exv10w09

Tools Utilized - Kill Disk, Eraser or De Gauss etc. consistent with the Information Security Addendum as detailed in Exhibit 7 of MSA

Equipments covered are – All Desktops / laptops / hard disks, server class machines

TABLE OF CONTENTS


			Page(s)
ARTICLE 1		DEFINITIONS; INTERPRETATION; ASSUMPTIONS		1

	1.1	Definitions		1

	1.2	References		1

	1.3	Headings		1

	1.4	Interpretation of Documents		1

ARTICLE 2		TERM		2

ARTICLE 3		TRANSITION		2

	3.1	Transition Plan		2

	3.2	Transition Services		2

ARTICLE 4		SERVICES		3

	4.1	Scope of Services		3

	4.2	Standard Operating Procedures		3

	4.3	Disaster Recovery Services		4

	4.4	Reports		4

	4.5	Records Retention		4

	4.6	Reliance on Instructions		4

	4.7	Customer’s Obligations		4

	4.8	Licenses and Permits		4

	4.9	Insurance		5

	4.10	Technology Refresh		5

ARTICLE 5		SERVICE LOCATIONS		5

	5.1	Service Locations		5

	5.2	Genpact Service Locations		5

	5.3	Project Staff		5

	5.4	Customer Service Locations		6

ARTICLE 6		CHANGE CONTROL PROCEDURE		6

ARTICLE 7		SERVICE LEVELS		7

	7.1	General		7

	7.2	Relief		7

	7.3	Periodic Review; Annual Improvement		8

-i-


			Page(s)
	7.4	Measurement and Monitoring Tools		8

ARTICLE 8		AUDIT		8

	8.1	Service Audit		8

	8.2	Financial Audits		8

	8.3	General Principles Regarding Audits		8

ARTICLE 9		GOVERNANCE		9

	9.1	Genpact Account Representative		9

	9.2	Customer Account Representative		9

	9.3	Establishment of Steering Committee		9

	9.4	Dispute Resolution		10

	9.5	Arbitration		10

ARTICLE 10		FEES AND PAYMENT TERMS		11

	10.1	Fees		11

	10.2	Reimbursement of Expenses		11

	10.3	Pass-Through Costs		11

	10.4	Inflation and Currency Adjustments		11

	10.5	Invoices; Method of Payment; Finance Charges		11

	10.6	Proration		12

	10.7	Taxes		12

ARTICLE 11		PROPRIETARY RIGHTS		12

	11.1	Customer IP		12

	11.2	Genpact IP		13

	11.3	Developed Work Product		13

	11.4	Residual Knowledge		14

ARTICLE 12		CONFIDENTIALITY		14

	12.1	Confidential Information		14

	12.2	Disclosure to Employees and other Parties		15

	12.3	Exceptions		15

	12.4	Return of Confidential Information		15

	12.5	Injunctive Relief		15

ARTICLE 13		CUSTOMER INFORMATION		16

ARTICLE 14		DATA SECURITY		16

ARTICLE 15		REPRESENTATIONS AND WARRANTIES		16

-ii-


			Page(s)
	15.1	Genpact Representations and Warranties		16

	15.2	Customer Representations and Warranties		16

	15.3	No Other Warranties		17

ARTICLE 16		COVENANTS		17

	16.1	Genpact Covenants		17

	16.2	Customer Covenants		18

ARTICLE 17		TERMINATION		18

	17.1	Termination for Cause		18

	17.2	Termination for Insolvency		18

	17.3	Termination Assistance Services		19

ARTICLE 18		INDEMNIFICATION		19

	18.1	By Genpact		19

	18.2	By Customer		20

	18.3	Obligation to Replace		20

	18.4	Indemnification Procedures		21

	18.5	Indemnification Notice		21

	18.6	Mitigation Efforts		21

ARTICLE 19		LIMITATION OF LIABILITY		21

	19.1	Direct Damages		21

	19.2	Consequential Damages		21

	19.3	Contractual Limitation of Action		21

	19.4	Recourse		21

ARTICLE 20		MISCELLANEOUS		22

	20.1	Notices		22

	20.2	Assignment, Binding Effect		23

	20.3	Subcontracting		23

	20.4	Force Majeure		23

	20.5	Counterparts		24

	20.6	Relationship of Parties		24

	20.7	Consents, Approvals and Requests		24

	20.8	Good Faith and Fair Dealing		24

	20.9	Severability		24

	20.10	Waiver		25

-iii-

SERVICES AGREEMENT

This Services Agreement, dated as of May 28, 2009 (the “Effective Date”), is by and between Green Dot Corporation, a Delaware corporation (“Customer”), having its principal place of business at 605 East Huntington Dr., Suite 205, Monrovia, CA 91016, and Genpact International, Inc., a Delaware corporation (“Genpact”), acting through its Hungarian Branch with its office at Duna Plaza Offices, 4th Floor, H-1138, Budapest Vaci ut 178, Hungary.

RECITALS

WHEREAS, Customer has agreed to engage Genpact to provide various services to Customer relating to business process outsourcing and Genpact has agreed to provide such services on the terms and conditions set forth in this Agreement and Statements of Work entered into by the Parties from time to time pursuant to this Agreement;

NOW, THEREFORE, in consideration of the foregoing and the mutual promises herein, and for other good and valuable consideration, the receipt and sufficiency of which are hereby acknowledged, the Parties hereby agree as follows:

ARTICLE 1
DEFINITIONS; INTERPRETATION; ASSUMPTIONS

1.1 Definitions. Capitalized terms used in this Agreement shall have their respective meanings set forth in Exhibit 1 (Definitions).

1.2 References. In this Agreement and the Exhibits hereto and thereto:

(a)		the Exhibits shall be incorporated into and deemed part of this Agreement and all references to this Agreement shall include the Exhibits to this Agreement;

(b)		the Attachments (or Appendices) to an Exhibit shall be incorporated into and deemed part of such Exhibit and all references to such Exhibits shall include the Attachments (or Appendices);

(c)		references to any Law or Regulatory Requirement shall mean references to such Law or Regulatory Requirement in changed or supplemented form or to a newly adopted Law or Regulatory Requirement; and

(d)		use of the word “including” or the phrase “e.g.” shall mean “including, without limitation”.

1.3 Headings. The Article, Section and Exhibit headings, and the Table of Exhibits, are for reference and convenience only and shall not be considered in the interpretation of this Agreement.

1.4 Interpretation of Documents. In the event of a conflict between (a) this Agreement (excluding any Exhibits thereto) and any Exhibit, the terms of this Agreement shall prevail, (b) this Agreement and any Statement of Work, the terms of this Agreement shall

prevail, or (c) any Statement of Work and any exhibits or attachments to such Statement of Work, the terms of such Statement of Work shall prevail.

ARTICLE 2
TERM

The term of this Agreement shall commence on the Effective Date and continue until the expiration or termination of the last remaining Statement of Work in effect under such Agreement, unless the Agreement is terminated earlier pursuant to its terms (“Term”).

ARTICLE 3
TRANSITION

3.1 Transition Plan.

(a)		For each Statement of Work, the Parties shall develop a written implementation plan that shall include (i) the overall approach of the implementation, (ii) a schedule of implementation milestones and other activities (the “Transition Schedule”), (iii) a detailed description of the respective implementation tasks and responsibilities of Customer and Genpact and (iv) any other relevant information ((i) through (iv), the “Transition Plan”).

(b)		Genpact shall perform its obligations described in each Transition Plan to enable Genpact to commence its provision of, and Customer’s receipt of, the Services (the “Genpact Transition Obligations”) and Customer shall perform its obligations described in each Transition Plan to enable Genpact to commence its provision, and Customer’s receipt, of the Services (the “Customer Transition Obligations”; together with the Genpact Transition Obligations, the “Transition Services”).

(c)		Genpact shall update and modify each Transition Plan, from time to time, as appropriate. Each revision of a Transition Plan shall include such modifications as may be reasonably requested by either Party (e.g., modifications due to visas or delays caused by Governmental Authorities) that do not, individually or in the aggregate, materially increase the costs for the applicable Transition Services for the other Party or delay the applicable Transition Schedule.

3.2 Transition Services.

(a)		Genpact shall plan and prepare for the Transition Services with Customer’s reasonable assistance in order to (i) minimize disruption to Customer’s applicable operations and (ii) complete the Transition Services in all material respects no later than the completion date specified in the Transition Schedule.

(b)		Prior to commencing the Transition Services, the Parties shall discuss all known Customer-specific material risks and shall not proceed with the Transition Services until Customer is reasonably satisfied with the plans with regard to such risks.

(c)		Genpact shall be responsible for overall management of the Transition Services and to the extent within its control, shall use reasonable efforts to keep the Transition Services on schedule. Customer shall cooperate with Genpact and provide to Genpact such reasonable assistance, resources, information and other input to coordinate the Transition Services and to complete the Transition Services in accordance with the applicable Transition Plan. Upon identification of any issues that would reasonably be expected to delay or otherwise adversely effect the completion of any of the Transition Services, Genpact shall promptly notify Customer and the Parties shall cooperate to establish a plan to minimize the delay or other adverse effect.

(d)		Prior to completion of the Transition Services, the Account Representatives and such other appropriate representatives of the Parties, shall periodically review the status of the Transition Services.

ARTICLE 4
SERVICES

4.1 Scope of Services. From time to time, the Parties shall enter into statements of work in the format set forth in Exhibit 2 (Form of Statement of Work) in respect of services to be provided by Genpact to Customer pursuant to this Agreement (the “Services”). Each such Statement of Work shall incorporate, and be subject to, the terms and conditions of this Agreement. Each Statement of Work shall include, among other things, the term of the work order, a detailed description of the services to be performed, the responsibilities of each party, rates for compensation for the services, any reports to be furnished, the person authorized by each party to make changes to the Statement of Work, staffing levels and performance standards. Any default under, or breach of, any Statement of Work shall be considered a default under, or breach of, both the Statement of Work and this Agreement. As of the applicable Service Commencement Date and during the remainder of the term of the applicable Statement of Work, Genpact shall provide the Services described in such Statement of Work to Customer.

4.2 Standard Operating Procedures.

(a)		On or before the Service Commencement Date for any Statement of Work, Genpact shall deliver a draft of the Standard Operating Procedures for the Services under such Statement of Work. Within 90 days of the of Customer’s written response to such draft, Genpact shall provide Customer the final version of such Standard Operating Procedures. The Standard Operating Procedures shall be written to enable personnel skilled in the relevant disciplines to use and receive the Services. Genpact shall not be required to deliver Standard Operating Procedures that relate to Services for which it has already provided Standard Operating Procedures pursuant to this Section 4.2(a).

(b)		Subject to the terms of this Agreement, the Parties shall comply at all times with the Standard Operating Procedures.

(c)		Genpact shall update the Standard Operating Procedures from time to time to reflect changes in the Services.

4.3 Disaster Recovery Services. Genpact shall provide to Customer the disaster recovery assistance, cooperation and services described in Exhibit 3 of this MSA. Genpact has no responsibility for Customer’s business continuity planning or disaster recovery, except as set forth in this Agreement or as otherwise agreed to in a Statement of Work.

4.4 Reports. Genpact shall provide to Customer the reports set forth in the Statements of Work in accordance with the frequencies set forth therein.

4.5 Records Retention. Genpact shall retain all books and records in accordance with the records retention standards under applicable Law.

4.6 Reliance on Instructions. In performing its obligations under this Agreement, Genpact shall be entitled to reasonably rely upon any routine instructions, authorizations, approvals or other information provided to Genpact by the Customer Account Representative or by any other Customer personnel identified by the Customer Account Representative as having authority to provide such routine instructions, authorizations, approvals or other information on behalf of Customer.

4.7 Customer’s Obligations.

(a)		In addition to its other obligations under this Agreement, Customer shall, at its own cost and expense, be responsible for the obligations ascribed to Customer in each Statement of Work (collectively all obligations, the “Customer Obligations”). Customer shall perform the Customer Obligations and acknowledges that Genpact’s performance of the Services is dependent on Customer’s timely and effective performance of the Customer Obligations.

