IPsoft Acceptable Use Policy Awareness Session

Background
IPsoft is ethically, legally and contractually required to protect Client and internal data through an Information Security (InfoSec) program. InfoSec combines technology and process to safeguard the confidentially, integrity and availability of information. The cornerstone of InfoSec is an Acceptable Use Policy (AUP) that defines terms, informs Users of restrictions, and describes appropriate conduct. Users must read and understand the Policy since effective security is not a factor of security, rather it relies upon the awareness and the cooperation of all Users. Users must agree to follow the Policy to ensure protection of information and the continued success of IPsoft. Future audits require verifiable evidence recording InfoSec initiatives.

AUP Drivers
Compliance Statement of Auditing Standards # 70 (SAS70): As a service provider, IPsoft must pass periodic audits that inspect our internal controls. Specific provisions require documentation, awareness and user agreement to of Acceptable Use of Systems. Gramm Leach Bliley Act (GLBA): Title V of GLBA requires safeguards for privacy which are implemented through the AUP. Competitive Advantage Our AUP combined with other InfoSec initiatives differentiate IPsoft from our competitors. Adherence to standards improves our creditability and value to Clients.

Confidential Information
A significant portion of the AUP addresses Confidential Information. Users must protect each of the following from disclosure. Personally Identifiable Information Social Security Numbers, PANs, other ID Numbers Drivers License Numbers Passport Numbers Name/Full Birthdate Pairs Financial Information All Client information including Client name Medical Information Passwords

Agreement to Acceptable Use Policy

The Agreement to the Acceptable Use Policy form is required to address the following requirements: - Verifiable Evidence of Deployed Controls - Confirmation of User awareness of Policy - To stress the importance of the Policy to Users

General Policy To prohibit the unprofessional, unethical or illegal use of IPsoft Systems. Incidental personal use of Systems is permitted if such use does not detract from Users responsibilities or otherwise consume excessive resources. Actions that negatively impact privacy, safety, rights or property are forbidden. By using our Systems, each User assumes responsibility for appropriate use and agrees to comply with this Policy, other IPsoft Policies, regulations, partner agreements, provider Terms of Service and applicable laws.

Key Provisions
The unauthorized use, extraction, display, alteration, deletion or restoration of data, programs, records, credentials or services in any form is prohibited. Transferring, viewing, forwarding, storing or serving any material that would offend a reasonable person on the basis of gender, sexual orientation, age, religious or political beliefs, national origin, race, citizenship or disability; any material, the possession or transmission of which is illegal or materials that facilitate illegal activities; and any material that violates our Policies against sexual harassment. Unprofessional communications including threats, obscenity, intimidation, harassment or defamation are prohibited. Providing unauthorized goods or services for free or for a fee using the IPsoft Systems is forbidden. Unauthorized personal, commercial or non-commercial activities, messaging, fundraising, gambling, advertising or the selling of goods/services is not allowed.

Key Provisions (continued)

Exceeding your level of authorization is not allowed and misrepresentation of identity is forbidden. Attempting to obtain or obtaining confidential information including credentials or using any means to circumvent controls, deactivate safeguards, intercept communications, extend wired or wireless connections or ignore security warnings is forbidden. Infringing on intellectual property rights including plagiarism and unauthorized use or reproduction is prohibited. Unauthorized scanning of Systems for services and/or security vulnerabilities is prohibited.

Key Provisions (continued)

Any activities that adversely affect the ability of other people or devices to do their jobs, use Companys Systems or the Internet are prohibited. Running any unauthorized service that enables the sharing, forwarding, processing, modification or deletion of information, data or files is prohibited. Sending unsolicited information is prohibited. Users may not use IPsofts Systems to distribute unauthorized commercial or noncommercial information. Monitoring accounts should not be used for interactive access.

No Expectation of Privacy
IPsoft Systems and their complete contents are the property of IPsoft. Users should have no expectation of privacy. As part of our normal business practices, we periodically inspect active and archived data, and these data sources may contain information marked by Users for deletion. If User data contains item(s) that violate the law or violate this Policy, we may take disciplinary action, advise law enforcement or take other action(s).

10

Compliance
Users who violate the Policy may incur disciplinary actions including termination, and civil and/or criminal action(s). Consultants, contractors or service providers in violation of this Policy will be considered in breach of their contractual obligation to IPsoft. IPsoft reserves the right to terminate its contract without penalty and to pursue any remedies available to it, including civil and/or criminal action(s) against the offending party. IPsoft monitors access to our Systems as part of our normal business practices. Should we discover prohibited actions, the Company may immediately suspend the suspect connection and/or User and commence a comprehensive investigation

11

Questions

12