRC within 30 days from the date
of occurrence of the alleged incident a shrcUS@niit-tech.com. If the complaint is made orally,
the Complainant will be requested to confirm the complaint in writing compiled by SHRC and
sign it.
8.2 All complaints / grievances of sexual harassment will be taken seriously, hearing will be held in
strict confidence and the incident will be investigated promptly in an impartial manner. The
accused or witnesses should not be victimized or discriminated against while dealing with
Complaints.
8.3 The Committee will hold a meeting with the Complainant within 10 working days of the receipt
of the complaint. The Committee, or a minimum of 3 members of the full Committee, will meet
with the Complainant latest within 7 days of receipt of the complaint. They will inform the
Complainant of this meeting date at the earliest.
8.4 At the first meeting, the Committee members shall hear the Complainant and record her/his
allegations. The Complainant can also submit any documentary proof, oral or written material,
etc., to substantiate his / her complaint. The Committee will record the proceedings of the
enquiry, and the attendance of all parties present at any of the meetings.
8.5 If the Complainant does not wish to depose personally due to embarrassment of narration of
event, a lady officer from NIIT for lady employees and a male officer from NIIT for
male employees involved shall meet the Complainant and record the statement.
8.6 Thereafter, the staff member in question will be called for a meeting with the Committee
through an email communication which will mention the fact that a complaint has been
registered against him/her and shall be given an opportunity to give an explanation
(written/oral), where after, an “Enquiry” shall be conducted and concluded. A copy of the
explanation submitted by the person against whom complaint is made shall be provided to the
Complainant, on his/her demand.
8.7 The Committee shall provide every reasonable opportunity to the Complainant and to the
staff member in question, for putting forward and defending their respective case. If the staff
member in question wishes to tender any documentary evidence, he/she will be requested to
provide true copies of those documents to the Complaints Committee. To ensure that the
documents are considered as true copies, parties will be required to sign the documents
submitted.
8.8 Each complaint procedure should be resolved within a period of 90 days from the complaint
and communicated to the parties involved. The Committee will complete the enquiry as soon
as is reasonably possible, and communicate its findings and its recommendations for the
disciplinary action, if any. Should the preliminary enquiry establish that the complaint does not
fall under the purview of a Committee for the Prevention of Sexual Harassment, or the
complaint does not prime facie appear to be an offence of Sexual Harassment, the Committee
may decide to refer the Complainant to the HR Head, who can look into the case taking into
consideration the principles of good conduct as laid down in the company’s Code of Conduct.
8.9 In case the Committee finds the offence is covered by law under Title of the Civil Rights Act of
1964, then this fact shall be mentioned in its report and appropriate action shall be initiated
for making a Police Complaint.
8.10 In case the complaint is found to be false, the Complainant shall, if deemed fit, be liable for
appropriate disciplinary action.
8.11 Any victimization of, or retaliation against, the complainant or any NIITian who gives evidence
regarding sexual harassment or bullying will be subject to disciplinary action up to and
including termination of employment.
9.1 Where the complaint Committee arrives at the conclusion that the allegation against the
respondent has been proved, it shall recommend to the management/ HR Head to take
appropriate action as regards sexual harassment as misconduct in accordance with the
provisions of the service rules.
The disciplinary action will be carried out by the concerned HR department. All related
documents will be maintained in the associate’s folder, ensuring confidentiality.
Rosita
1 1.0 01-Apr-13 01-Apr-2016 Baseline version
Rabindra
The computing and networking facilities include all computing platforms, including local area networks,
wide area networks, systems and applications used in NTL.
Conditions of use
Appropriate and reasonable use of the computing and networking facilities is defined as use that
is consistent with objectives of the Company and with the specific objectives of the project or
role for which such use was authorized. NTL reserves the right to limit, restrict access to them.
All persons using the computing and networking facilities shall be responsible for the appropriate
use of the facilities provided as specified in the “Code of Practice" section of this document.
IT Operations shall implement Windows Bitlocker Encryption on all drives of NTL laptops. Users
should ensure that the bitlocker encryption is enabled on the drives containing critical,
personally identifiable and confidential data.
The company recognizes the need to protect the confidentiality of information and material
furnished by clients or staff, and all computing personnel should protect the confidentiality of
such information and material.
