1.

Vaish Associates, Advocates

IT Security, Email & Internet Usage Policy
Version 2.0

Policy Statement

This IT Security, Email and Internet usage policy is applicable to all retainers, associates, employees, interns and
other computer users (hereinafter referred as “Users”) of Vaish Associates, Advocates (hereinafter referred as
“Firm”), who use or have an access to Firm’s information technology systems (IT), data and internet must adhere to
this IT Security, Email & Internet Use Policy (hereinafter referred as “this Policy”), which also forms part of the
terms and conditions of their retainer ship and employment terms.

This Policy is being implemented to establish standard practices and rules for responsible, safe and productive use of
the hardware, software provided by the firm including the use of e-mail and internet; and to ensure the protection
of data, records and other proprietary information of the Firm and to prevent any data theft and/or misuse.

It is vital that each retainer and employee of the firm to read and understand this Policy carefully. If there is
anything that you do not understand, it is your responsibility to seek clarifications from IT Division Head/ or the
Partner of the Firm.

Scope & applicability of the Policy:

This Policy applies to all Users, who have been provided hardware/software and access to the IT network, E-mail
and internet facilities by the Firm. The policy clearly spells out what is expected from the user and lists the activities
that are prohibited.

E-mail Policy:

1. All outbound e-mails sent by the user must conform to the Firm’s signature policy in force, including the
font type and size.

2. Use of e–mail and internet is limited to activities directly connected with the Firm’s business, and strictly
prohibits usage of Firm’s IT systems for private, recreational or activities not connected with the Firm or
in any illegal, offensive or unethical manner. No User is permitted to use Firm’s IT systems for promoting
his/her own business and/or personal ventures.

3. Users shall ensure that all communication made with clients both existing/prospective must be done in a
professional manner and use of vulgar or obscene language including slang, short form or SMS language is
strictly prohibited.

4. Chain mails within the offices or across offices are strictly prohibited. Sending of junk mail or unsolicited email
messages or spam of any kind is also strictly prohibited.

5. Use of alternate mail providers like www.gmail.com or hotmail.com or any other third party, email service for
official communication is prohibited.

6. 6. Users must use extreme caution when opening e-mail attachments received from unknown senders, as they
may contain viruses, or such emails and attachments, may be phishing emails for committing financial frauds
etc.

7. Similarly opening of files received as e-mail attachments, onto your system must be done using the approved
antivirus software that is loaded onto each system.

8. Users are responsible for the security of their “passwords” and extreme care must be taken not to reveal the same
to any outsider. The Firm reserves the right to access any User’s e-mail for any purpose whatsoever, including
inspection.

9. Each user is responsible for the email that originates from his/her email address and all consequent liabilities
arising out of such an email shall vest on such User.

10. Each user is required to read all official emails received by him/her and respond to the same promptly.

11. Periodic housekeeping is expected to be done by each user by removing all junk emails from their inbox. In case
need be the systems administrator is authorized to do so as and when the need arises without asking the user.

12. The Firm reserves the right to revoke access to the IT System of the firm, without assigning any reason, to
persons/User identified as a security risk or a having a demonstrated history of misusing the system. In any event
the Firm reserves the right to withdraw Internet access and e-mail from any User. All information held on the
networks including email, file systems and databases associated with the Firm or assigned by the Firm to Users,
individuals, practice groups or particular functions is the property of the Firm. Any information originating from
such accounts is also the property of the Firm.

1
13. Only authorized persons are allowed to use the firm’s email for personal purposes. However, care is to be taken
to ensure that personal emails are placed in separate folders.

14. The firm prohibits the use of any Instant Messaging applications like ICQ, Yahoo Messenger, Google Talk, etc.
including the Use of social networking sites like Facebook, Twitter, Instagram and LinkedIn etc.

Internet Policy

Internet and intranet facility has been provided to all the users across all offices of the firm.

