Training confirmation

I have read and understood the content of the training brochure (as annexed) and I
will comply with the requirement contained therein.

Name of Person Signature Date

 Satish Kumar Singh SATISH  26-JUN-2019

     

     

     

1
Working
for the
Firm
Our Values
— We lead by example. We work together.
— We respect the individual.
— We seek the facts and provide insight.
— We are open and honest in our communication.
— We are committed to our communities.
— Above all, we act with integrity.

3
Contents Page
Working in a regulated environment 6

Code of conduct 7

Ethical decision making 10

Guarding against Bribery 12

Insider Trading 14

Ethical Culture 15

Independence rules 16

Data Privacy & Confidentiality 21

Gifts & Entertainment 24

How to Report 25

Prevention of sexual harassment at workplace 27

Policy with regard to Misconduct 28

Other policies 29
4
Welcome
— Before you begin your contract with the Firm, you are required to read this
brochure and confirm to your employer that you have done so.
— The Firm is a regulated business which means there are lots of rules, regulations
and laws which the firm and you must comply with. This brochure provides you
with an overview of what’s important for you to know before you start working
with the Firm.
— In this brochure you will learn about:
− Your responsibility and the commitment required to meet the highest principles of
ethics and integrity through personal behaviours that are consistent with the Firm’s
Code of Conduct.
− How regulation affects the business we work in and how this impacts you personally.
− The channels available to you if you need advice or have to report a concern.

5
Working in a regulated
environment
— Working in a regulated environment means our work is
under constant scrutiny. Regulators act in the public
interest to ensure high standards of professional work
by our firm and firms like us. As a result we are
constantly in a bright spotlight, with our work under a
magnifying glass that is growing larger and larger.

— Working in a regulated environment means there are

strict rules about our work, what we can and can’t do
and with whom we can and can’t work. Standards are
very high and failure to comply with these rules is not
an option. There is no margin for error. Consequences
are immediate and can be severe.

— The rules exist for a reason –they are put in place to

protect those who use our services and rely on our
work to be accurate, objective, and truthful.

6
Code of conduct
— Our Code of Conduct sets out principles and
guidance to help you understand the ethical
behaviours expected of everyone who works for
us –so they become part of who you are and what
you do, part of your DNA.

— Before starting your contract, you are required to read

and be familiar with the contents of our Code of
Conduct as provided in this document.

7
Your responsibilities
All of us are personally responsible for following the
legal, professional, and ethical standards that apply to
our individual roles and responsibilities.
— Stay informed about laws, professional standards and
the Firm policies that apply to you and your work.
— Stand firm if you encounter pressure to act in a way
that compromises the values.
— Take ownership of your responsibility to uphold and
protect your and the Firm’s integrity daily.
— Raise issues if something doesn’t seem right.
— Consult with others when in doubt and to make the
best decisions.

8
Compliance with our Code
— The Firm, our clients, our regulators and the public
expect compliance with the regulations that govern
our profession. Non-compliance exposes us to legal,
regulatory and reputation risks.

— Behaviour inconsistent with our Code is

unacceptable and could result in termination of your
firm’s contract, apart from other consequences

— Failure to raise issues is also unacceptable. If you

have suspicions about unethical or illegal behaviour or
behaviour otherwise not compliant with our standards
either by Firm personnel, its clients or your firm, you
have a responsibility to report it promptly.

9
Ethical decision-making
The vast majority of us strive to ‘Do the right thing’ and maintain high ethical
standards.
Deciding right from wrong is easy when the situation is simple and straightforward.
Complex situations require more consideration especially when you are faced with an
ethical dilemma. Two or more responses to a situation could be justified, and the
differences between right and wrong may be subtle or subjective.
Recognising these situations is your responsibility.

When you are faced with unclear situations:

— Find out if there are any rules, regulations, professional standards and Firm policies to
help you –as compliance with these is mandatory.
— Consider your personal biases and perspectives.
— Look at the personal, professional, and business perspectives.
— Consult with others appropriately.
— Consultation is a sign of strength, not weakness.