(b)		If Customer’s failure to perform any Customer Obligations directly and materially affects Genpact’s ability to perform its obligations under this Agreement, Genpact’s failure to perform such obligations shall be excused. Any failure by Customer Agents, which directly and materially affects Genpact’s ability to perform its obligations under this Agreement shall be considered and deemed included as Customer’s failure to perform Customer Obligations. Notwithstanding Customer’s failure to perform Customer Obligations, Genpact shall use commercially reasonable efforts (including emergency fixes and workarounds) to perform its obligations under this Agreement. Genpact shall be entitled to be compensated for any additional costs incurred towards such commercially reasonable efforts undertaken to perform its obligations under this Agreement which are affected by any delay or failure to perform on the part of Customer. Prior to incurring any expenses, Genpact must obtain written approval from Customer.

(c)		Customer shall not remarket or sell all or any portion of the Services, or make all or any portion of the Services available to any third party without Genpact’s prior consent.

4.8 Licenses and Permits. Each Party will obtain all necessary approvals, consents, permits and grants in their respective jurisdictions to perform and receive the Services, respectively. To the extent so required, Customer and Genpact may mutually agree on areas where Customer shall assist Genpact in obtaining approvals, consents, permits and grants outside the countries from which Genpact performs Services as may be required to perform the Services.

Customer may, in its discretion and to the extent reasonable, assist Genpact to obtain any visa or comply with any other requirements under Immigration Laws.

4.9 Insurance. Genpact shall, during the Term of this Agreement, maintain in force, at its own expense, insurance coverage in accordance with Exhibit 6 of this Agreement, and shall name Customer as Additional Insured on the Commercial general liability and Umbrella policy.

4.10 Technology Refresh. Genpact will upgrade and replace the Equipment and Genpact Systems in accordance with the Refresh Schedule attached hereto as Exhibit 9. In performing all Refresh services and unless otherwise agreed to by the Parties in writing, Genpact shall first replace the oldest Equipment based on the in-service date or age of each such item.

ARTICLE 5
SERVICE LOCATIONS

5.1 Service Locations. The Services shall be provided from the Genpact Service Locations and Customer Service Locations.

5.2 Genpact Service Locations. During the Term, Genpact may add or remove Genpact Service Locations with Customer’s prior written consent, and any incremental expenses incurred by Customer as a result of such addition or removal shall be reimbursed by Genpact. Customer shall document such incremental expenses in reasonable detail and, upon Genpact’s request, provide such documentation to Genpact. To the extent otherwise detailed and listed in the relevant Statement of Work, all equipment, personnel and seats used to provide the Services shall be dedicated to Customer.

5.3 Project Staff. During the term of the relevant Statement of Work, Genpact shall:

(i) depute such appropriately skilled and qualified personnel as are mutually agreed to with the Customer to provide Services to the Customer in accordance with this Agreement and the relevant Statement of Work. Genpact agrees that Genpact shall conduct background checks for its Project Staff in accordance with the Background Policy detailed in Exhibit 4 prior to such employee’s performance of Services. Where services are to be performed through a subcontractor, the subcontractor shall ensure that the personnel deputed by the subcontractor have undergone background checks in accordance with the Background Check Policy, prior to such employee’s performance of Services, unless any deviations thereof have been approved in advance by the Customer. Genpact will be responsible for compliance with all employment laws for the Project Staff including but not limited to Immigration Laws.

(ii) use commercially reasonable efforts to keep the turnover rate of Project Staff below mutually agreed upon threshold limits as set forth on the applicable Statement of Work. If turnover is excessive, Genpact will (a) determine the cause of the excess, and (b) implement and maintain, on a commercially reasonable basis, a program designed to retain the Project Staff. Turnover target or threshold limit will only be used for management purposes and will not be deemed as a service level for the Services provided. Notwithstanding any turnover of Genpact personnel, Genpact will remain obligated to perform the Services without degradation and in accordance with the agreed upon service levels.

(iii) ensure continuity of personnel deputed for performance of Services for not less than 18 months from their deputation except for reasons such as termination of employment, death, major illness, permanent disability or similar reasons pertaining to any personnel.

5.4 Customer Service Locations.

(a)		At no cost to Genpact and to the extent necessary for Genpact to provide the Services, Customer will provide Genpact with (i) reasonable access to the Customer Service Locations and (ii) suitable office resources (including access to office equipment and services, office space, parking, furniture, normal office equipment and support, computer resources, telephone service, facsimile machines, photocopy machines and other reasonable facilities and supplies relating to the Services, heating, air conditioning, electricity, water, security and other maintenance services) in each Customer Service Location reasonably necessary for Genpact to perform its obligations under this Agreement.

(b)		While at any Customer Service Locations, the Project Staff will comply with Customer’s standard workplace security, administrative, safety and other policies and procedures applicable to Customer’s own employees. Customer will provide Genpact with a copy of each such policy and procedure and will notify Genpact of any subsequent modifications or amendments thereto.

ARTICLE 6
CHANGE CONTROL PROCEDURE

(a)		Either Party may propose changes to the scope, terms or conditions of the Services (a “Change”) in accordance with the procedures described hereunder in this Section 6(a) (“Change Control Procedures”). Except as set forth in Section 6(e), neither Party shall be entitled to or obligated by any such Change until it has been presented and approved by both Parties in accordance with such Change Control Procedures. Once approved, such a Change shall be deemed to supplement or modify, as applicable, the terms and conditions of the Statement of Work to which it pertains.

(b)		To propose a Change, the Party’s Account Representative shall deliver a written proposal (a “Change Order Proposal”) to the other Party’s Account Representative specifying (i) the proposed Change, (ii) the objective or purpose of such Change, (iii) the requirements and specifications of the deliverables, if any, to be delivered pursuant to such Change, and (iv) the requested prioritization and schedule for such Change.

(c)		Within 10 business days following receipt of the Change Order Proposal, Customer and Genpact shall, in good faith, meet to review and discuss the scope and nature of the Change Order Proposal, the availability of Genpact personnel, expertise and resources to provide such Change and the time period in which such Change will be implemented. Within 10 business days of such meeting, Genpact shall prepare and deliver to Customer a written assessment of the proposal (the “Change Assessment”) (i) describing any changes in products, services, assignment of personnel and other resources that Genpact believes will be required, (ii) specifying the increase or decrease in the Fees that would

		be required due to such Change, (iii) specifying how the proposed Change would be implemented, (iv) describing the effect, if any, such Change would have on this Agreement, (v) estimating all resources required to implement such Change, (vi) describing the delivery risks and associated risk mitigation plans and (vii) providing such other information as may be relevant to the proposed Change. To the extent that a proposed Change is of such magnitude or complexity that it is not feasible for Genpact to produce a detailed Change Assessment within 10 business days, Genpact shall prepare and deliver to Customer a summary Change Assessment outlining such details regarding the prospective Change as Genpact can ascertain within 10 business days, and the Parties shall agree upon a schedule for the production of a more detailed Change Assessment.

(d)		Customer shall review the Change Assessment and respond within 10 business days of receipt of the Change Assessment, indicating whether Customer desires Genpact to implement the Change pursuant to the Change Assessment. Upon the agreement of both Parties, the Parties will execute a change order (a “Change Order”) based upon such Change Assessment. All Change Orders must be approved in writing by both Customer and Genpact before work on the proposed Change commences.

(e)		Notwithstanding the foregoing, Genpact shall have the right in its discretion to designate and make Changes that do not have a material adverse impact on the Service Levels or do not result in an increase in the Fees without resorting to the Change Control Procedures, provided that Genpact shall provide prior notice to the Customer of any such Changes.

ARTICLE 7
SERVICE LEVELS

7.1 General. Each Statement of Work shall set forth the service levels that shall be used to measure Genpact’s performance of the applicable Services (the “Service Levels”). Each Statement of Work shall set forth the Deliverables and the Milestones or any criteria for acceptance of service or other such measurement that shall be used to measure Genpact’s progress of the applicable Services.

7.2 Relief. Degradations of performance shall not constitute a failure by Genpact to comply with the Service Levels to the extent that any such failure is attributable to any one or more of the following causes:

(a)		the acts or omissions of Customer or any Customer Agent;

(b)		infringements of third party proprietary rights by Customer or any Customer Agent;

(c)		Service or resource reductions requested or approved by Customer; and

(d)		a Force Majeure Event or other similar event that requires implementation of a disaster recovery plan.

7.3 Periodic Review; Annual Improvement. On an annual basis during the Term, the Parties shall review, for each Statement of Work, (a) the then-current Service Levels, (b) generally available information indicating industry-wide improvements of delivery of substantially similar services, (c) improved performance capabilities, including those associated with advances in technology and methods used to provide the Services, and (d) reduced performance capabilities, including those associated with resource reductions requested or approved by Customer. As part of such review process, the Parties may establish additional Service Levels to be added in accordance with the applicable Statement of Work or, subject to the agreement of the Parties through the Change Control Procedures, adjust the existing Service Levels.

7.4 Measurement and Monitoring Tools. Genpact shall implement its measurement and monitoring tools and procedures to measure and monitor Genpact’s performance against the Service Levels in any given Statement of Work. Upon Customer’s reasonable request, Genpact shall provide Customer with information and access to such measurement and monitoring tools and procedures for purposes of verification.

ARTICLE 8
AUDIT

8.1 Service Audit. Subject to Section 8.3, Genpact shall provide to Customer’s third-party auditors and Customer’s internal audit staff, as the case may be, access to any facility at which the Services are being performed, appropriate members of the Project Staff and the data and records maintained by Genpact with respect to the Services (a) for the purpose of performing audits and inspections of Customer and its businesses (including any audits necessary to enable Customer to meet its applicable Regulatory Requirements), (b) to verify the integrity of Customer Data and (c) to confirm that the Services are being provided in accordance with this Agreement, including, without limitation, the Information Security Addendum attached hereto as Exhibit 7.

8.2 Financial Audits.

(a)		Subject to Section 8.3, Genpact shall provide to Customer’s third-party auditors or Customer’s internal audit staff, as the case may be, access to such records and supporting documentation as may be reasonably requested by Customer in order for Customer to determine that the Fees are accurate.

(b)		If, as a result of an audit pursuant to Section 8.2(a), Customer determines that Genpact has overcharged Customer, Customer shall notify Genpact of the amount of such overcharge and Genpact shall credit to Customer the amount of the overcharge in its next monthly invoice. If the audit reveals an undercharge, Genpact shall invoice Customer the amount of such undercharge in its next monthly invoice and Customer shall pay Genpact such amount.

8.3 General Principles Regarding Audits.

(a)		Customer and its auditors shall use reasonable efforts to conduct any audits pursuant to this Article, in a manner that shall result in a minimum of inconvenience and disruption to Genpact’s business operations. Customer shall provide Genpact with reasonable prior notice of an audit. Audits may be conducted only during normal business hours and no more frequently than annually with respect to any Statement of Work, unless material deficiencies are discovered or if otherwise required by any Regulatory Requirement or is so mutually agreed between the parties. Customer and its auditors shall not be entitled to audit (i) data or information of other customers of Genpact, (ii) any Genpact proprietary data, including cost information or (iii) any other Genpact Confidential Information that is not relevant for the purposes of the audit. Genpact shall provide reasonable assistance to Customer and its auditors in connection with an audit. All information learned or exchanged in connection with the conduct of an audit, as well as the results of any audit, constitutes Confidential Information.

(b)		Customer shall not use any competitors of Genpact to conduct audits. Upon the request of Customer, Genpact shall promptly identify its competitors.

(c)		The auditors of Customer shall execute and deliver such confidentiality and non-disclosure agreements and comply with such security and confidentiality requirements as Genpact may reasonably request in connection with an audit.

(d)		Customer shall bear its cost in connection with any audits.

ARTICLE 9
GOVERNANCE

9.1 Genpact Account Representative. Genpact shall designate a senior level individual who shall be primarily dedicated to Customer’s account who (a) shall be the primary contact for Customer in dealing with Genpact under this Agreement, (b) shall have overall responsibility for managing and coordinating the delivery of the Services, (c) shall meet regularly with the Customer Account Representative and (d) shall have the authority to make decisions with respect to actions to be taken by Genpact in the ordinary course of day-to-day management of Genpact’s provision of the Services (the “Genpact Account Representative”).

9.2 Customer Account Representative. Customer shall designate a senior level individual who shall (a) be the primary contact for Genpact in dealing with Customer under this Agreement, (b) have overall responsibility for managing and coordinating the receipt of the Services, (c) meet regularly with the Genpact Account Representative and (d) have the authority to make decisions with respect to actions to be taken by Customer in the ordinary course of day- to-day management of Customer’s receipt of the Services (the “Customer Account Representative”).