The Company reserves the right to restrict or limit permanently, any user's usage of the
computing and networking facilities with or without notice to the user in order to protect the
integrity of the computing and networking facilities against unauthorized or improper use, and to
protect other users.
The Company, through authorized individuals, reserves the right to periodically check and
monitor and take any action to protect computing and networking facilities from misuse.
Responsible for willful physical damage to any of the computing and networking facilities;
In possession of confidential information obtained improperly;
Responsible for wilful destruction of information including official mails;
Responsible for deliberate interruption of normal services provided by the computing facilities;
Responsible for the infringement of any copyright, licensing, violation of condition for use or any
other agreements;
Using, gaining or attempting to gain unauthorized access to accounts and passwords;
Gaining or attempting to gain access to restricted areas without the authorization.
Objectionable Material
NTL’s computing and networking facilities must not be used for transmission, obtaining possession,
demonstration, and advertisement
Or
Unless authorized, use of sensitive system tools and utilities such as password cracking tools, network
sniffers, etc. are prohibited.
Harassment
Company policy prohibits all forms of harassment. Computing and networking facilities are not to be used
to defame, insult, or harass any other person. The following, not limited to, constitute examples of
harassment:
Intentionally using the facilities to annoy, harass, terrify, intimidate, threaten, offend or bother
another person by conveying obscene language, pictures, or other materials, or threats of
physical harm to the recipient, or the recipient's family;
Intentionally using the computer to contact another person repeatedly with the intent to annoy,
harass, or bother, whether or not any actual message is communicated, and/or where no purpose
of legitimate communication exists, and where the recipient has expressed a desire for the
communication to cease;
Intentionally using the computer to disrupt or damage work done by colleagues;
Intentionally using the computer to invade the privacy, academic or otherwise, of another
person, or the threatened invasion of the privacy of another person.
Users are responsible for the security and integrity of NTL’s information stored on their desktop/laptop
system. Users should avoid storing passwords or other information that can be used to gain access to
computing resources in a manner that could be easily accessed by unauthorized persons.
All end user systems (laptops and desktops) shall have Data Leak Prevention and Content Filtering
agents deployed to safeguard organizational information. IT Ops. Support shall ensure deployment and
monitoring for violations. Exemptions shall need to be approved by Business Heads/ IMS Head/ CISO.
Company provides a Login ID and password to every individual user to get access to the
network resources.
You must not share your account with family, friends or any other person.
It is recommended that you change your password every 60 days, or earlier.
You may not use the account of any other person. If you inadvertently gain such access to any
unauthorized information, you should report it as a security incident immediately.
In certain circumstances you may have to share an account with others where shared duties
apply. This would need specific authorization by the Information Asset Owner. In such cases all
sharers are jointly responsible for the account, but may not share with others outside the group.
Electronic mail is critical to the normal conduct of business. The conditions of use cover all electronic
mail systems owned by NTL, or any other electronic mail systems used from within NTL network, or
while acting in an official capacity.
Conditions of Use
1. All employees will have an e-mail account. The e-mail system will provide a single externally
accessible e-mail address for employees. The address will not contain the name of internal systems or
groups.
2. Appropriate and reasonable use of the e-mail facilities is defined as use that is consistent with
objectives of the Company and with the specific objectives of the project or role for which such use was
authorized. Electronic mail and communications facilities provided by NTL are for official
communication. Limited personal use is acceptable as long as it does not hurt the interests of the
company. NTL reserves the right to limit, restrict or extend access to them.
3. All persons using the e-mail facilities shall be responsible for the appropriate use of the facilities
provided as specified in the “Code of Practice" section of this document.
4. The company recognizes the need to protect the confidentiality of information and material furnished
by clients, suppliers or NIITians, and all users should protect the confidentiality of such information and
material. The company takes safeguard measures to protect information from losses within the NTL’s e-
mail facilities. The user must also take all reasonable measures to further safeguard against any loss of
information within the NTL’s e-mail facilities under his/her control.
5. Users of the e-mail facilities must recognize that when they cease to be formally associated with the
company, their information may be removed from NTL’s e-mail systems without notice.
6. The Company reserves the right to limit permanently, or restrict any user's usage of the e-mail
facilities with or without notice to the user in order to protect the integrity of the e-mail facilities against
unauthorized or improper use, and to protect other users.
7. The Company, through authorized individuals, reserves the right to periodically check and monitor
and take any action to protect e-mail facilities from misuse.