10
Case studies
What would you do in these situations? Both are ethical dilemmas that have
different aspects that need to be considered.
Situation 1:
— You are sitting in the metro/train/public transport/public place, on your way into the
office, and observe someone you know is a Firm senior manager at the other end of
the carriage. You don’t know the person very well but you were introduced at an office
networking event. The person is working on his/her computer and gets up to go for
refreshments leaving his/her computer on the table –and whilst you can’t see if the
screen lock has been applied you can see that the lid has been left up. What do you
do?
Situation 2:
— You are working on a job for a mid-sized media company. In the early stages of the
engagement, you find out about the client’s intentions to make several low and mid-
level employees redundant. You happen to know one of the workers. He is a family
member; you know him well and see him several times a year. Do you warn him that
he’s about to lose his job?

11
Guarding against bribery –
Our position
We has zero tolerance for any form of bribery and
corruption. We are committed to conducting business
fairly and ethically, and avoiding even the perception that
our Firm or anyone who works for us would offer or accept
a bribe to obtain an advantage. This includes facilitation
payments, nepotism and cronyism, reciprocity, or
inappropriate gifts and entertaining.

Bribery (in all its forms) is illegal, unethical,

unacceptable and inconsistent with our Code of
Conduct and Values –even if the activities and
behaviours are permitted or tolerated in other parts of the
world.
Where you see or suspect that someone at the Firm, at a
client or anyone else you deal with professionally is
involved in bribery, you must report it immediately.

12
The consequences of non-compliance

Guarding against bribery

— Violations of anti-bribery and anti-corruption laws can result in significant civil and
criminal penalties (including fines and/or imprisonment).
— The damage to the reputations of the Firm, our clients, your firm and you personally of
getting things wrong is often severe as when cases become public they can attract
significant and damaging media and public attention.
— There are, additionally, potential personal costs for failure by you to comply with our
anti-bribery policies, including :
— Intense personal scrutiny- being interviewed and subject to forensic investigation; and
— Immediate termination of your firm’s contract with us and exclusion from future
relationships with us.
— Don’t take the risk! If you have any suspicions, report them.

13
Insider Trading
You are prohibited by law (as well as by Firm’s policies)
from insider trading. Working with the Firm will result in
your being privy to inside information which you must
never use (either yourself directly or to assist others).
Penalties for insider trading can be severe –including
substantial fines, lengthy prison sentences and the
confiscation of gains. For everyone involved, the
financial, legal and reputational damage caused is
significant.
If inside information is leaked to the media or other
external sources, there could additionally be significant
financial and reputational impact on the client as well as
on the Firm.
Inside information that you obtain during the course of a
client engagement or whilst working with the Firm is
confidential information; both the Firm and the client may
take additional legal action if you are involved in any
breach of confidentiality.
Anyone who violates our policy on insider trading is
likely to have their contract terminated without notice
and face criminal charges.
Insider Trading: The act of subscribing, buying, selling or
agreeing to subscribe, buy, sell or deal in any securities
either as principal or agent, based on Unpublished Price
Sensitive Information. References to trading include
acquiring a direct financial or material indirect financial
interest in Securities. Securities include equity and
preference shares, scripts, stocks, bonds, debentures,
debenture stock, warrants, options, derivatives and other
marketable Securities of a like nature in any incorporated
company or body corporate, and the like and include
government securities, except units of a mutual fund.
Inside information is specific Unpublished Price Sensitive
Information which relates to a relevant company or its
securities. Typically information will be ‘inside information’ if,
when made public, it may have a significant impact on the
price of the securities or investment and/or is information
which a reasonable investor would consider significant in
deciding whether to buy, hold or sell the securities or
investments.
Confidential Information: Any information that comes to
an individual's attention as a result of the individual's
association with the Firm, unless such information is
publicly available.
In addition to inside information, this includes any
information obtained in the course of your work and
includes the Firm’s knowledge, methodologies, and other
such material, as well as information about former or
current clients and other third parties. 14
Compliance with SEBI (PIT#) Regulations
2015 (“Regulations”) – Key Obligations
.
 Adherence to the Regulations and Firm’s Code of Conduct for Prevention of Insider Trading (‘Code’).

