Addendum to Global Information Security Policy andGlobal Information Security Management Procedure for Use of Personal Devices byEmployees on the Company Domain (“Addendum”)
| Issue Date / Version # | __________, 2013 |
| Document Owner / Process Contact | Verint Legal Department |
| Next Review Date | ___________, 2015 |
| Functions | All |
| Geographies | All (Israel) |
The latest version of this document is available onthe Innervision Portal
This Addendum is attached to and made a part of theVerint Global Information Security Policy (“InfoSec Policy”) and theVerint Global Information Security Management Procedure (“InfoSecProcedure”), available on the Innervision Portal under the Global PoliciesTab of the Global Corporate Responsibility page.
Capitalized terms not defined in this Addendum shallhave the meanings assigned to them in the InfoSec Policy or the InfoSecProcedure.
I. Scopeand Purpose
During the course of your work at Verint Systems Inc.or any of its subsidiaries (collectively, “Verint” or “Company”),you may have access to Verint Information, Confidential Information orPersonal Information (the “Protected Information”) using Technology Resourcesto access Verint’s network, messaging systems or applications (“CompanyDomain”). No matter what your role at the Company, you play an importantpart in safeguarding such Protected Information. You are our most importantcontrol in protecting Protected Information.
This Addendum is intended to ensure that ProtectedInformation remains secure from risks posed by employees (“Users”) whoare permitted by Verint to access the Company Domain using mobile devices,including smart phones, tablets and other mobile devices, which are theproperty of the User (“Personal Devices”).
The use of Personal Devices for work purposes isvoluntary.
II. Termsand Conditions for use of an Approved Device by the User:
1. This Agreement is superseded by and subject to theterms and conditions of your employment agreement with Verint and does notalter in any way such employment agreement. The use of any Approved PersonalDevice in accordance with this Agreement and with respect to Verint purposesshould be done in a consistent manner with the terms and conditions of youremployment agreement.
2. OnlyApproved Devices are allowed use of or access to the Company Domain. “Approved Devices” are Personal Devices which the Company expressly approves inadvance to use and access the Company Domain. The acceptance of this Addendumby the User is a condition to a Personal Device becoming an ApprovedDevice. The Company will decide which types of mobile devices may be ApprovedDevices and publish a list of such devices on the Innervision Portal (the “TypeList”).
3. TheCompany has the right to approve, deny or revoke an Approved Device.
4. TheCompany has the right to modify, alter or amend this Addendum, and in suchevent, will notify the Users of the change, and Users’ sole right in that eventis to elect to disconnect their Personal Device from the Company Domain byuninstalling the Software (as defined below) in which case the Personal Devicewill cease to be an Approved Device. Otherwise, the User is deemed tohave accepted any such modifications, alterations or amendments to thisAddendum.
5. Userwill not connect or attempt to connect to the Company Domain via any devicethat is not either (a) a device that was issued to such User by Verint; or (b)an Approved Device.
6. Exceptas expressly undertaken by Verint, User understands that it remains liable(without reimbursement by Verint) for the cost of the Personal Device or itsreplacement.
7. Asa condition of a Personal Device becoming an Approved Device, User will permitVerint to install one or more software applications of its choosing (the“Software”) on a Personal Device (including updates, new versions, bug fixes,encryption related software for Protected Information, additional softwareapplications, etc.) as may occur from time to time, allowing Verint to manageProtected Information on the Approved Devices in accordance with applicablelaw, the InfoSec Policy and applicable Mobile Device Policy and to ensure useof the Approved Device complies with Verint’s abovementioned policies andprocedures. The User will inform Verint immediately if the User suspects thatthe Software ceased to function.
8. Userunderstands that the Approved Device is a Technology Resource as such term isdefined in the Infosec Procedure, and will adhere to all of the requirements ofthe Infosec Procedure in that regard; provided, however, the Companyacknowledges that an Approved Device may be primarily or substantially forpersonal use (as opposed to incidental personal use as referenced in theInfosec Procedure), so long as such personal use complies with the terms ofthis Addendum.