9.3 Establishment of Steering Committee. Genpact and Customer shall appoint a steering committee made up of a number of key executives from each Party (including the Genpact Account Representative and the Customer Account Representative), which shall meet from time to time and at such time as the Parties deem appropriate to (a) review and analyze the

Parties’ overall performance under this Agreement, (b) review progress on the resolution of issues, (c) provide a strategic outlook for Customer’s requirements and (d) attempt, subject to Section 9.4, to resolve any disputes or disagreements under this Agreement (the “Steering Committee”). Although the Customer Account Representative and the Genpact Account Representative shall remain as members of the Steering Committee, either Party may change its other representatives upon notice to the other Party. All actions or decisions of the Steering Committee shall require the unanimous vote of its members.

9.4 Dispute Resolution. Any dispute arising under this Agreement shall be considered first in person or by telephone by the Account Representatives within 10 days of receipt (the date of receipt, the “Dispute Date”) of a notice addressed to the applicable Account Representative from the other Account Representative referencing this Section and specifying the nature of the dispute. If for any reason, including a failure to meet or communicate, the Account Representatives have not resolved such dispute to the satisfaction of the Parties within 10 days after the Dispute Date, then each of the Account Representatives shall immediately refer such dispute to its designee to the Steering Committee. The Parties’ designees to the Steering Committee shall each make a good faith attempt to consider such dispute in person or by telephone within 10 days of a dispute being referred to it. Unless the Parties’ designees to the Steering Committee otherwise agree, either Party may pursue its rights and remedies under the Agreement after the earlier of (a) the occurrence of such meeting or telephone conversation of the Parties’ designees to the Steering Committee and (b) the date 20 days after the Dispute Date.

9.5 Arbitration. If a dispute cannot be resolved as provided in Section 9.4, either Party may submit the dispute to arbitration as described in this Section 9.5.

(a)		If either Party opts for resolution of the dispute through arbitration, it will, at the end of the 20 day period indicated in Section 9.4, indicate the same by written notice to the other Party. The Parties may, upon mutual written agreement, submit the dispute for binding arbitration to a single arbitrator. If the Parties fail to reach an agreement on the single arbitrator then the dispute shall be referred to arbitration by a panel of three arbitrators, each Party nominating one arbitrator and the arbitrators nominating the umpire. Such arbitrators shall be competent in any technical, employment law or other issues involved in the dispute. The arbitration shall be conducted in accordance with the Rules of the American Arbitration Association in effect at the time of arbitration, except as they may be modified herein or by mutual consent of the Parties. The location of the arbitration shall be New York, USA.

(b)		The Parties agree to exclude the application of the United Nations Convention on Contracts for the International Sale of Goods (1980). In addition, the Parties mutually acknowledge and agree that this Agreement relates solely to the performance of services (not the sale of goods) and, accordingly, shall not be governed by the Uniform Commercial Code of any state having or claiming jurisdiction. The arbitral award shall be in writing, state the reasons for the award, and be final and binding on the Parties. The award may include an award of costs, including reasonable attorneys’ fees and disbursements.

ARTICLE 10
FEES AND PAYMENT TERMS

10.1 Fees. In consideration for the performance of the Services, Customer shall pay to Genpact the fees set forth in the applicable Statement of Work (the “Fees”) plus taxes and other amounts described in this Agreement. The Fees applicable during any renewal of any Statement of Work shall be adjusted subject to the agreement of the Parties.

10.2 Reimbursement of Expenses. Customer shall pay or reimburse Genpact for the reasonable, documented out-of-pocket expenses (including travel and travel-related expenses) incurred by Genpact in connection with Genpact’s performance of its obligations under the Statement of Work, in accordance with the terms and conditions identified in the said Statement of Work; provided, however, that prior to incurring any such expenses, Genpact must obtain approval from Customer. Genpact shall separately identify all such reimbursable expenses in the applicable monthly invoice.

10.3 Pass-Through Costs.

(a)		Each Statement of Work shall set forth any costs relating to the Services that shall be incurred by Genpact and shall be passed through to Customer at Genpact’s actual, direct cost (i.e., with no handling fees, overhead or other markup by Genpact) for payment by Customer directly to the applicable vendor (“Pass-Through Costs”).

(b)		After Genpact’s receipt of a third-party invoice for Pass-Through Costs, Genpact shall use reasonable efforts to correct any errors therein and provide the invoice to Customer together with a statement that Genpact has reviewed the invoice and determined that either such invoice appears to be (i) correct and should be paid by Customer or (ii) incorrect and should be questioned by Customer. Genpact shall submit all such invoices to Customer for payment within a reasonable period of time prior to the applicable due date.

10.4 Inflation and Currency Adjustments. The rates identified in a Statement of Work shall be subject to adjustment for inflation and currency movements in the manner described in the relevant Statement of Work.

10.5 Invoices; Method of Payment; Finance Charges.

(a)		Genpact shall render a single consolidated invoice for each Statement of Work in arrears for each month’s charges under such Statement of Work.

(b)		Any amount due to Genpact under an invoice shall be due and payable within 30 days after Customer’s receipt of Genpact’ invoice.

(c)		All amounts to be paid to Genpact under this Agreement shall be paid in U.S. dollars by such method as is determined by the Parties. Any amount not paid when due shall bear interest from the original due date until paid at a rate equal to the lesser of (i) 1.5% per month or (ii) the maximum rate of interest allowed by law.

10.6 Proration. Periodic charges under a Statement of Work shall be computed on a calendar month basis and shall be prorated on a per diem basis for any partial month.

10.7 Taxes.

(a)

Each Party shall be responsible for (i) any personal property taxes on property it owns or leases (other than property subleased to the other Party), (ii) employment taxes of its own employees and (iii) taxes based on its net income or gross receipts.

(b)

Customer shall be responsible for sales, use, excise, value-added, services, withholding, consumption and other taxes and duties, and any interest thereon, that are assessed against either Party, on the provision of the Services (including the reimbursement of expenses). Genpact, on becoming aware, agrees to notify Customer of the possibility of such taxes.

(c)

The Parties shall reasonably cooperate with each other to more accurately determine each Party’s tax liability and to minimize such liability to the extent legally permissible. Customer and Genpact shall provide and make available to the other any resale certificates, withholding tax certificates, information regarding out-of-state sales or use of equipment, materials or services, and other exemption certificates or information reasonably requested by either Party.

ARTICLE 11
PROPRIETARY RIGHTS

11.1 Customer IP.

(a)		Customer grants to Genpact a global, royalty-free, fully paid-up, non-exclusive, non-transferable license to access, use, and display the Customer Information and Customer Systems solely to the extent necessary to provide the Services. Genpact may sublicense to Genpact Agents the said right to access, use and display the Customer Information and Customer Systems solely to provide those Services that such Genpact Agents are responsible for providing so long as such Genpact Agents agree to abide by the terms of this Agreement. The licenses in the two preceding sentences (i) shall be limited to during the Term and, solely to the extent necessary to provide Termination Assistance Services, during any Termination Assistance Period and (ii) with respect to any third party Software or Documentation, are granted solely to the extent permissible under the applicable third party agreement.

(b)		Customer shall own and have all Intellectual Property rights in and to all Customer Intellectual Property, including, without limitation, the Customer Information and Customer Systems and any modifications or enhancements thereof. To the extent that Genpact has any right, title or interest in and to such modifications or enhancements, Genpact irrevocably assigns, transfers and conveys (and shall cause Genpact Agents and the employees of Genpact and Genpact Agents, to assign, transfer and convey) to Customer without further consideration all of its (and their) right, title and interest in and to such modifications or enhancements. Genpact agrees to execute (and shall cause Genpact Agents and the employees of Genpact and Genpact Agents to execute) any

documents or take any other actions as may be necessary, or as Customer may request, to perfect Customer’s ownership in any such modifications or enhancements, at Customer’s expense. With respect to any third party Software or Documentation licensed or leased by Customer, the provisions of this Section 11.1(b) shall only apply as between Genpact and Customer.

11.2 Genpact IP.

(a)		Genpact grants to Customer a global, royalty-free, fully paid-up, non-exclusive, non-transferable license to access, use and display the Genpact Information and Genpact Systems solely for Customer’s internal use and to the extent necessary for Customer to receive the Services. The licenses granted in the preceding sentence (i) shall be limited to during the Term and, solely to the extent necessary to provide Termination Assistance Services, during any Termination Assistance Period and (ii) with respect to any third party Software or Documentation, are granted solely to the extent permissible under the applicable third party agreement.

(b)		Genpact shall own and have all Intellectual Property rights in and to modifications or enhancements of the Genpact Information and Genpact Systems. Genpact shall be free to use Genpact Intellectual Property along with any modifications or enhancements thereto for any purpose without restrictions from the Customer pursuant to this Agreement. To the extent that Customer has any right, title or interest in and to such modifications or enhancements, Customer irrevocably assigns, transfers and conveys (and shall cause Customer Agents and the employees of Customer and Customer Agents to assign, transfer and convey) to Genpact without further consideration all of its (and their) right, title and interest in and to such modifications or enhancements. Customer agrees to execute (and shall cause Customer Agents, and the employees of Customer and Customer Agents, to execute) any documents or take any other actions as may be necessary, or as Genpact may request, to perfect Genpact’ ownership in any such modifications or enhancements, at Genpact’ expense. With respect to any third party Software or Documentation licensed or leased by Genpact, the provisions of this Section 11.2(b) shall only apply as between Customer and Genpact.

11.3 Developed Work Product. Customer shall own and have all right, title and interest (including ownership of copyright) in and to any Developed Work Product or enhancement of deliverables created or developed by Genpact pursuant to performance of Services to the Customer under the relevant Statement of Work. Genpact irrevocably assigns, transfers and conveys (and shall cause Genpact Agents, and the employees of Genpact and Genpact Agents, to assign, transfer and convey) to Customer without further consideration all of its (and their) right, title and interest (including ownership of copyright) in and to all Developed Work Product. Genpact acknowledges (and shall cause Genpact Agents, and the employees of Genpact and Genpact Agents, to acknowledge) that Customer shall have the right to obtain and hold in its own name any copyrights in and to the Developed Work Product. Genpact agrees to execute (and shall cause Genpact Agents, and the employees of Genpact and Genpact Agents to execute) any documents or take any other actions as may be necessary, or as the Customer may request, to perfect the ownership of Customer in the Developed Work Product, at the Customer’s expense. Notwithstanding anything to the contrary contained hereinabove, the right, title or

interest in and/or with respect to any Intellectual Property belonging to or owned by Genpact, (whether or not embedded in the Developed Work Product or deliverable created or developed during performance of the Services) will continue to belong to and be owned by Genpact and to the extent required by the Customer to use such Developed Work Product or deliverable, Genpact will provide a royalty-free and perpetual license to such Genpact Intellectual Property, limited for the purpose of enabling the Customer to receive and use the Services during the term of the Statement of Work, except however that any Customer confidential or proprietary information contained therein shall remain the exclusive property of Customer.

11.4 Residual Knowledge. Each Party is free to use any generalized ideas, concepts, know-how, or techniques that are developed or provided by the other or jointly by both Parties during the Term, so long as it does not use the Confidential Information of the other Party. Subject to the restrictions set forth herein, Genpact and Customer are free to enter into similar agreements with third parties, and to develop and provide to such third parties materials or services that are similar to those provided under this Agreement.

ARTICLE 12
CONFIDENTIALITY

12.1 Confidential Information.

(a)		Receiving Party shall treat Confidential Information with at least the same degree of care as Receiving Party uses for its own confidential information, and in any event not less than reasonable care, and shall not use, disclose, commercially exploit, duplicate, copy, transmit or otherwise disseminate or permit to be used, disclosed, commercially exploited, duplicated, copied, transmitted or otherwise disseminated such Confidential Information at any time prior to or after the termination or expiration of this Agreement, except as expressly permitted under this Agreement. Receiving Party shall use Confidential Information for the purposes authorized by this Agreement and for no other purpose. Receiving Party shall not remove any copyright notice, trademark notice or proprietary legend set forth on, or contained within, any of the Confidential Information. In no event shall Receiving Party (i) acquire any right in or assert any lien against the Confidential Information of the Disclosing Party or (ii) refuse for any reason to promptly provide the Confidential Information of the Disclosing Party to the Disclosing Party upon its request (excluding copies of such Confidential Information as may be necessary to be retained by Law or Regulatory Requirements).