 Maintain confidentiality of information (including Unpublished Price Sensitive Information) provided in

connection with any engagement and not disclose such information to anyone either within or outside of
the Firm other than for a legitimate purpose, performance of duties or discharge of legal obligations or
for the Firm’s business.

 Not trade in the securities of the listed company/companies* involved in the engagement during the
engagement period from the time that the Subcontractor is in possession of any UPSI** or signing of
the Subcontractor agreement, whichever is earlier, and until 6 months from the issue of Subcontractor’s
final report or until the Subcontractor is in possession of UPSI, whichever is later (‘Engagement
period’).

 Provide following details and ensure details are updated, as required by the Firm for self, immediate
relatives*** and persons with whom he/she shares a material financial relationship****, as applicable
 PAN / other identifier authorized by law
 phone and mobile numbers and
 educational institutions studied and names of past employers to be disclosed on a one time basis.

 Disclosures of holdings and trading in securities for self, immediate relatives in such form and at such
frequency as may be determined by the Firm in order to monitor compliance with the Code /Regulations

#PIT – Prohibition of Insider Trading

15
 Compliance with SEBI (PIT*) Regulations
2015 (“Regulations”) – Definitions
*Listed
. entity would include:
a. entities proposed to be listed where such unlisted company has filed offer document or other documents, as the case
may be, with SEBI/ stock exchange(s)/ Registrar of Companies in connection with listing or if such unlisted company is
getting listed pursuant to any merger or amalgamation and has filed a copy of such scheme of merger or amalgamation
under the Companies Act, 2013
b. any other entity as intimated by the client in respect of which the engagement team is expected to have access to UPSI.

**Unpublished Price Sensitive Information(UPSI) means any information, relating to a company or its Securities, directly or
indirectly, that is not generally available which upon becoming generally available, is likely to materially affect the price of
the Securities and shall ordinarily include, but shall not be restricted to, information relating to the following: –
- financial results;
- dividends;
- change in capital structure;
- mergers, de-mergers, acquisitions, delisting disposals and expansion of business and such other transactions; and
- changes in key managerial personnel.

***Immediate Relative means a spouse of a person and includes parent, sibling, and child of such  person or of the
spouse, any of whom is either dependent financially on such person, or consults such person in taking decisions relating to
trading in securities.

**** ‘material financial relationship’ shall mean a relationship in which one person is a recipient of any kind of payment such
as by way of a loan or gift during the immediately preceding 12 months, equivalent to at least 25% of such payer’s annual
income but shall exclude relationships in which the payment is based on arm’s length transactions.

16
Ethical culture
— Our ethical culture is critical to our long-term business
success. Our values are our permanent driving force
and give us a moral compass to navigate through
everything we do. They define our ethical culture and
what we stand for – and they underpin our Code.
— Our ethical culture draws its strength from everyone
who works with us –including you. We are all
committed to upholding our values –it is your personal
responsibility.
— Compromising our standards of behaviour is
unacceptable. Above all, we act with integrity.

17
Why do the independence
rules exist?
Firms like us, are regulated – which means there are specific standards we must meet
while going about our work. Regulators exist to set standards and crucially to protect
clients and the public.
Part of our business is to audit the financial statements of other businesses. Users of these
financial statements want to know whether they can be relied on –and that’s where our
audit provides value. But to do this, we have to give an unbiased and professional
opinion –to be objective –and that means we (i.e. the Firm and everyone who works for
us) have to be independent.

The challenge: the independence of audit firms has been called into question time and
again.
Following the global credit crisis and subsequent economic recession, and series of
investigations on large business groups in India, our regulators (both Indian and
international) have worked tirelessly to develop and enhance the rules and regulations we
must follow –all as a means for providing the public with confidence that firms like ours can
provide an independent audit opinion.