9. Withrespect to an Approved Device, User will:
a. notifyVerint immediately (by opening a Help Desk ticket) if an Approved Deviceis stolen or compromised in any way;
b. notify Verint byopening a Help Desk ticket at least two (2) business days prior to Userproviding an Approved Device to any third party for service or maintenance;
c. installor permit Verint to install appropriate anti-virus and anti-spam software andensure that such software is running on the Approved Device at all timesand not remove such software
d. ensure that theOperating System, the anti-virus and anti-spam software of the Approved Deviceare up to date;
e. maintaina strong password on Approved Device and will change that password no less thanevery ninety (90) days or when required by Verint;
f. ensurethat Approved Device’s settings are such that the Approved Device will lock ifits idle for five (5) minutes and/or after ten (10) failed login attempts;
g. ensure that alllocally stored information is encrypted;
h. employreasonable physical security measures. Users are expected to physically secureApproved Device, whether or not it is actually in use and/or being carried;
i. usethe Approved Device in an appropriate manner at all times and not load illegal contentor applications on the Approved Device or use the Approved Device for anyillegal purpose;
j. nothack or “Jailbreak” the Approved Device or the Software; and not install oruninstall software or applications on the Approved Device which are prohibitedby Verint. The Company will publish a list of types of software or applicationsthat may be installed on Approved Devices, on the Innervision Portal. Userunderstands that (A) upon the occurrence of any of the events identified in, ornoncompliance with any of the requirements of this addendum, (B) if theApproved Device does not connect to the Company Domain for fifteen (15)consecutive days, (C) upon termination of User’s employment or (D) if Verintmakes a judgment that it is in Verint’s interest to make the ProtectedInformation non-viewable on the Approved Device, Verint will sever theconnection between the Company Domain and the Approved Device, thus makeProtected Information that originated from the Company Domain no longerviewable on the Approved Device. The severance of the connection betweenthe Approved Device and the Company Domain may inadvertently affect User’spersonal content on the Approved Device. User agrees to provide all cooperationas Verint may require in accordance with applicable law in order to ensure thatProtected Information has been made non-viewable on the Approved Device, aswell as any device (such as User’s personal computer) to which User may havebacked up the Approved Device.
10. User should notrely that Verint has a backup of the Approved Device or its contents, andVerint does not support synchronization software operated by User on theApproved Device (e.g., iTunes). User is responsible for backup of all personalcontent on the Approved Device. Further, the Software may prevent Userfrom backing up the Protected Information to any third party device (includingother personal devices, e.g., home computers of User’s).
11. Verint has nointerest in viewing or monitoring Users’ private activities. In accordance withapplicable laws, User may be requested to provide Verint access to the ApprovedDevice for purpose of investigation, electronic discovery, litigation or otherlegal hold preservation, document retention and other legal obligationsrelating to Protected Information which is business related only.
12. User understandsthat Verint does not provide any warranty regarding the Software and does notrepresent or warrant to the User that (A) the Software will operate with theApproved Device or (B) that the operation of the Software will not cause damageto the Approved Device, or damage to or loss of any data or other software orapplications stored on the Approved Device. Verint shall not be liable for theloss of or damage to any private data on such Approved Device.
13. Noncompliance bythe User with this Addendum may result in disciplinary action up to andincluding employment termination.
AnyUser with a concern, question or suggestion regarding this Addendum shouldcontact his/her immediate supervisor or other knowledgeable corporate resourcewithin their office or the Global Information Security Manager.
Employee Acknowledgement
I, the undersigned employee, have read and fullyunderstand the terms of this Addendum. I agree and undertake to be bound by andcomply with this Addendum as a condition of my Personal Device being consideredas an Approved Device. I understand that I am under no obligation to have myPersonal Device access the Company Domain and it is solely at my request thatthe Company is considering designating my Personal Device as an ApprovedDevice. I acknowledge that any information stored on my Approved Device(including personal information) is subject to inspection and/or making of informationnon-viewable by Verint, as set forth in this Addendum and I consent to suchaccess by Verint, and will cooperate, if required by local law, in order toallow such access. I also understand that my failure to comply with the termsof this Addendum will constitute a violation of Verint policy and may besubject to appropriate disciplinary action, which may include my dismissal.
Employee (User)Name: _____________________________
EmployeeI.D.: _____________________________
Approved MobileDevice Model & No.: _____________________________
Mobile (SIM)Line No.: _____________________________
Date: _____________________________