15. Internet must be used only for Firm’s business purpose

16. Download of any document, graphics, audio or video files which is not connected to the Firm’s business
is not allowed. Similarly, download/Installation/Removal of any software or internet utility including instant
messaging technology is strictly prohibited. This includes software and shareware available for free on the
Internet. In case you do need any applications, you may contact the IT department.

17. Users are prohibited from copying, saving, sending, or printing confidential, sensitive business data and files,
copyrighted information and any intellectual property rights of the Firm.

18. Users are prohibited from visiting, viewing, browsing or downloading any materials from any website or
e-mail, which contains obscene, sexually explicit, hateful, violent material or sites relating to criminal skills,
pornography, hacking, gambling and drugs or other socially objectionable or illegal or unlawful material while
using Firm’s computers and it will also tantamount to grave misconduct which would call for disciplinary/legal
action.

19. Creation or distribution of any disruptive or offensive messages or postings to internet blogs, including
comments about gender, age, race, colour, ethnic origin, disabilities, nationality, sexual orientation, religious
and political beliefs using Firm’s computers is strictly prohibited.

20. Any type of harassment, intimidation or annoyance, via emails or internet whether through language,
frequency or size of messages is strictly prohibited. If Users receive or have knowledge of e-mails
containing messages which could amount to harassment or otherwise inappropriate messages, Users should
report this information to the IT Department/Manager/partner.

21. Creation, distribution or posting on internet blogs of information that is defamatory to the Firm, its
services, colleagues and/or clients or any third person using Firm’s network or services is strictly prohibited.

22. Users are prohibited from circumventing or attempting to circumvent or subvert security measures on the
Firm’s network resources or any other system connected to or accessible through the Internet.

23. All visits to websites and downloads are monitored on a daily basis and/or any unauthorized user or download
will be blocked by the firm and the person concerned will be dealt with severely which may also include
termination of the retainer ship/employment/engagement with the firm.

24. If a User is unsure about what constituted acceptable Internet usage, then he/she should ask the IT in charge or
whosoever is so designated for further guidance and clarification.

IT Security Policy

System Access

All retainers and employees of the Firm have been provided with desktops/Laptops having access to servers,
ERP, email and internet connection. Users alone are responsible for their User ID and password.

25. Password Care

a. Do not share or disclose your password to any unauthorized user.

b. Users should define their own passwords.
c. Owner of password will be held responsible for any misuse of the password by associates/other
employees.

26. Virus Protection

Virus is a very serious threat to our critical data, and will continue to evolve, becoming more sophisticated,
dangerous and devastating. Viruses / Trojans / Worms can damage the system up to extent, that you can’t
recover the software or hardware at all. Sometimes, just remains hidden in the system for few days and on particular
event it does the damage.

a. Do not run any files without first scanning them, no matter what the file extension is, i.e. (.exe, .bat,
.com, .doc, etc.);
b. Do not download any files and/or programs from unknown sources; if in doubt, contact the IT
department;
c. Do not open attachments or run any programs, even if sent by a friend or family member; first
verify the source, and scan before opening the attachment or running the media source;
2
 d. Scan your system at least once a week with your default Anti Virus scanner software, and regularly
update the same.

27. Software Policy

Users are prohibited from installing any unauthorized and unlicensed software including programs like screen savers,
games and funny cartoons in Flash etc., Any such installation shall be immediately removed.

28. Use of Removable Media (CD's, pen drives, tapes, etc.)

Use of Pen Drives, Flash Drives, CDs & other Optical Drives either personal or from any other unauthorized source is
prohibited. In case, however, such media is required to be used, the same can be used only in consultation with the
permission of the IT Department/partner.

Personal removable media like laptops, hard drives, PDAs, MP3 players, USB keys, Floppy Drives, Flash
Drives, CDs & other Optical Drives are also not allowed to be brought inside the Office. Any such request by a User
must be given in writing and permission shall be given on a case to case basis, if at all.

Users are not authorized to copy official data onto removable media, including laptops, hard drives, PDAs, MP3
players, USB keys, Floppy Drives, Flash Drives, CDs & other Optical Drives.