18
Independence matters for
contractors too!
As a contractor engaged by the Firm for a specific period of time or for a specific project you will not
take on an engagement leader or engagement manager role. You can therefore expect that most of
the work that needs to be undertaken to confirm and monitor our independence will be completed by
a Firm partner or employee.
HOWEVER, you do need to know the basics for two key reasons:
— You may need, even though you are not a Firm employee and perhaps not working directly in
the audit function, to comply with the personal independence rules, and
— You need a very basic awareness of how independence affects the work we do so you can
understand the larger picture of how relationships with our clients fit together across all of Firm’s
service offerings.
This section of the brochure guides you through the key aspects of independence that you need to
know as a contractor working in and for the Firm.
You are required to be independent even though you are not an employee if your work is for
a audit client.
If you are asked to take on the role of engagement leader, speak up! Our policies prohibit
contractors from taking on such a role.

19
There are consequences for
everyone
There are consequences if you, your colleagues or the firm don’t comply with the independence rules (and Firm
policies that make the rules real for our firm). These include:
— For you personally:
− You may be removed from the engagement and your employment contract may be terminated by your firm;
− You may be subject to disciplinary action by any professional body of which you are a member;
− You may be given a personal fine by the regulators;
− You may have to dispose of investments- possibly at a loss.
— For the Firm :
− The firm’s reputation can be damaged;
− The firm may be investigated by the regulators;
− Fines can be imposed by the regulators;
− Client(s) may choose to end their working relationship with us;
− We may lose other/future work from existing and potential clients.
— The impact of getting it wrong is severe which is why we have a zero tolerance policy for failure.
— Your valuable reputation is at stake along with the Firm and your firm’s, so please take responsibility for
helping us to get independence right.

20
Personal independence
The independence rules apply to us personally because our regulators, the public, our clients and the profession want to
avoid any personal circumstances affecting, or being perceived to affect, the work that the Firm does.

Things you need to be aware of:

— If you are providing any services on our behalf to an audit or assurance client, you are prohibited from holding
shares or financial interests in that client. You may need to dispose the shares/financial interest before you
start working on such engagement. This rule also applies to your immediate family members.
— If any of your immediate or close family members work for an audit or assurance client and you are asked to work
on an engagement for that client, please consult with a member of the Ethics and Independence team.
— If you are asked to work on an audit client which is itself or part of a group registered on the Securities and
Exchange Commission (SEC) in the USA, the personal independence rules are more restrictive. Additional
restrictions apply in relation to bank accounts, credit cards, insurance policy, loans etc. If you are asked to
work on such a client you must consult with the Ethics and Independence Team before hand.
— If you are working on a Financial Services audit or assurance client (such as a bank, insurance company,
mutual fund/AMC etc) audit or assurance client, the rules are more complicated, so please consult with the Ethics
and Independence Team to make sure you are within the boundaries set for us by regulators.

The rules are complex and whilst you are not expected to be an expert on all regulatory matters you do need to be
aware of and comply with our ‘personal independence’ policies.
Immediate family: spouse (which includes your spouse equivalent whether or not you are married), and dependents (any
person who received more than half of his or her support for the most recent calendar year from the relevant individual or
his spouse or both, children and others, for example, dependent parents).
Close family: siblings, parents, and children who are not dependents.

21
Outside activities and other
relationships
— Activities and relationships we have outside the Firm can also impair our
independence.
— Activities such as acting as a company director or employee of any audit client will
result in a breach of our independence requirements.
— You must therefore disclose ALL outside activities (current or in the future) to your
employer before starting/continuing work with us.

22
Data Privacy
Definitions
“Personal Data or Information” (“PDI”) means any data or information that relates to a
living Individual (not companies or other legal persons) which either directly or
indirectly, in combination with other information available or likely to be available with
the Firm, is capable of identifying such person.