(b)		In the event of any unauthorized possession, use, knowledge or disclosure of any Confidential Information, the Receiving Party shall:

(i) promptly notify the Disclosing Party;

(ii) promptly provide the Disclosing Party details thereof, and use reasonable efforts to assist the Disclosing Party in investigating or preventing the recurrence thereof;

(iii) use reasonable efforts to cooperate with the Disclosing Party in any litigation and investigation against third parties deemed necessary by the Disclosing Party to protect its proprietary rights in such Confidential Information; and

(iv) promptly use reasonable efforts to prevent a recurrence thereof.

12.2 Disclosure to Employees and other Parties. Receiving Party shall disclose Confidential Information to employees, independent contractors, subcontractors, attorneys, accountants and investment advisors only to the extent such persons have a need to know such Confidential Information for the purposes described in this Agreement, and provided (a) each such person shall be obligated to comply with the terms and conditions of this Agreement and each such person shall either be legally bound to comply with the terms and conditions of this Agreement or so obligated in writing and such obligations continue even in the event such persons leave the employ of, or no longer provide services to, Receiving Party, (b) Receiving Party shall take all reasonable measures to ensure that Confidential Information of the Disclosing Party is not disclosed or duplicated in contravention of the provisions of this Agreement by such officers, agents, subcontractors and employees and (c) the Receiving Party shall assume full responsibility for the acts or omissions of the third Party receiving the Confidential Information.

12.3 Exceptions.

(a)		The obligations set forth in this Article shall not apply to information which (i) is or becomes publicly available through no improper action of the Receiving Party, (ii) is in the Receiving Party’s possession independent of its relationship with the Disclosing Party without an obligation of confidentiality, (iii) is independently developed by the Receiving Party without use of any Confidential Information or (iv) is obtained rightfully from a third party without an obligation of confidentiality.

(b)		This Article shall not restrict any disclosure by the Receiving Party (i) pursuant to Law, Regulatory Requirements or the order of any court or Governmental Authority or (ii) if the Receiving Party, in its judgment, determines that any such disclosure is necessary in order to comply with or avoid violation of any request by a regulatory authority, provided that Receiving Party gives prompt notice to the Disclosing Party of such order such that Disclosing Party may (1) interpose an objection to such disclosure, (2) take action to assure confidential handling of the Confidential Information or (3) take such other action as it deems appropriate to protect the Confidential Information.

12.4 Return of Confidential Information. Upon termination or expiration of this Agreement or a Statement of Work, or upon Disclosing Party’s earlier request, Receiving Party shall promptly deliver to Disclosing Party all (or for a Statement of Work, all applicable) Confidential Information and shall purge any such Confidential Information from all computer and other data storage systems, and certify to the Disclosing Party in writing that it has done so; provided, however, that Receiving Party shall not be required to return or purge any Confidential Information that it is required to retain pursuant to Law or Regulatory Requirement. Additionally, either Party’s legal department may retain one copy of the Confidential Information, in its confidential files for archival purposes only, for a period of three (3) years after termination or expiration of this Agreement, subject in all respects to the terms and conditions of this Agreement.

12.5 Injunctive Relief. Each of the Parties (a) acknowledges that any use or disclosure of Confidential Information in violation of this Agreement may cause irreparable

injury to the Disclosing Party for which other remedies at law would be inadequate and (b) agrees that a Disclosing Party shall have the right to seek injunctive or other equitable relief as may be necessary or appropriate to prevent any use or disclosure of the Confidential Information in violation of this Agreement.

ARTICLE 13
CUSTOMER INFORMATION

Genpact acknowledges that as between Genpact and Customer, all Customer Information shall be considered proprietary information of Customer and all right, title and interest in the Customer Information shall be owned by Customer. Genpact shall use Customer Information solely in connection with performing its obligations under this Agreement.

ARTICLE 14
DATA SECURITY

Genpact shall implement and maintain the security safeguards and standards as set forth in Exhibit 5 of this Agreement and the Information Security Addendum attached hereto as Exhibit 7 and to the extent further set forth in any relevant Statement of Work. Genpact shall forthwith notify Customer of any breach of security relating to Customer Data.

ARTICLE 15
REPRESENTATIONS AND WARRANTIES

15.1 Genpact Representations and Warranties. Genpact hereby represents and warrants to Customer that:

(a)		it is an entity validly existing and in good standing under laws of the State of Delaware;

(b)		it has all requisite corporate power and authority to execute, deliver and perform its obligations under this Agreement;

(c)		it is duly licensed, authorized or qualified to do business and is in good standing in every jurisdiction in which a license, authorization or qualification is required for the ownership or leasing of its assets or the transaction of business of the character transacted by it except where the failure to be so licensed, authorized or qualified would not have a material adverse effect on Genpact’s ability to fulfill its obligations under this Agreement; and

(d)		all Services shall be performed in a good, timely professional and workman-like manner in accordance with terms and conditions of this Agreement as applicable to the Services.

15.2 Customer Representations and Warranties. Customer hereby represents and warrants to Genpact that:

(a)

it is an entity validly existing and in good standing under laws of the State of Delaware;

(b)

it has all requisite corporate power and authority to execute, deliver and perform its obligations under this Agreement; and

(c)

it is duly licensed, authorized or qualified to do business and is in good standing in every jurisdiction in which a license, authorization or qualification is required for the ownership or leasing of its assets or the transaction of business of the character transacted by it except where the failure to be so licensed, authorized or qualified would not have a material adverse effect on Customer’s ability to fulfill its obligations under this Agreement.

15.3 No Other Warranties. EXCEPT AS EXPRESSLY PROVIDED HEREIN, NEITHER PARTY MAKES ANY REPRESENTATION OR WARRANTY EXPRESS OR IMPLIED, AS TO THE SERVICES OR ANY SOFTWARE, EQUIPMENT OR SYSTEMS, INCLUDING WITHOUT LIMITATION, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ARISING FROM COURSE OF PERFORMANCE OR COURSE OF DEALING, OR THAT THE SERVICES SHALL BE PROVIDED ERROR-FREE OR UNINTERRUPTED. GENPACT MAKES NO REPRESENTATION OR WARRANTY WITH RESPECT TO, AND SHALL NOT BE RESPONSIBLE OR LIABLE FOR ANY OF THE CONTENT OF ANY DATA PROVIDED BY CUSTOMER OR CUSTOMER’S REPRESENTATIVES.

ARTICLE 16
COVENANTS

16.1 Genpact Covenants. Genpact covenants that:

(a)

Genpact shall be responsible to comply with all laws and regulations applicable to (i) its business, (ii) its performance of the Services, and (iii) the employment of Project Staff (collectively, the “Genpact Laws”) such that their obligation to perform Services to the Customer is not adversely affected. Customer shall notify Genpact of any Customer Laws and any changes thereto that would be reasonably likely to have any material adverse impact on Genpact’s ability to perform the Services.; and

(b)

Genpact shall not reverse-engineer, decompile, disassemble, or otherwise use any part of the Customer Systems to which it is given access in connection with this Agreement, nor shall Genpact access or generate corresponding higher level code, access the logic intrinsic thereto, or aid, abide or permit another to do so.

(c)

(i) Genpact shall, at its own cost and expense, annually provide Customer a SAS 70 Type II audit report in accordance with the American Institute of Certified Public Accountants (“AICPA”) Statement on Auditing Standards Number 70 (“SAS 70”) for “Genpact General Environment Controls” (e.g., IT, Physical Security, Hiring, Training) that support customer service delivery in relation to its facilities from which the Services are provided, over a review period of six (6) months, no later than December 31 of each calendar year during the Term. All such audits shall be conducted by an independent audit firm.

With respect to facilities as detailed in the Statement of Work for performance of the Services by Genpact, the reports will be in accordance with as stated below:

	•		The SAS 70 Type II audit reports for the Philippines sites for the calendar year 2009 shall be made available on or before October 31, 2009.

	•		A SAS 70 Type I audit report for the Guatemala site shall be made available on or before September 30, 2009. Genpact commits to providing a SAS 70 Type II audit report for Guatemala by September 2010.

(ii) Process SAS 70 Audits apart from the above mentioned, if required by Customer, will be at Customer’s cost and expense.

(iii) Genpact shall issue their first audit reports (for the audits described in this Section 16.1(c)(i)) in calendar year 2009. Genpact shall promptly deliver all such audit reports to Customer as they are made available to Genpact. These audit reports delivered to Customer shall be complete and not merely summaries. Further, in case of deficiencies or problems being identified in the reports, Genpact shall prepare and implement a corrective action plan to correct such deficiencies or resolve any problems so identified.

16.2 Customer Covenants. Customer covenants that:

(a)

Customer shall be responsible to comply with the “Customer Laws” which means all laws and regulations applicable to (i) Customer’s receipt and use of the Services (other than Genpact Laws) and (ii) the Customer’s business; and

(b)

Customer shall not reverse-engineer, decompile, disassemble, or otherwise use any part of the Genpact Systems to which it is given access in connection with this Agreement, nor shall Customer access or generate corresponding higher level code, access the logic intrinsic thereto, or aid, abide or permit another to do so.

ARTICLE 17
TERMINATION

17.1 Termination for Cause.

(a)

Either Party shall have the right to terminate this Agreement in the event the other Party is in material breach of any representation, warranty, covenant or obligation under this Agreement or a Statement of Work and such defaulting-Party does not cure such breach within thirty (30) days of receipt of a notice of the breach.

(b)

Either Party shall have the immediate right to terminate this Agreement upon written notice in the event that the other Party violates any Laws resulting in either Party’s inability to continue performance of its obligations under this Agreement.

17.2 Termination for Insolvency. If a Party becomes Insolvent and such Insolvent Party does not cease to be Insolvent within 30 days of receipt of notice from the other Party

pursuant to this Section, then the other Party may, by giving notice to such insolvent Party, terminate this Agreement and all of the Statements of Work as of the date specified in such notice of termination.

17.3 Termination Assistance Services. Commencing at the later of (i) six months prior to the scheduled expiration date of a Statement of Work and (ii) the delivery of any notice of termination or non-renewal of such Statement of Work (or such other date as agreed by the Parties), and continuing until the effective date of such expiration or termination (the “Termination Assistance Period”), Genpact shall provide to Customer, such reasonable cooperation, assistance and services as specified in the Statement of Work (the “Termination Assistance Services”). Genpact shall be relieved from a failure to meet the Service Levels during the Termination Assistance Period only to the extent that such failure is the result of the transition of applicable Services from Genpact. Customer, its employees and its agents shall cooperate in good faith with Genpact in connection with Genpact’s obligations under this Section 17.3. Termination Assistance Services shall be provided by Genpact on a time and materials basis and at the fees set forth in the applicable Statement of Work (the “Termination Assistance Fees”). The Customer agrees that where the Customer fails to pay the undisputed service charges when due or where it has breached any regulatory requirements resulting in Genpact’s inability to perform the Services, Genpact shall provide the termination assistance services only after curing of the breach by the Customer.

Genpact agrees to maintain continuity of service of the personnel and equipment dedicated for performance of the Services during the Termination Assistance Period in accordance with the termination assistance plan except for any termination of employment due to illness, death or causes beyond the control of Genpact.

ARTICLE 18
INDEMNIFICATION

18.1 By Genpact. Genpact shall indemnify, defend and hold harmless Customer and its officers, directors and employees from and against any Losses arising out of, or relating to, any Claim against Customer by a third party:

(a)

that any Developed Work Product created by Genpact, Genpact Information, the Genpact Systems or other resources or items (or the access or other rights thereto) provided by Genpact to Customer pursuant to this Agreement infringes the Intellectual Property rights of that third party (except to the extent such infringement is caused by (i) a modification or enhancement, or misuse, by Customer, (ii) failure by Customer to use new or corrected versions of such Developed Work Product, Genpact Information, the Genpact Systems or other resources or items, provided that Customer is notified that use of such new or correct version is necessary to avoid infringement, (iii) the combination, operation or use by Customer with products or information not furnished or authorized by Genpact or (iv) information, directions, specifications or materials provided by Customer);

(b)

for any intentional misconduct or fraud of Genpact or Genpact Agents in connection with this Agreement;

(c)

regarding the unauthorized or fraudulent application for, access to or use of Customer’s customer data by any person, to the extent such unauthorized act is caused by the gross negligence or intentional misconduct of Genpact or Genpact Agents;

(d)

related to any acts of Genpact which do not comply with Laws; or

(e)

relating to any amounts, including taxes, interest and penalties assessed against Customer that are the obligations of Genpact pursuant to Section 10.7.