29. Upkeep and Maintenance of Hardware

Users are expected to:

a. Ensure that there is no unauthorized use of their systems.

b. Keep portable equipment provided by the firm safe and secure.
c. Report any loss of data or accessories to the IT division.
d. Ensure that you have proper authorization from the IT division/partner before taking any
equipment off-site.
e. Ensure that your system is properly shut down before leaving the office.

30. Incident Handling

All information security incidents (e.g. malicious code, worms, viruses, unauthorized or inappropriate email/internet
use) must be immediately reported to the IT Department upon discovery.

Loss of desktop, portable, or mobile computing devices by any means (e.g. theft, loss, breakage) must be reported to
the IT Department as soon as discovered to ensure that its use to access the firm’s network is disabled.

31. Privacy Policy

Users should not expect the information, including emails, stored, sent, or received through the firm’s email, system
or use of the internet or network to be “Private”. The firm reserves the right to monitor and it does monitor,
email messages, internet and network usage without any prior notice to any of the users. The Firm, at its sole
discretion, also reserves the right to access the computer/laptop and IT resources etc. provided to you, create
copy/image or the same, or copy or delete any data lying in the computer/laptop and IT resources etc. or deny access
of any such computer/laptop and IT resources etc. to you.

32. Training

All or any of the Users in the Firm may, at the discretion of the Firm, be expected to go through appropriate
training program for learning computers, internet, emailing, network and data protection including its ERP package.

33. Amendments

The Firm may amend this Policy at any time without prior notice.

34. Policy Compliance, Acknowledgement and Review

Users must acknowledge and sign the Acknowledgement of Receipt and Understanding form to the fact that
they understand the rules in all IT Security Policy documents and will adhere to this and other policies at all times.
The consent and acknowledgement to this Policy may be sought by the Firm or given by the user by email.

All Users should periodically review all firm policies relating to email and use of the firm’s network.

All Users are required to physically sign/acknowledge and accept this Policy by email, which shall be binding
acknowledgement and acceptance of this Policy on the part of the User.

All subsequent policy changes communicated to the Users by email at their official email address shall form part of
the present Policy without any consent or signatures.
3
In case any of the firm’s User, disagree with any Policy or subsequent changes, same shall be immediately notified to
the management in writing and by email.

4
35. Breach of Policy

Breach of rules set out in this Policy may lead to disciplinary action being taken against the User, which may include
dismissal/termination and may also result in legal claims against the User, including criminal action.

Further, any action of the User which may expose the firm to any risk due to the unauthorized access to data,
disclosure of information or potential system failure giving rise to any legal liability is prohibited and considered as a
serious offence, which may result in disciplinary action including dismissal and reporting to the concerned
authorities.

COMPUTER AND INTERNET USAGE POLICY

Acknowledgement of Receipt and Understanding

All terms and conditions as stated in this document are applicable to all Users of Vaish Associates’ network and
Internet connection. All terms and conditions as stated in this document reflect an agreement of all parties and should
be governed and interpreted in accordance with the policy and procedure mentioned above. Any User violating these
policies is subject to the loss of network privileges and any other disciplinary/Legal actions deemed appropriate.

I have read, understood and agree to abide by the rules in this Email & Internet Usage Policy and other IT Security
policies. I further understand that any violation of this policy is unethical and may constitute a criminal offense.
Should I commit any violation, my access privileges may be revoked, disciplinary action and/or appropriate legal
action may be taken.

Full Name Swayamjit Roy

Designation Intern
Email id.: roy.swayamjit@gmail.com

Mobile No. 9350192300

User Signature Swayamjit Roy 19th December 2022

Date

OR

Acceptance through email as under:

I have read, understood and agree to abide by the rules in this Email & Internet Usage Policy and other IT Security
policies. I further understand that any violation of this policy is unethical and may constitute a criminal offence.
Should I commit any violation, my access privileges may be revoked, disciplinary action and/or appropriate legal
action may be taken. I hereby acknowledge and accept this Policy, and send my consent through my personal email
id…………..[Insert your email id] by copying this para in the body of the email and attaching a copy of this Policy
with the email.