”Sensitive Personal Data or Information” (“SPDI”) means such Personal Data which
consists of information relating to (i) password (ii) financial information such as bank account
or credit card or debit card or other payment instrument details; (iii) physical, physiological
and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi)
biometric information (including ; (vii) any detail relating to the aforesaid items as provided to
the Firm for providing service; and (viii) any of the information received as provided
hereinabove by the Firm for processing, stored or processed under lawful contract or
otherwise; provided that any information that is freely available or accessible in public
domain or furnished under the Right to Information Act, 2005, or any other law for the time
being in force shall not be regarded as Sensitive Personal Data or Information.

23
Your Responsibilities – Personal &
Sensitive Personal Data
• You are required to protect the personal data and confidential information that is entrusted
to you, including that of firm’s clients.
• PDI & SPDI should be collected, stored and used only when necessary and for legitimate
business purposes.
• Only PDI & SPDI required to fulfill the legitimate business or authorized purpose should
be collected.
• For using the PDI & SPDI, prior written consent of the concerned individuals should be
obtained.
• Reasonable precautions shall be taken to secure PDI & SPDI against accidental or
unlawful destruction or loss, alteration, unauthorized disclosure or access.
• These precautions should include technical, physical and organizational security
measures, such as measures to prevent unauthorized access, that are commensurate
with the sensitivity of the information and the level of risk associated with the processing
of the PDI & SPDI.

24
Confidentiality
o Respect the confidentiality of information you acquire in the course of your work at
the Firm, and protect it in accordance with the specific policies and procedures that
the firm has put in place.
o Collect and use only the information you need to provide services to clients or to
work on the Firm’s projects.
o Use it only for its intended purpose and do not disclose or share it with third parties
without the appropriate permissions.
o Return or appropriately dispose of it as soon as it is no longer needed (subject to
retention policies).
o Never use the information for your personal advantage or the advantage of others.

25
 Gifts and entertainment
We have a No Gift Policy.

As per the Firm’s policy, Firm personnel shall not (whether directly, indirectly or through an
intermediary) offer, promise, make, solicit or accept gifts or entertainment. No gifts or entertainment
are permitted to/from any government or public official, irrespective of materiality.

The Firm policy also prohibits giving gifts to or entertaining clients, prospective clients, regulatory
authorities or suppliers. 
.

26
How to report
Although no-one wants to be in a situation that requires it, we fully respect that sometimes
people don’t feel comfortable or able to raise concerns directly. In these circumstances,
please use our whistleblowing hotline using any of the methods below.
The hotline is externally hosted, secure and can be anonymous if you choose.

Access a Web-Based reporting system at www.clearviewconnects.com

Report via post to:

Clearview Connects, P.O. Box 11017, Toronto, Ontario, M1E 1NO, Canada

Do not tolerate wrong doing. Speak up. Failure to report a suspicion can be seen
as a sign that you have supported inappropriate behaviour.
Exercise common sense and scepticism.

27
Raising your hand
To be the clear choice we must be the most trusted firm.
We will support you when raising concerns in good faith –you can report issues in good
faith without fear of retaliation or reprisal.
We all play a part in elevating our ethical culture and your responsibilities under our Code
of Conduct are: stand firm, take ownership, raise issues, and consult with others.
Failure to raise issues is unacceptable.

Why it matters:
— By displaying your integrity, you can help restore public confidence in our firm and the
industry.
— The ‘outside’ world looks at us as being ‘one firm’ and any time our name appears in
the media –good or bad –it reflects on you and everyone else at the Firm.
— Improper conduct damages our reputation, morale and culture which reduces our ability
to attract and retain the best people.