18.2 By Customer. Customer shall indemnify, defend and hold harmless Genpact and its officers, directors and employees from and against any Losses arising out of, or relating to, any Claim against Genpact by a third party:

(a)

that any Developed Work Product created by Customer, Customer Information, the Customer Systems or other resources or items (or the access or other rights thereto) provided by Customer to Genpact pursuant to this Agreement infringes the Intellectual Property rights of that third party (except to the extent such infringement is caused by (i) a modification or enhancement, or misuse, by Genpact, (ii) failure by Genpact to use new or corrected versions of such Customer Information, Customer Systems or other resources or items provided by Genpact, provided that Genpact is notified that use of such new or correct version is necessary to avoid infringement, (iii) the combination, operation or use by Genpact with products or information not furnished or authorized by Customer or (iv) information, directions, specifications or materials provided by Genpact;

(b)

for (i) bodily injury, illness or death or (ii) damages to any tangible personal or real property, in each case, resulting from the negligent or willful acts or omissions of Customer or Customer Agents in connection with this Agreement;

(c)

relating to any amounts, including taxes, interest and penalties assessed against Genpact that are the obligations of Customer pursuant to Section 10.7;

(d)

Non-compliance with Law related to the receipt and use of the Services by any act of Customer; or

(e)

for any intentional misconduct or fraud of Customer or Customer Agents in connection with this Agreement.

18.3 Obligation to Replace. If any resource or item (or the access or rights thereto) provided by a Party pursuant to this Agreement is, or in such Party’s reasonable judgment is likely to become, the subject of an infringement Claim, the providing Party, at its expense (and in addition to any indemnification obligation) shall use reasonable efforts to procure for the other Party the right to use and continue using such resource or item or replace it with a non-infringing equivalent or modify it to make its use non-infringing; provided, however, that any such replacement or modification does not result in a degradation of the performance or quality of the resource or item. If such procurement or replacement is not available on commercially reasonable terms in the providing Party’s reasonable judgment, the providing Party shall so notify the other Party, whereupon the other Party shall cease to use such resource or item and return it to the providing Party and the Parties shall equitably adjust the applicable Fees

accordingly. In such event, the Parties shall seek to establish acceptable alternative arrangements and to make any appropriate adjustments to their respective obligations under this Agreement though the execution of a Change Order.

18.4 Indemnification Procedures. If any Claim is commenced against a Party entitled to indemnification under Section 18.1 or Section 18.2 (an “Indemnified Party”), notice thereof shall be given to the entity that is obligated to provide indemnification (the “Indemnifying Party”) as promptly as practicable but in no event less than 20 days prior to the date on which the response to such Claim is due (or immediately, if less than 20 days). After such notice, if the Indemnifying Party acknowledges that this Agreement applies with respect to such Claim, then the Indemnifying Party shall be entitled, if it so elects, in a notice delivered to the Indemnified Party not less than 10 days prior to the date on which a response to such Claim is due (or immediately, if less than 10 days), to immediately take control of the defense and investigation of such Claim and to employ and engage attorneys acceptable to the Indemnified Party to handle and defend the same, at the Indemnifying Party’s expense. The Indemnified Party shall cooperate in all reasonable respects with the Indemnifying Party and its attorneys in the investigation, trial and defense of such Claim and any appeal arising therefrom; provided, however, that the Indemnified Party may, at its own expense, participate (through its attorneys or otherwise) in such investigation, trial and defense of such Claim and any appeal arising therefrom but shall have no power to settle such Claim without the prior consent of the Indemnifying Party. No settlement of a Claim that involves a remedy other than the payment of money by the Indemnifying Party shall be entered into without the consent of the Indemnified Party. After notice by the Indemnifying Party to the Indemnified Party of its election to assume full control of the defense of any such Claim, the Indemnifying Party shall not be liable to the Indemnified Party for any legal expenses incurred thereafter by such Indemnified Party in connection with the defense of that Claim. If the Indemnifying Party does not assume full control over the defense of a Claim subject to such defense as provided in this Section, the Indemnifying Party may participate in such defense, at its expense, and the Indemnified Party shall have the right to defend the Claim in such manner as it may deem appropriate, at the expense of the Indemnifying Party.

18.5 Indemnification Notice. Any Claim by either Party for indemnification under this Agreement must be made prior to the earlier of three years after such Party becomes aware of the event for which indemnification is claimed or three years after the termination or expiration of this Agreement.

18.6 Mitigation Efforts. Both Genpact and Customer agree to use reasonable efforts to mitigate their own, as well as each other’s Losses suffered in connection with this Agreement (including where any Losses can be mitigated by lawfully pursuing recovery from third parties) and each of Genpact and Customer shall conduct or permit reasonable diligent efforts to so recover.

ARTICLE 19
LIMITATION OF LIABILITY

19.1 Direct Damages.

(a)		The aggregate liability of each Party to the other Party for any Losses in any rolling twelve month period, whether based upon Claim in contract, tort (including negligence), misrepresentation, equity or otherwise shall not exceed in aggregate an amount equal to the [^*] under the [^] during the [^] immediately [^] the most [^] to [^] (or if [^] occurs in the [^] of the [^] of [^], the amount equal to [^] the [^], provided that in the case of any [^] whose [^] is [^], the amount equal to [^]), less any [^] to the [^] under [^] in the said [^*].

(b)		The limitation of liability set forth in Section 19.1 shall not apply to (i) [^*] of [^] under [^] to [^], (ii) the obligations of [^] in [^], (iii) the obligations of [^] in [^], (iv) the obligations of [^] in [^], or (v) the [^] of [^] to [^] or [^] under any [^**].

19.2 Consequential Damages. Neither Party shall be liable for, nor shall the measure of damages include, any indirect, incidental, special, punitive or consequential damages or amounts for loss of income, profits or savings arising out of, or relating to, its performance or failure to perform under this Agreement.

19.3 Contractual Limitation of Action. Neither Party may assert against the other Party any Claim in connection with this Agreement unless the asserting Party has given the other Party notice of the claim within [^***] after the asserting Party first knew, or reasonably should have known, of the underlying facts giving rise to such claim.

19.4 Recourse. Each Party shall look only to the corporate or firm assets of the other Party in connection with any Losses hereunder and in no event shall a Party have any claim against any shareholder, partner or holder of an ownership interest in the other Party in connection with this Agreement.

ARTICLE 20
MISCELLANEOUS

20.1 Notices. All notices, consents, requests, demands and other communications hereunder shall be in writing and shall be deemed to have been duly given or delivered if (a) delivered personally, (b) five days after mailed postage prepaid by certified mail, return receipt requested, with proper postage prepaid, (c) delivered by facsimile if a confirmation copy is immediately mailed by the sender postage prepaid by certified mail, return receipt requested as provided in (b) above or (d) delivered by recognized courier contracting for same day or next day delivery:


^***		Confidential material redacted and filed separately with the Commission

To Genpact:

Genpact International, Inc.

1251 Avenue of Americas 41st Floor

New York, NY 10020

Attn.: General Counsel

Fax: 646-823-0469

To Customer:

Green Dot Corporation
605 East Huntington Dr., Suite 205
Monrovia, California 91016
Attn: Steven Streit, CEO
Fax: 626-739-3704

With a copy to:

Green Dot Corporation
605 East Huntington Dr., Suite 205
Monrovia, California 91016
Attn: General Counsel
Fax: 626-739-2002

or at such other address as the Parties hereto shall have last designated by notice to the other Parties. Any item delivered personally or by recognized courier contracting for same day or next day delivery shall be deemed delivered on the date of delivery. Facsimile deliveries shall be deemed delivered on the date of transmission by the sender provided sender has evidence of successful transmission and receipt. Any item mailed shall be deemed to have been delivered on the date evidenced on the return receipt.

20.2 Assignment, Binding Effect. Neither this Agreement, nor the rights or obligations of either Party under this Agreement, may be transferred or assigned by either Party without the prior consent of the other Party; provided, however, that in the event of a change of control of the Party, no such consent shall be necessary. Any attempt to assign this Agreement other than as set forth in this Section. This Agreement shall be binding on the Parties and their respective successors and permitted assigns.

20.3 Subcontracting. Genpact shall obtain the prior written approval of Customer prior to engaging any subcontractors (including any affiliates of Genpact) to perform Services for the Company. Notwithstanding the foregoing, Genpact shall be permitted to subcontract the performance of the Services under this Agreement to any of its Affiliates named in Exhibit 8 of this Agreement and the list will be deemed to be amended with respect to any subcontractor named in the relevant Statement of Work. Genpact shall however continue to be solely liable to the Customer for any breaches due to a default of any such subcontractor.

20.4 Force Majeure.

(a)

Neither Genpact nor Customer shall be liable to the other for any delay or non-performance of its obligations under this Agreement arising from any cause beyond its reasonable control including any act of God, governmental act, act of any regulatory authority, supervening illegality, war, malicious damage, fire, flood, explosion, power blackout, breakdown of plant or machinery, loss of utility, civil commotion, industrial dispute, acts or omissions of telecommunications or data communications operators or carriers or of any other third parties or, in relation to Genpact (to the extent not directly attributable to Genpact’ negligence), any technical or other problems affecting any operation of the Services (a “Force Majeure Event”). The affected Party shall promptly notify the other Party orally or in writing, as the circumstances warrant, of the cause and the Force Majeure Event and its likely duration. If performance is not resumed within thirty days after the Force Majeure Event, either Party may terminate all affected Statements of Work upon notice.

(b)

In the event of a Force Majeure Event, Genpact and Customer shall use reasonable efforts (including emergency fixes and workarounds) to perform its obligations under this Agreement during the period of suspension.

20.5 Counterparts. This Agreement may be executed in any number of counterparts, each of which will be deemed an original, but all of which taken together shall constitute one single agreement between the Parties.

20.6 Relationship of Parties. Nothing in this Agreement shall constitute or be deemed to constitute a relationship of employer and employee, agency, joint venture or partnership between the Parties hereto or constitute or be deemed to constitute one Party as agent of the other, for any purpose whatsoever, and except as expressly provided herein, neither Party shall have the authority or power to bind the other, or to contract in the name of or create a liability against the other, in any way or for any purpose.

20.7 Consents, Approvals and Requests. Except as specifically set forth in this Agreement, all consents and approvals to be given by either Party under this Agreement shall not be unreasonably withheld or delayed and each Party shall make only reasonable requests under this Agreement.

20.8 Good Faith and Fair Dealing. The performance of all obligations and the exercise of all rights by each Party, except where explicitly stated otherwise (e.g., use of “sole discretion”), shall be governed by the fundamental principle of good faith and fair dealing and by a commercially reasonable standard, including (for clarity) (a) the use of commercially reasonable efforts in performing obligations, (b) not unreasonably withholding or delaying any consent or approval to be given by a Party and (c) making only reasonable requests and providing reasonable notice under this Agreement.

20.9 Severability. If a court of competent jurisdiction hereof declares any provision invalid, such provision shall be ineffective only to the extent of such invalidity, so that the

remainder of that provision and all remaining provisions of this Agreement shall continue in full force and effect.

20.10 Waiver. A waiver by either of the Parties hereto of any breach by the other Party of any of the terms, provisions or conditions of this Agreement or the acquiescence of either Party hereto in any act (whether commission or omission) which but for such acquiescence would be a breach as aforesaid, shall not constitute a general waiver of such term, provision or condition of any subsequent act contrary thereto.

20.11 Remedies Cumulative. No right or remedy herein conferred upon or reserved to either Party is intended to be exclusive of any other right or remedy, and each and every right and remedy shall be cumulative and in addition to any other right or remedy under this Agreement, or under applicable Law, whether now or hereafter existing.