8. E-mails of all stakeholders and staff of Band 4 and above shall be covered by Legal Hold functionality
available in Office 365.
Code of Practice
The use of COMPANY e-mail in any way to facilitate the conduct of a private, commercial
purpose, gains, free offers or schemes is forbidden.
If the COMPANY provides access to electronic mail to external users such as consultants,
temporary employees, or partners, they must read and adhere to Standards and Guidelines for
use of e-mail. The usage has to be strictly for services to NTL.
Confidential or company proprietary information shall not be sent to private or non-NTL email
account.
All electronic messages created and stored on NTL’S computers or networks are property of the
company, and may not be considered private.
Users must not allow anyone else to send e-mail using their accounts. This includes their
supervisors, secretaries, assistants and any other subordinates.
Incoming messages will be scanned for viruses and other malware content.
As NTL’s networks and computers are the property of the company, NTL retains the right to
allow authorized NTL staff to monitor and examine the information stored within.
It is recommended that personal confidential material not be stored on, or sent through NTL’s
equipment unless it is a clear business requirement and does not violate any regulatory
requirement.
Users must ensure the integrity of their password and abide by guidelines on selection and
security of their password.
As far as possible, Sensitive confidential material should be sent through the electronic mail
system after encryption or password protection.
Transmission of Sensitive (Contract, Flow Chart, Network Diagram, IP Scheme, SOW,
Estimation, Financial Data, Customer Data, Software Requirement Specification (SRS), HLD,
LLD, any kind of Source Code, Project Plan etc. ) documents to private email accounts is
prohibited.
Users should refrain from any sort of electronic communication activity that puts the Company
at risk or a lawsuit or financial loss.
Users e-mailing to any person(s) outside of NTL should clearly identify the user by full name and
Designation. Additionally, the user’s official and personal telephone number should also be
provided.
Subscription of any electronic communication distribution lists (e.g., subscriptions to stock
market updates, movie updates, weather updates that are received regularly) that are not
relevant to user’s assigned duties is strictly prohibited.
Email facility should not be used to support, oppose, or put opinions about political issues
without prior approval from the management.
Office 365 services are available for staff to conduct and communicate organization business. Incidental
personal use of email or other tools is allowed with the understanding that the primary use should be
job-related, and that occasional use does not adversely impact work responsibilities or the performance
of the network.
Office 365 applications include email access, Skype for Business, Yammer and One Drive for Business.
For users having domain joined laptops, Office 365 applications (email, Skype for Business, One drive
for Business) cannot be accessed from personal machines unless the personal machine has windows 10
Professional/Enterprise edition installed and enrolled with Intune.
Users with domain joined laptops can access Office 365 services from their mobile device only after
enrolling their device through Intune (Company Portal).
Email on the mobile can be accessed only through outlook client and cannot be accessed through any
mobile native client.
One drive for business can only be accessed through One Drive client and not through any web browser.
Microsoft Teams, Microsoft Planner and Share Point is not included as part of office 365 applications.
Storage and transmission of materials that infringes on the copyright laws, including intellectual
property rights.
Storage of data and using the office 365 applications for conducting personal business.
Storage of data and sending / forwarding e-mails that are abusive, defamatory, derogatory,
threatening, offensive or contains obscene or indecent materials.
Unauthorized transmission of confidential material concerning business activities.
Creation or transmission of anonymous email messages or using someone else’s
identity/password.
Creation or transmission of material which is designed or likely to cause annoyance,
harassment, inconvenience or needless anxiety to the recipients.
Provide unauthorized use of organization Office 365 facilities and skype for business to third
party.
Storage and transmission of unsolicited commercial or advertising material, chain letters, spam
mail or other junk-mail of any kind.
Storage of data and email activities that can corrupt other users’ information or cause network
interruptions, such as unauthorized broadcasting or mass mailings.
Connectivity and services offered via the Internet introduce new opportunities and new risks. In
response to the risks, this document describes NTL’s policy regarding Internet security. It applies to all
who use the Internet with NTL’s computing and networking resources.
The Internet is considered a valuable company asset. Users are encouraged to make use of the Internet
and explore its uses. With such open access, employees must maintain a diligent and professional
working environment. Employees are authorized incidental use which does not interfere with the
performance or professional duties, is of reasonable duration and frequency, serves a legitimate
company interest, such as enhancing professional interests or education, and does not overburden the
system or cause any additional expense to the company.