28
 Prevention of Sexual Harassment at Workplace
• The Firm is committed to providing to all its Employees an environment free of gender based discrimination. This
Policy applies to all allegations of sexual harassment made by any Employee of the Firm against another
Employee irrespective of whether sexual harassment is alleged to have taken place within or outside the Firm’s
premises
• Definitions and examples of sexual harassment
• "Employee" for the purpose of this Policy shall mean all persons employed in the Firm whether in the capacity of
an employee, partner, retainer, staff accountant, assignee, probationer, trainee, apprentice, or fixed term staff, for
any work on regular, temporary, ad hoc or daily wage basis, either directly or through an agent, including a
contractor.
• “Sexual harassment” includes any unwelcome, sexually determined behavior, direct or indirect, physical contact
and advances, a demand or request for sexual favors, sexually colored remarks, showing pornography, any other
unwelcome physical, verbal or non verbal conduct of a sexual nature.
• Sexual harassment would also include anyone or more of the following unwelcome acts or behavior (whether
directly or by implication) namely:
• physical contact and advances; or
• a demand or request for sexual favours; or
• making sexually coloured remarks; or
• showing pornography or other visual display of degrading sexual images, lurid stares, derogatory remarks, or
sounds which would be intimidating and/or humiliating ; or
• any other unwelcome physical, verbal or non-verbal conduct of sexual nature;
• If you encounter any kind of harassment at the workplace, please write to Unmesh Pawar, Head of People,
Performance and Culture.

29
 Policy with Regard to Misconduct
This Policy defines acts of misconduct and serious misconduct and stipulates appropriate action to be taken in the circumstances.
Misconduct without limitation mean the following
a) Negligence in the performance of duties of the position held;
b) Misbehavior, or a serious breach of any provision of the Firm's
Staff Manual, including the Code of Conduct contained therein, the
Firm’s policies, and/or procedures;
c) Refusal to carry out lawful and reasonable instructions which are
consistent with the services to be rendered by the Employee in
the normal course of the Firm’s business;
d) Mis-statements in the application for employment;
e) While using the social media platform for personal purposes
making any reference which could be linked to the name of the
Firm, including disclosing the Employee’s affiliation with the Firm;
f) Using an external technology platform to operate ones own
unmoderated blog for any purpose other than the purpose of
business of the Firm;
g) Writing anonymous letters to an outside agency criticizing
superiors ;
h) Doing private work or getting team members to do personal work
during official working hours;
i) Engaging in any other employment while absenting from duty;
j) Sleeping on duty;
k) Smoking on the Firm’s premises, where it is prohibited;
l) Disorderly or unruly behavior within the Firm’s premises;
m) Habitual late coming, or absenteeism, or absenting for more than
3 days at a time without proper intimation;
n) Refusal to work on another job of the same status;
o) Borrowing money from, or lending money to subordinate
employees;
p) Habitual negligence towards work assigned resulting in rejection
of the same in excess of permissible percentage;
q) Obtaining leave by mentioning false reason.
“Serious misconduct” shall without limitation mean the
following
a) Engaging in any behavior which could be deemed as sexual
harassment, under the Firm’s Policy relating to Sexual
Harassment at Workplace;
b) Willful, or deliberate behavior which is inconsistent with the
normal norms of behavior in a workplace;
c) Committing any act of theft, or fraud, whether in relation to the
Firm, or otherwise;
d) Committing any act which is likely to harm, or endanger the Firm’s
property, or cause imminent and serious risk to the health, or
safety of a person, or the reputation, or viability, or profitability of
the Firm;
e) Engaging or abetting in abuses and/or physical violence towards
any other Employee;
f) Unauthorized possession of a lethal weapon in the Firm’s
premises;
g) Being intoxicated at work;
h) Gambling within the Firm’s premises;
i) Indecent or offensive behavior within the Firm’s premises;
j) Using the Firm’s electronic system to send offensive/abusive non
work related mail to others in or outside the Firm;
k) Serious conflict of interest;
l) Damage , misuse, or acts of dishonesty in relation to the Firm’s
property and facilities;
m) Serious, or repeated bullying or abuse of another Employee;
n) Serious failure to observe the Firm’s policies, including those
relating to confidentiality, data protection and Information security.
30
 Other policies
Personal Code of Conduct
Our Firm is an employer of people with different and diverse backgrounds. Partners and Employees (including retainers, trainees, students, contingent
staff) are therefore expected to conduct themselves in a manner that promotes cooperation, mutual understanding and foster good relations with clients
and colleagues. Firm’s Employees and others acting on behalf of the Firm are entitled to respectful treatment at the workplace. Being respected means
being treated honestly and professionally with your unique talents and perspectives valued. A respectful workplace is a working environment that is free
of inappropriate behavior of all kinds and harassment because of age, disability, marital status, race, or colour, national origin, religion, sex, sexual
orientation or gender identity. We are committed to providing a workplace in which the dignity of every individual is respected. Each of us should
understand that incidents of harassment and inappropriate behavior shall not be tolerated.
It is important that you create a positive and favorable impression with clients. This can be achieved by neatness in appearance and dress, and by
being courteous, tactful, helpful, respectful and punctual.
Social media policy
The Firm has an active presence on various social media platforms, where we interact and share information. While, it is exhilarating to see the Firm
being endorsed on social media, it is also important for us to safeguard our brand and the privacy of the work we do and observe adherence to our
social media policy. To be aware of the potential risks and violations, we strongly recommend you understand the social media policy from your
performance manager and comply with the guidelines to maintain high professional standards that are associated with the Firm.
Working Hours
1. The official hours are Monday to Friday: 9:00AM to 5:30PM (30 minutes as a lunch break at any time). However, client service being of paramount
importance, employees will occasionally be expected to maintain such hours as may be necessary to meet work requirements.
2. Whilst the Firm expects a minimum of 8 hours a day or 40 hours a week, employees shall work longer hours to enable timely completion of their
assignments and servicing client needs.
3. Our offices shall remain open on Saturdays. However, to avoid surprises, it is advisable to check with Administration. The Firm will have IT and
administrative support staff available to the employees on Saturdays.
 