20.12 Entire Agreement; Amendments. This Agreement and the Exhibits hereto are incorporated herein by reference, represent the entire understanding between the Parties hereto with respect to the subject matter hereof and supersede all other written or oral agreements heretofore made by or on behalf of Genpact or Customer with respect to the subject matter hereof. No amendment to or waiver or discharge of any provision of this Agreement shall be valid unless in writing signed by the authorized representative of the Party.

20.13 Survival. The provisions of Section 9.4 (Dispute Resolution), Article 10 (Fees), Article 11 (Proprietary Rights), Article 12 (Confidentiality), Section 17.3 (Termination Assistance), Article 18 (Indemnification) Article 19 (Limitation of Liability), Section 20.13 (Survival) and Section 20.19 (Non-solicitation) shall survive any termination or expiration of this Agreement.

20.14 Third Party Beneficiaries. Except as specified in this Agreement, the Parties do not intend to create any obligations of or any rights, causes of action or benefits in favor of any person or entity other than Customer or Genpact.

20.15 Governing Law. The laws of the State of New York govern the interpretation and enforcement of this Agreement without giving effect to its conflicts of law rules.

20.16 Covenant of Further Assurances. Customer and Genpact covenant and agree that, subsequent to the execution and delivery of this Agreement and, without any additional consideration, each of Customer and Genpact shall execute and deliver any further legal instruments and perform any acts that are or may become necessary to effectuate the purposes of this Agreement.

20.17 Negotiated Terms. The Parties agree that the terms and conditions of this Agreement are the result of negotiations between the Parties and that this Agreement shall not be construed in favor of or against any Party by reason of the extent to which any Party or its professional advisors participated in the preparation of this Agreement.

20.18 Export. Customer and Genpact shall not knowingly export or re-export any personal computer system, part, technical data or sub-elements under this Agreement, directly or indirectly, to any destinations prohibited by the government of the United States of America.

The term “technical data” in this context, means such data as is defined as technical data by applicable export regulations in effect in the United States of America.

20.19 Non-solicitation. Neither Party shall solicit, offer work to, employ or contract with the other Party’s personnel during the Term and for a period of 12 months following the Term. This Section 20.19 shall not restrict the right of either Party to (a) solicit the employment of personnel of the other Party after such personnel have separated or have been separated from the service of such Party for a period of six months or more, provided that the hiring Party did not solicit such separation or (b) solicit or recruit generally in the media.

20.20 Nondisclosure of Terms. Each Party agrees for itself, its agents, and representatives that the terms of this Agreement are confidential, and neither Party shall disclose any of the terms hereof to any third Party (except for disclosure reasonably made to legal representatives and accountants) without the prior consent of the other Party or as may be required by either Party to comply with applicable Laws.

20.21 Publicity. Neither Party shall utilize the name, trademark or proprietary indicia of the other Party or any Affiliate thereof in any advertising, press releases, publicity, presentation, marketing or other materials, letters or communications, in written, oral or electronic form, without the prior consent of such other Party.

Exhibit 1
Definitions

“Account Representatives” shall mean the Customer Account Representative and Genpact Account Representative.

“Affiliate” shall mean any Person which, directly or indirectly, Controls, is Controlled by, or is under common Control with another entity. The foregoing definition includes any entity that conforms to the definition as of the Effective Date hereof, as well as any entity that conforms to the definition anytime after the Effective Date hereof, provided that any entity shall only be deemed to be an Affiliate hereunder for such period of time that it conforms to the definition during the Term.

“Agreement” shall mean this Services Agreement by and between Customer and Genpact and all exhibits and attachments thereto.

“Change Assessment” shall have the meaning set forth in Section 6(b).

“Change Control Procedures” shall have the meaning set forth in Section 6(a).

“Change Order Proposal” shall have the meaning set forth in Section 6(b).

“Change Order” shall have the meaning set forth in Section 6(d).

“Change” shall have the meaning set forth in Section 6(a).

“Claim” shall mean any civil, criminal, administrative, arbitral or investigative action, suit or proceeding.

“Confidential Information” shall mean Genpact Confidential Information and/or Customer Confidential Information, as the case may be.

“Control” shall mean the possession, directly or indirectly, of the power to direct or cause the direction of the management and policies of an entity, whether through record or beneficial ownership of voting securities, by contract, or otherwise.

“Customer Account Representative” shall have the meaning set forth in Section 9.2.

“Customer Agents” shall mean the agents, subcontractors and representatives of Customer, other than Genpact and Genpact Agents.

“Customer Confidential Information” shall mean (a) any information of Customer not generally known to the public (i) which Customer marks as, or claims to Genpact to be, trade secret information, (ii) which is recognizable by its nature to be a trade secret or proprietary or (iii) which Genpact knows to be its trade secret or proprietary information, including Customer Systems, Customer Data, customer lists, customer personal information, any other trade secrets or proprietary information concerning Customer, its sales, personnel or accounting procedures, accounts, operations, devices, techniques, methods, business plans, Software (regardless of its

state of completion or form of recordation), data processing programs, data bases, models, product proposals, internally devised technology, system or network architecture or topology, secret processes, products, capacities, systems, security practices, research, development, machines, inventions, and research projects, and other means used by Customer in the provision of services to customers and in the conduct of business, whether developed, acquired or compiled by Customer and (b) Customer’s product proposals, financial information, data, source or object code, documentation, manuals, studies, customer and product development plans and any other materials or information based thereon and information regarding Customer, Customer’s businesses plans, policies, procedures, and products.

“Customer Data” shall mean all data and information submitted to Genpact by or on behalf of Customer or other data and information of Customer to which Genpact has access in connection with the provision of the Services, including, but not limited to, any data received from and relating to any customer of Customer.

“Customer Information” shall mean the Customer Data and other information provided to Genpact by Customer pursuant to this Agreement.

“Customer Obligations” shall have the meaning set forth in Section 4.7.

“Customer Service Location(s)” shall mean any Customer service location set forth in the relevant Statement of Work or any other service location owned or leased by Customer.

“Customer Systems” shall mean the computer systems and networks, Software and Documentation owned, licensed or leased by Customer (other than pursuant to Section 11.2) which Genpact is required to access or use in connection with providing the Services.

“Customer Transition Obligations” shall have the meaning set forth in Section 3.1(b).

“Customer” shall mean Green Dot Corporation.

“Deliverables” shall mean the final output to be delivered by Genpact to the Customer under any Statement of Work.

“Developed Work Product” shall mean any work product or other item developed in the course of performance of the Services under this Agreement and is an original, non-derivative work.

“Disclosing Party” shall mean the Party furnishing its Confidential Information to the other Party.

“Dispute Date” shall have the meaning set forth in Section 9.4.

“Documentation” shall mean literary works, including manuals, training materials and documentation.

“Effective Date” shall have the meaning set forth in the Title clause of this Agreement.

“Equipment” shall mean the hardware, machines, and other equipment owned or leased by Genpact and used by Genpact to perform the Services.

“Fees” shall have the meaning set forth in Section 10.1.

“Force Majeure Event” shall have the meaning set forth in Section 20.4.

“Genpact Account Representative” shall have the meaning set forth in Section 9.1.

“Genpact Agents” shall mean the agents, subcontractors and representatives of Genpact.

“Genpact Confidential Information” shall mean (a) any information of Genpact not generally known to the public (i) which Genpact marks as, or claims to Customer to be, trade secret information, (ii) which is recognizable by its nature to be a trade secret or proprietary, or (iii) which Customer knows is deemed by Genpact to be its trade secret or proprietary information, including the Genpact System, Standard Operating Procedures and any other proprietary information concerning Genpact, its sales, personnel or accounting procedures, accounts, operations, devices, techniques, methods, business plans, Software (regardless of its state of completion or form of recordation), data processing programs, data bases, models, product proposals, internally devised technology, system or network architecture or topology, secret processes, products, capacities, systems, security practices, research, development, machines, inventions, and research projects and other means used by Genpact in the provision of services to customers and in the conduct of business, whether developed, acquired or compiled by Genpact and (b) Genpact’ product proposals, financial information, data, source or object code, documentation, manuals, studies, customer and product development plans and any other materials or information based thereon and information regarding Genpact, Genpact’ businesses plans, Genpact’ other Customers, policies, procedures, and products.

“Genpact Information” shall mean the Genpact’ Documentation and other information provided to Customer pursuant to this Agreement.

“Genpact Service Location(s)” shall mean any Genpact service location set forth in the relevant Statement of Work and any other service location owned or leased by Genpact that is used to provide the Services.

“Genpact Systems” shall mean the computer systems and networks, Software and Documentation owned, licensed or leased by Genpact (other than pursuant to Section 11.1) that are used by Genpact to provide the Services.

“Genpact Transition Obligations” shall have the meaning set forth in Section 3.1.

“Genpact” shall mean Genpact International, Luxembourg, Hungarian Branch, organized under the laws of Luxembourg.

“Governmental Authority” shall mean any federal, state, municipal, local, territorial, or other governmental department, regulatory authority, judicial or administrative body, whether domestic, international or foreign.

“Immigration Laws” shall mean laws and regulations which govern the immigration and nationality in a country.

“Indemnified Party” shall have the meaning set forth in Section 18.1.

“Indemnifying Party” shall have the meaning set forth in Section 18.1.

“Insolvent” shall mean (a) becomes insolvent or is unable to pay its debts as they fall due, (b) is the subject of an order made or a resolution passed for the administration, receivership, winding-up, liquidation, rehabilitation or dissolution (otherwise than for the purpose of a solvent amalgamation or reconstruction), (c) has an administrative or other receiver, manager, examiner, trustee, liquidator, administrator, or similar officer appointed over all or any substantial part of its assets, (d) is subject to the levying of distress against any of its assets, (e) enters into or proposes any composition or arrangement with its creditors or any assignment for the benefit of creditors or indicates an intention to file for protection under Chapter 7 or Chapter 11 of the U.S. Bankruptcy Code, (f) ceases or suspends generally the payment of its debts or is unable to pay its debts, commences negotiations with all or any class of its creditors with a view to the general readjustment or rescheduling of all or any class of creditors, is the subject of any proceedings relating to reconstruction or readjustment of debts or has a moratorium declared in respect of all or any class of its debts or (g) is the subject of any events or circumstances analogous to the foregoing under the insolvency, debtor-creditor or other Laws in any applicable jurisdiction.

“Intellectual Property” means all of the following, whether protected, created or arising under the Laws of the United States or any other foreign jurisdiction: (i) patents, patent applications (along with all patents issuing thereon), statutory invention registrations, and divisions, continuations, continuations-in-part, and substitute applications of the foregoing, and any extensions, reissues, restorations and reexaminations of the foregoing, and all rights therein provided by international treaties or conventions, (ii) copyrights, mask work rights, database rights and design rights, whether or not registered, published or unpublished, and registrations and applications for registration thereof, and all rights therein whether provided by international treaties or conventions or otherwise, (iii) trade secrets, (iv) trademarks, service marks, trade names, service names, trade dress, logos and other identifiers of source, including all goodwill associated therewith and all common law rights, registrations and applications for registration thereof, and all rights therein provided by international treaties or conventions, and all reissues, extensions and renewals of any of the foregoing, (v) all rights arising from or in respect of domain names and domain name registrations and reservations, and (vi) all other applications and registrations related to any of the rights set forth in the foregoing clauses (i)-(v) above.

“Law” shall mean any declaration, decree, directive, legislative enactment, order, ordinance, regulation, rule or other binding restriction of or by any Governmental Authority.

“Losses” shall mean any and all damages, fines, penalties, deficiencies, losses, liabilities (including settlements and judgments) and expenses (including interest, court costs, reasonable fees and expenses of attorneys, accountants and other experts and professionals or other reasonable fees and expenses of litigation or other proceedings or of any Claim, default or assessment).

“Milestones” shall mean certain targets in the development of the Deliverables to be mutually agreed upon by the Customer and Genpact in any Statement of Work.

“Parties” shall mean Customer and Genpact.

“Party” shall mean either Customer or Genpact, as applicable.

“Pass-Through Costs” shall have the meaning set forth in Section 10.3.

“Person” shall mean any consumer and/or corporation, partnership or other entity located within or outside the United States and its territories.

“Project Staff” shall mean the personnel of Genpact and Genpact Agents who provide the Services.

“Receiving Party” shall mean the Party which receives Confidential Information from the other Party.

“Regulatory Requirements” shall mean the Laws to which Customer or Genpact, as applicable, is required to submit or voluntarily submits from time to time.