Access to certain websites such as hacking, pornography, sports and entertainment has been blocked.
Users should not attempt to access such sites.
Conditions of Use
1. At any time and without prior notice, the company reserves the right to examine e-mail,
Internet usage, personal file directories, and other information stored on NTL’s computers. This
examination assures compliance with internal policies, promotes purposeful usage, and assists in
management of NTL’s information systems.
2. Access to the Internet from a company-owned home computer or through company-owned
connections must adhere to all same policies that apply to use from within company facilities.
3. A firewall has been placed between NTL’s computing & networking facilities and the Internet to
protect our systems. Employees must not circumvent the firewall by using modems or any other
means to obtain direct connectivity to the Internet.
Code of Practice
Posting on the Internet any information or statements regarding NTL without prior approval from
the management is prohibited.
Users should not interfere with the performance of professional duties.
Users should not overburden the system or cause any additional expense to the company.
Users should not access any obscene or pornographic sites, and should not access or use
information that would be considered harassing.
Users should not engage in any Internet activity that puts the Company at risk of a lawsuit or
financial loss.
Posting non-business related comments or statements on any web page or sending such
messages over the Internet is prohibited.
Entering non-business related Internet chat rooms/channels on the NTL corporate network is
prohibited.
Users should not subscribe to any services that broadcast material via the Internet. This
includes listening to music or radio stations or receiving news and/or stock information via the
Internet.
Users should not use any publicly available material on internet in a manner that violates the
Copyrights or trademark.
All users who require access to Internet services must do so by using COMPANY-approved
software and Internet Proxies.
Users are not permitted to download software from the Internet unless authorized by their
supervisors. All such requirements should be forwarded to the supervisor for authorization.
Supervisors should verify licensing requirements and intended use before authorizing such
downloading and forward the request to DLA. DLA should ensure compliance of Intellectual
Property Rights and screen the malicious content prior to installation.
Users are strictly not permitted to use software “crack” files and license key generators to avoid
IPR Infringement issues.
Users should not misrepresent the source of anything they post or upload or impersonate
another individual or entity, such as with "spoofing"
The Company respects the privacy of all its employees, business partners and customers. We must
handle PI and SPI responsibly and in compliance with all applicable privacy laws. Users who handle the
personal data of other employees, clients and vendors must:
Code of Practice
In Office
Users should lock their computers when they leave their desk;
Users should avoid discussing PI/SPI in person or over the telephone when they are within
earshot of anyone who does not need to know the information;
Users must never leave PI/SPI unattended on a desk, network printer, fax machine, or copier;
Users must access PI/SPI only via NIIT approved Portable Electronic Devices (PED) such as
laptops, phones, USB flash drives, and external hard drives,
Users should not use personal PEDs to access, save, store, or host PI/SPI unless they log in
through the NIIT provided VPN.
Users are not permitted to transfer files to their home computer or print company records on
their home printer.
Users should not forward emails containing PI/SPI to their personal email account (e.g. their
Yahoo, Gmail, or AOL e-mail account) so that they can work on it on their home computer.
Users must obtain authorization from their supervisor to remove documents containing PI/SPI
from the office.
Users must secure their PED and any hard copy PI/SPI while working from home, and ensure
that other household members cannot access them.
When Travelling:
Users must access PI/SPI only via NIIT approved Portable Electronic Devices (PED) such as
laptops, phones, USB flash drives, and external hard drives,
Users should not use personal PEDs to access, save, store, or host PI/SPI unless they log in
through the NIIT provided VPN.
When transporting laptop or PED:
If user has to leave the PED in a car, user should ensure to lock it in the trunk so that it is
out of sight. Users should never leave their laptop or PED in a car overnight.
Users must not store a laptop or PED in an airport, a train or bus station, or any public
locker.
Users should avoid leaving a PED in a hotel room. If they must leave it in a hotel room, they
should lock it inside an in-room safe or a piece of luggage.
At airport security, users should place their laptop or PED on the conveyor belt only after the
belongings of the person ahead have cleared the scanner. If delayed, users must keep an
eye on it until they can pick it up. Users should not place a PED in checked luggage.
If the PED is lost or stolen, users must report it as per company’s Incident/Security Incident
management processes.
Revision History