Formal Dress Code
The Firm strives to have the appearance of its staff reflect the quality of its work. Firm’s objective in establishing a formal dress code is to enable its staff
to project a professional image that is in keeping with the needs of its clients and customers to trust it. Visitors entering the Firm’s offices should have a
feeling of confidence in its ability to keep their records and information confidential when viewing the appearance of its staff.

31
Section
Divider –
Information
Security
© 2019 KPMG in India, an Indian Partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss
entity. All rights reserved.
32

Document Classification: KPMG Confidential

Social Engineering Attacks
 Social engineering is a technique used to trick you into disclosing valuable information
 Modes can be email (Phishing), phone call or SMS used by an impersonator
 Information sought may be firm’s data, or yours or your colleague’s personal information (contact details like email
ID, mobile no., login credentials, etc.)
 Be wary of such unsolicited requests to obtain information
 Be certain of the person’s identity and authority before disclosing any information
 If not sure of the person’s identity, call back on the number mentioned in firm’s directory. Make sure you verify their
details and then decide the course of action. If in doubt, consult with your Manager or Partner.
 Do not share any information via email to external domain, and do not respond to email solicitations for personal/
financial information
 Always check the domain name in the email address to ascertain the authenticity of source (hover the cursor over the
email id to check the domain name)
 Promptly notify the Central IT Service Desk in case you receive any social engineering call

33
Reporting Information Security
Incidents
Examples include:
Any event that compromises the
 Loss of Laptop, pen drive
Confidentiality, Integrity and
 Access Violations Report incidents via telephone to Central IT
Availability
 Malfunctioning of software/ hardware Service Desk at:
of an organization’s information
 Physical security breach Tel: +91 120 386 8444/ +91 120 711 8444
assets, is termed as an Information
 Uncontrolled system changes
Security Incident
 Social Engineering

 Report any suspicious incident or any observed/ suspected security weaknesses or violations encountered. Timely
reporting can protect organization from major impact/ problem.