“Service Commencement Date” shall mean, for a Statement of Work, the date upon which Genpact begins to provide the applicable Services, as such date is set forth in the applicable Transition Plan.

“Service Levels” shall have the meaning set forth in Section 7.1.

“Services” shall mean the (a) Genpact Transition Obligations, (b) Services, and (c) Termination Assistance Services.

“Software” shall mean any applications programs, operating system software, computer software languages, utilities, other computer programs and related documentation, in whatever form or media, including the tangible media upon which such applications programs, operating system software, computer software languages, utilities, other computer programs and related documentation are recorded or printed, together with all corrections, improvements, updates and releases thereof.

“Standard Operating Procedures” shall mean a document which describes the processes and procedures applicable to the Designated Service.

“Statement of Work” shall mean an order for Services agreed to and entered into by the Parties as provided in Section 4.1 and which describes the obligations of the Parties with respect to such Services, including a description of the Services, Customer Obligations, Service Levels, assumptions, Fees, reports, disaster recovery Services, and Termination Assistance Services.

“Steering Committee” shall have the meaning set forth in Section 9.3.

“Strategic Collaboration Agreement” shall have the meaning set forth in the Recitals.


Policy Title

GENPACT PHILIPPINES HR POLICY AND PROCEDURE


NAME OF POLICY		Background Check
POLICY NUMBER
POLICY VERSION
DATE ISSUED
VALID UP TO
COVERAGE		Genpact Services LLC, Philippines
PROPOSED BY		Human Resources Team
APPROVED BY		Management Team of Genpact

PURPOSE STATEMENT

To provide guidelines for the Background check process in hiring, to ensure that an employee who is joining the organization, has his/her information verified. This information includes the Educational Qualification, Previous Employment Records, Permanent or Current Address verification and Medical Check of all employees.

DEFINITION

Background Check process is currently outsourced to three (3) vendors: Dun & Bradstreet for Band 5, CIBI for Bands 4 and up, and Intellicare for pre-employment medical check up for all bands. Background Check reports for Band 5 are done thru telephone verification for educational, residence, and previous employment check. Background check reports for bands 4 and up are done both thru telephone verification and residence visit. All pre-employment medical check ups are done upon acceptance of job offer and accomplishment of the medical check-up endorsement slip.

These guidelines are applicable to all the team members in hiring team as well as Business HR of the joining employee.

SCOPE

1. Background Check Process

2. Exception Rules & Policies

Reproduction of this

document: print out

File Name:

of this document is

Corrective Action

NOT ALLOWED

VERSION 1

Issue date

Plan

Page 1


Policy Title

3. Contents of Background Check Reports

4. Settling Discrepancies in Background Check Reports

GUIDELINES AND RESPONSBILITY

1. Background Check Process

Background Check for all bands is initiated upon acceptance of job offer and accomplishment of the Educational and Employment Authorization Letters. All employee verification should be completed within 7 to 14 working days upon initiation of background check and before they are onboarded.

2. Exception Rules and Policies

With effect from 23rd of October 2007, selected and qualified candidates will only be onboarded once the result of theh background check is positive and complete. Hiring team will seek approval to onboard those employees whose background check is under progress.

	a.		No Background check needs to be done for employee movements and promotions within Genpact. The process applies to new joinees only.

	b.		Employment should be verified for last 3 years or last 3 employents whichever is longer.

	c.		Vendor should not disclose Genpact name unless specifically asked.

	d.		The necessary documentation is presented to Business HR for appropriate managerial decision.

	e.		The personnel are deputed for client operations only after they successfully clear the background checks effective 23rd of October 2007.

	f.		All exceptions to background check policy can be approved by Business HR in consultation with the Service Delivery Leader (SDL).

3. Contents of Background Check Reports

Background Check Reports of Band 5 contains the following:

	•		Previous Employment Verification

	•		Educational Verification

	•		Residence Check

	•		Court Listing

	•		Credit Card Investigation


Policy Title

Background Check Reports of Band 4 and up contains the following:

	•		Previous Employment Verification

	•		Educational Verification

	•		Residence & Neighborhood Check

	•		Court Listing

	•		Credit Card Investigation

	•		Terrorist/Possible Terrorist Listing

	•		Character Reference Check

4. In case of discrepancy or negative background check report of employee, hiring team will present and forward the report to the Employee Relations Manager to have a discussion and/or require additional documents from employee that will justify/validate the result of the background check. Any case that will require a decision or approval from management will be presented to Business HR for appropriate managerial decision or sanction.

IMPLEMENTATION:

This document is for the exclusive use of Genpact LLC Services ((Philippines Office) management and staff. It contains Company Confidential information. Any form of reproduction and/or external circulation in whatever form will be subject to the appropriate action


*Document version*		*Version 1*
*Date of Release*
*Date last edited*


Policy Title

GENPACT GUATEMALA HR POLICY AND PROCEDURE


NAME OF POLICY		Background Check Policy
POLICY VERSION		1
DATE ISSUED		June 1, 2008
VALID UP TO		Next Policy version is implemented
COVERAGE		Genpact Services Guatemala
PREPARED BY		Suzzette Santos
APPROVED BY		Nitin Bhat

PURPOSE STATEMENT

DEFINITION

Background Check process is currently outsourced to vendor: ISP for Bands 5 and up, and for Drug screen check up for all bands. Background Check reports for Band 5 are done thru telephone verification for educational, residence, and previous employment check. Background check reports for bands 4 and up are done both thru telephone verification also.

These guidelines are applicable to all the team members in hiring team as well as Business HR of the joining employee.

SCOPE

1. Background Check Process

2. Exception Rules & Policies

3. Contents of Background Check Reports

4. Settling Discrepancies in Background Check Reports

Genpact Internal Classification


Policy Title

GUIDELINES AND RESPONSIBILITY

1. Background Check Process

Background Check for all bands is initiated upon acceptance of job offer and accomplishment of the Authorization Letters from the candidate to initiate Background investigation. All employee verification should be completed within 15 working days upon initiation of background check and before they are onboarded.

2. Exception Rules and Policies

The selected and qualified candidates will only be onboarded once the result of their background check is positive and complete including the Drug Screen. Hiring team will seek approval from HR Leader in consultation with SDL to onboard those employees whose background check is under progress.

	a.		No Background check needs to be done for employee movements and promotions within Genpact. The process applies to new joinees only.

	b.		Employment should be verified for last 3 years or last 3 employments whichever is longer.

	c.		Vendor should not disclose Genpact name unless specifically asked.

	d.		The necessary documentation is presented to Business HR for appropriate managerial decision.

	e.		In the event that a band 4 candidate’s Background check is completed only partially, the candidate needs to present supporting original documents and submit photocopy of the same( for sections that could not be verified by the Background check vendor ) at the time of On boarding. In the absence of these supporting documents — the band 4 and up candidates would not be onboarded.

All exceptions to background check policy can be approved by Business HR in consultation with the Service Delivery Leader (SDL).

3. Contents of Background Check Reports

	a.		Background Check Reports of Band 5 contains the following:

	Grade A (mandatory check)

	•		Previous Employment Verification

	•		Court Listing

Grade B

	•		Educational Verification

	•		Credit Card Investigation


Policy Title

b. Background Check Reports of Band 4 and up contains the following:

	•		Previous Employment Verification

	•		Educational Verification

	•		Court Listing

	•		Credit Card Investigation

	•		Multi-Jurisdictional database search

This document is for the exclusive use of Genpact Guatemala Office management and staff. It contains Company Confidential information. Any form of reproduction and/or external circulation in whatever form will be subject to the appropriate action

Genpact Internal Classification

Security Model ISO 27001 / BS7799 Certified

Confidentiality Ensuring that information is accessible only

to those authorized to have access Integrity

Safeguarding the accuracy and completeness of information and processing methods. Availability

Ensuring that authorized users have access to information and associated assets when required.

Plan—Do—Check—Act Methodology 11 Domains of ISO 27001 / BS7799

Establish and design ISMS Plan

Improve ISMS

Act Do

Implement & operate the

ISMS Check

Monitor & Review ISMS

Legal Compliance Incident Response Management

Business Continuity and Management System Development and Maintenance

Access Control Communication and Operations Management

Physical and Environmental Security Personnel Security

Asset Classification and Control Information Security Organization

Information Security Policy

Information Security Framework Confidentiality — Integrity — Availability

Controls Verticals

Preventive Detective

Corrective People

Security awareness — Global Information security council — Employee Background Check – Non Disclosure Agreement

Demilitarized zone Firewall Event Correlation, Remote Vulnerability Closure Anti Virus/Spam VPN

Vulnerabillty Scan Network Access Control Encryption Network Intrusion Detection

System Challenge Response Token Single Sign on Intrusion Prevention System Forensic / Investigation tool

Authentication / Authorization / Accountabillity service Technology

Processes Hardening Guidelines Access Control Audits Log Review Incident Response Procedure

Change Management Code Review Pen Test Metrics Risk Mitigation Information security policy ISMS

Vulnerability Assessment Process Reengineering

Application Tollgate Review Risk Assessment Implement New Technology Genpact Information Security Policy

Risk Assessment Technology Usage Threats to Business • Customer Requirements

• BS7799 / SOX • Regulatory Requirements

Genpact Information Security Management System Security Vision

Management Commitment

Classify Documents Public

• Non-sensitive information available to public. Example: Press releases, company advertising

• Impact of unauthorized disclosure: No harm Internal

• Information that belongs to the company. Example: Company organizational charts, telephone directories

• Impact of unauthorized disclosure: Limited harm Confidential

• Information that is sensitive or confidential for the company. Example: Cost or pricing information, EMS data

• Impact of unauthorized disclosure: Significant harm Restricted

• Extremely sensitive or private information. Example: Merger-/acquisition-related information, strategic plans

• Impact of unauthorized disclosure: Severe harm

User Access Controls Centralize registration & de-registration procedure

Genpact applications and systems are Single Sign On (SSO) enabled — Sun Identity Management Privileges are allocated to individuals on a need-to-use basis through authorization process

Removable Media Management Controls Hard disks & Magnetic tapes are sanitized using Kill disk

Floppy disks and CD’s physically destroyed using industrial shredders Use of Floppy, DVD, CD writers and USB are prohibited to prevent data leakage. Exceptions have to be approved by Info Sec team

Personal hardware (eg. mobile phones, PDA’s) not allowed to connect to Genpact computing environment unless explicitly permitted

Where sensitive information is required to be sent, special controls considered eg. use of locked and sealed containers, digital signatures 1 encryption, hand delivery etc.

Application Security Review Process

Toll Gate reviews for home grown Applications

Information Security participates from Analysis phase of SDLC

Three Toll Gate reviews done by Information Security...

• Analysis Toll gate review

• Design Toll gate review

• UAT Toll gate review

NPI CONCEPTUALIZE ARCHITECT BWLD Test DEPLOY

DFSS DFINE MESSAGE Design OPTIMIZE VERIFY

NSI CONCEPT DEFINE DEVELOPMENT Test LUNCH

First Tollgate Second Tollgate Third Tollgate

Reviews for other Applications

Any new Application or tool inducted / deployed in Gepact IT environment is to be reviewed b Information security

NPI — New product Identification

DFSS — Design for Six Sigma

NSI — sigma Institute

Incident Response Procedure

Methodology

•incident Response Team consists of cross functional team across Genpact ‘Incident Command Center equipped with necessary equipment to manage critical incidents

‘Employees are communicated through various channels on how to report a security incident

Any violation of organizational security policies and procedures by employees is subjected to a formal disciplinary process involving Human Resources (HR) and Legal departments.