Do’s… Don'ts…
Do report if: Do not:
 Company information is lost or disclosed to x Start to investigate any incident on your own
unauthorized parties x Attempt to prove a suspected weakness
 Passwords or system access controls are
compromised
 Unauthorized use of company information has taken
place

34
Information Security Do’s and
Don’ts
 Do not allow Tailgating. If someone does not have an access card, ask him/ her to report to the security desk.
 Always keep laptop in possession while travelling or use a cable lock
 Do not leave laptop in an unoccupied vehicle or in a hotel room
 Do not connect the Firm’s system to non-Firm networks
 Protect laptop from Shoulder Surfing
 Be alert to possible laptop theft while undergoing security check at airports
 In case of a virus infection, disconnect your system from all networks and contact IT Helpdesk
 Periodically connect your system to Firm network for automatic update of antivirus definitions
 Change password if you suspect that it is compromised, and report the incident to Central IT Service Desk
immediately
 Prohibited software should not to be installed on Firm workstations. Unauthorized software can be installed only
with prior approval of Firm’s National IT Security Officer (NITSO).
 Unauthorized copying/ usage of copyrighted materials like images, software, music is strictly prohibited

35
Information Security Do’s and Don’ts
 Do not disclose sensitive information on Firm systems to unauthorized persons
 Do not download contents from unidentified sources
 Do not use personal details like date of birth, anniversary dates, spouse/ children names, etc. when setting passwords
 Do not use common dictionary words in your passwords
 Do not reveal or share your password with others
 Do not leave important papers unattended on your desk
 Do not stick any written passwords on the monitor or workspace
 Do not leave electronic devices such as smartphones or removable media unattended at your desk
 Keep your desk clear of confidential documents/ sticky notes, etc. when off-work
 Keep your laptop/ desktop screen clear of confidential files/ documents and keep them inside folders
 Do not disclose any confidential information by writing it down, or storing it where it can be easily found
 Forwarding Firm or client information to personal email accounts is strictly prohibited

36
Email Security – Do’s and Don’ts
 Delete unsolicited e-mails without opening them
 Report obscene e-mails to IT Helpdesk
 Avoid entering your business email address on any suspected websites as these are often the starting point for future
spam emails
 Do not forward emails meant for internal circulation, to outside Firm network
 Do not use personal email IDs (like Gmail, Yahoo) for business purposes
 Do not click on random links in emails
 Do not send personal details to unknown sources
 Do not open attachments from suspicious sources
 Report Spam email(s) by logging an Incident with the Firm’s IT helpdesk

37
Social Media – Do’s and Don’ts
 Do not upload work related information on social media or information which may cause damage to Firm’s reputation
 Refrain from posting Personally Identifiable Information (PII) about others
 Do not use Firm email address/ other Firm details while subscribing/ posting information on social media
 Do not post Firm logo or other identifiable Firm branding on any website
 Be wary of impersonators and malicious downloads
 Do not speak on behalf of the Firm. Only Firm’s Public Relations team is authorized to do so.

IT Acceptable Use Policy (AUP)

All staff must read and understand the Firm’s IT Acceptable Use Policy (AUP)

38
Let’s make Information Security our
priority…
The time calls for a shift in thought process…
Let’s pledge to:
 Respect the mandate for information security in the
organization

 Make security an integral part of everything we do as

part of our job

 Be vigilant and report security incidents

 Use company assets for official purposes only as per

Acceptable Use Policy

 Be cautious of Social Engineering attacks

 Access information only on “Need to know” basis

 Not engage in any activity which might bring a bad

repute for the organization

39
Thank you
We’re glad you’re about to start working with us! While you are working with us, we
expect you to adhere to the same high standards that apply to our own staff. This
includes knowing our Code of Conduct and Acting with Integrity as well as
maintaining your personal independence. You don’t have to be an expert in
regulations or policy but you do need to consult if you find yourself in a difficult
situation, or you suspect some wrong-doing. The risks of non-compliance are real:
for you, your firm and us but by behaving ethically and ensuring the highest
standards you can manage these risks successfully.
Thank you for reading this brochure. You are now required by the terms of the
contract between us and your firm to confirm the following to your employer/us:
— You understand the content of this brochure;
— You will comply with the requirements contain herein; and
— You will report any unethical behavior or breaches of independence you become
aware of using our Whistle-Blowing Hotline