Incident Classification

Type

Criteria

Action

Security SEV 1

High Priority

High Impact

Material impairment to a mission critical site or application; Breach of security with adverse impact to Genpact, its Customers, employees, stockholders, business partners

Containment

Security SEV 2

Medium Priority

Medium Impact

Cross business network/system degradation

Containment

Security SEV 3

Low Priority

Low Impact

Isolated system(s) degradation, policy violations; No network impact

Known remediation

Remediation

Preparation/ identification’ Containment Eradication

•Security Policy \.Alerting Tools \‘On-site Team ‘RCA

>.CIRT & Procedure) Event Analysis Control problem Vulnerability Analysis

‘Training / • Classification /‘Evidence collection ‘Gap Analysis

•Communication •Notification •Treatment/Actio

•Sanitary Check Recommendations

Recovery

•Restoration) Reporting

•Monitoring •Improvement 1

•Record keeping/


		INFORMATION SECURITY POLICY

Documentation Information


Title:	Information Security Policy	Version No.	4.5
Created By:	Anku Batta	Date:	03/21/2007
Approved by:	AR Vijay	Date:

Version History


					Date of
Version	Version			Reviewed	Review/
Number	Date	Type of Change	Owner/Author	By	Expiry
1.0	01/21/2003	Original Release	Akhil Manchanda
2.0	06/20/2003	Synchronized with GE Corporate policies	Akhil Manchanda
2.1	11/14/2003	Minor changes in Associate and Owner definition	Akhil Manchanda
3.0	11/9/2004	Updated to reflect changes suggested in Internal audit & Gap Analysis	Girija Shankar
3.1	06/17/2005	Minor changes related to classification label and updating of links	AR Vijay
3.2	09/30/2005	Converted Gecis to Genpact	AR Vijay
3.3	11/24/2005	Minor changes related to updating of links	AR Vijay
4.0	02/22/2006	Reviewed & updated to comply with ISO: 27001	Ankur Batta	AR Vijay
4.1	03/21/2007	Incorporated Modem and Wireless LAN Guidelines	Kishore Kandalai	AR Vijay
4.2	03/21/2007	Added ISO 27001 Control in “Acceptable Usage” Section	Kishore Kandalai	AR Vijay
4.3	10/22/2007	Minor change to “Acceptable Usage” section	AR Vijay	AR Vijay
4.4	04/14/2008	Added, “Work From Home Policy” & “Blackberry Usage Guidelines”.	Abdul Wasay Mohd.	AR Vijay	Need based
4.5	09/10/2008	Added Firewall Security Guidelines	Abdul Wasay Mohd.	AR Vijay	Need based



GENPACT — Internal		Version 4.5


		INFORMATION SECURITY POLICY


1.	INFORMATION SECURITY POLICY DOCUMENT	7

	1.1 Objective	7

	1.2 Ownership and Responsibilities	7

	1.3 Policy Rules	7

	1.4 ISO 27001 Clauses/ Controls Addressed	8

	1.5 Associated Procedures/ Guidelines	8

2.	INFORMATION SECURITY ORGANIZATION STRUCTURE	9

	2.1 Objective	9

	2.2 Ownership and Responsibilities	9

	2.3 Policy Rules	9

	2.4 ISO 27001 Clauses/ Controls Addressed	10

	2.5 Associated Procedures/ Guidelines	10

3.	EXTERNAL PARTY ACCESS	11

	3.1 Objective	11

	3.2 Ownership and Responsibilities	11

	3.3 Policy Rules	11

	3.4 ISO 27001 Clauses/ Controls Addressed	12

	3.5 Associated Procedures/ Guidelines	12

4.	ASSET MANAGEMENT	13

	4.1 Objective	13

	4.2 Ownership and Responsibilities	13

	4.3 Policy Rules	13

	4.4 ISO 27001 Clauses/ Controls Addressed	14

	4.5 Associated Procedures/ Guidelines	14

5.	HUMAN RESOURCES SECURITY	15

	5.1 Objective	15

	5.2 Ownership and Responsibilities	15

	5.3 Policy Rules	15

	5.4 ISO 27001 Clauses/ Controls Addressed	15

	5.5 Associated Procedures/ Guidelines	16

6.	PHYSICAL ACCESS CONTROL	17

	6.1 Objective	17

	6.2 Ownership and Responsibilities	17



GENPACT — Internal		i Version 4.5


		INFORMATION SECURITY POLICY


	6.3 Policy Rules	17

	6.4 ISO 27001 Clauses/ Controls Addressed	17

	6.5 Associated Procedures/ Guidelines	17

7.	EQUIPMENT SECURITY	18

	7.1 Objective	18

	7.2 Ownership and Responsibilities	18

	7.3 Policy Rules	18

	7.4 ISO 27001 Clauses/ Controls Addressed	18

	7.5 Associated Procedures/ Guidelines	19

8.	MALICIOUS CODE	20

	8.1 Objective	20

	8.2 Ownership and Responsibilities	20

	8.3 Policy Rules	20

	8.4 ISO 27001 Clauses/ Controls Addressed	20

	8.5 Associated Procedures/ Guidelines	20

9.	BACKUP	21

	9.1 Objective	21

	9.2 Ownership and Responsibilities	21

	9.3 Policy Rules	21

	9.4 ISO 27001 Clauses/ Controls Addressed	21

	9.5 Associated Procedures/ Guidelines	21

10.	NETWORK SECURITY MANAGEMENT	22

	10.1 Objective	22

	10.2 Ownership and Responsibilities	22

	10.3 Policy Rules	22

	10.4 ISO 27001 Clauses/ Controls Addressed	22

	10.5 Associated Procedures/ Guidelines	23

11.	INFORMATION AND MEDIA HANDLING	24

	11.1 Objective	24

	11.2 Ownership and Responsibilities	24

	11.3 Policy Rules	24

	11.4 ISO 27001 Clauses/ Controls Addressed	24

	11.5 Associated Procedures/ Guidelines	24



GENPACT — Internal		ii Version 4.5


		INFORMATION SECURITY POLICY


12.	EMAIL SECURITY	26

	12.1 Objective	26

	12.2 Ownership and Responsibilities	26

	12.3 Policy Rules	26

	12.4 ISO 27001 Clauses/ Controls Addressed	27

	12.5 Associated Procedures/ Guidelines	27

13.	MONITORING	28

	13.1 Objective	28

	13.2 Ownership and Responsibilities	28

	13.3 Policy Rules	28

	13.4 ISO 27001 Clauses/ Controls Addressed	28

	13.5 Associated Procedures/ Guidelines	29

14.	USER ACCESS MANAGEMENT	30

	14.1 Objective	30

	14.2 Ownership and Responsibilities	30

	14.3 Policy Rules	30

	14.4 ISO 27001 Clauses/ Controls Addressed	30

	14.5 Associated Procedures/ Guidelines	31

15.	PASSWORD	32

	15.1 Objective	32

	15.2 Ownership and Responsibilities	32

	15.3 Policy Rules	32

	15.4 ISO 27001 Clauses/ Controls Addressed	32

	15.5 Associated Procedures/ Guidelines	32

16.	OPERATIONS MANAGEMENT	33

	16.1 Objective	33

	16.2 Ownership and Responsibilities	33

	16.3 Policy Rules	33

	16.4 ISO 27001 Clauses/ Controls Addressed	34

	16.5 Associated Procedures/ Guidelines	34

17.	TELEWORKING AND MOBILE COMPUTING	35

	17.1 Objective	35

	17.2 Ownership and Responsibilities	35



GENPACT — Internal		iii Version 4.5


		INFORMATION SECURITY POLICY


	17.3 Policy Rules	35

	17.4 ISO 27001 Clauses/ Controls Addressed	35

	17.5 Associated Procedures/ Guidelines	36

18.	APPLICATION DEVELOPMENT AND MANAGEMENT	37

	18.1 Objective	37

	18.2 Ownership and Responsibilities	37

	18.3 Policy Rules	37

	18.4 ISO 27001 Clauses/ Controls Addressed	37

	18.5 Associated Procedures/ Guidelines	38

19.	CRYPTOGRAPHY	39

	19.1 Objective	39

	19.2 Ownership and Responsibilities	39

	19.3 Policy Rules	39

	19.4 ISO 27001 Clauses/ Controls Addressed	39

	19.5 Associated Procedures/ Guidelines	39

20.	INCIDENT RESPONSE AND MANAGEMENT	40

	20.1 Objective	40

	20.2 Ownership and Responsibilities	40

	20.3 Policy Rules	40

	20.4 ISO 27001 Clauses/ Controls Addressed	40

	20.5 Associated Procedures/ Guidelines	40

21.	BUSINESS CONTINUITY PLANNING	42

	21.1 Objective	42

	21.2 Ownership and Responsibilities	42

	21.3 Policy Rules	42

	21.4 ISO 27001 Clauses/ Controls Addressed	42

	21.5 Associated Procedures/ Guidelines	42

22.	ACCEPTABLE USAGE	43

	22.1 Objective	43

	22.2 Ownership and Responsibilities	43

	22.3 Policy Rules	43

	22.4 ISO 27001 Clauses/ Controls Addressed	44

	22.5 Associated Procedures/ Guidelines	44



GENPACT — Internal		iv Version 4.5


		INFORMATION SECURITY POLICY

1.		INFORMATION SECURITY POLICY DOCUMENT

1.1		Objective

The objective of this policy document is to provide management direction and support for information security.

GENPACT shall publish and implement an organizational information security policy document and undertake periodic reviews to ensure that the policy addresses the operational and business risks faced by the organization.

1.2

Ownership and Responsibilities

•

Information Security Leader

1.3		Policy Rules

1.3.1		Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities.

1.3.2		Information security is characterized here as the preservation of:

	•		Confidentiality: ensuring that information is accessible only to those authorized to have access

	•		Integrity: safeguarding the accuracy and completeness of information and processing methods

	•		Availability: ensuring that authorized users have access to information and associated assets when required.

1.3.3		The company has no greater responsibility than protecting its people, workplaces, communities and the continuity of its business.

1.3.4		The company has issued this policy to outline the basic security requirements and controls that must be in place. The form of these security measures will vary according to the nature of business and the particular risks that it must address. GENPACT shall implement a rigorous and comprehensive information security policy that systematically addresses security-measures for preventing any risks, threats and potential damage to its business.

1.3.5		GENPACT shall follow a well-defined methodology for risk assessment

1.3.6		GENPACT shall define and follow policies for:

	•		Acceptable Usage

	•		Application Development and Management

	•		Asset Management

	•		Backup

	•		Business Continuity Planning

	•		Compliance

	•		Cryptography

	•		Email

	•		Equipment Security

	•		External Party Management

	•		Human Resource Security

	•		Incident Management and Response


		INFORMATION SECURITY POLICY

	•		Information and Media handling

	•		Information Security Organization Structure

	•		ISMS Internal Audits and Improvement

	•		ISMS Management Reference Document

	•		Malicious Code

	•		Mobile Computing

	•		Monitoring

	•		Network Security Management

	•		Operations Management

	•		Password

	•		Physical and Environmental

	•		User Access Management

1.3.7		GENPACT shall communicate the information security policy to all users in a form relevant, accessible and understandable to the recipient.

1.3.8		GENPACT shall review this policy at planned intervals or if significant changes occur, to ensure its continuing suitability, adequacy and effectiveness.

1.4		ISO 27001 Clauses/ Controls Addressed

	•		A.5.1.1 — Information security policy document

	•		A.5.1.2 — Review of information security policy

1.5

Associated Procedures/ Guidelines

	•		Risk Assessment Methodology

	•		Information Security Policy Snapshot

	•		Information Security Module for New Hire Orientation

	•		ISMS Management Reference Document


		INFORMATION SECURITY POLICY

2.		INFORMATION SECURITY ORGANIZATION STRUCTURE

2.1		Objective

The objective of this policy is to ensure that GENPACT shall establish a management framework to initiate and control the implementation of information security within the organization.

GENPACT shall ensure that there is a clear direction and visible management support to manage information security within the organization.

2.2

Ownership and Responsibilities

•

Information Security Leader

2.3		Policy Rules

2.3.1		GENPACT shall form management fora, one at a global level and the other at each pole to ensure that there is a clear direction and visible management support for security initiatives.

2.3.2		GENPACT Global Security Council shall undertake the reviewing and approving information security policy and overall responsibilities;

2.3.3		GENPACT Global Information Security Leader shall chair the GENPACT Global Security Council.

2.3.4		Yearly meetings shall be conducted for Genpact global Security Council. Monthly security meetings shall be conducted between ISL’s of all Genpact Poles. Every pole shall define and follow its own frequency of Local Information Security meetings.

2.3.5		Each pole shall appoint information security leader(s) (ISL) that reports to the CIO of that pole with dotted line reporting to the Global ISL.

2.3.6		GENPACT Security Council led by the ISL shall co-ordinate the implementation and maintenance of information security controls.

2.3.7		The ISL shall be responsible for all Information security related activities and shall work with enabling functions to review security preparedness.

2.3.8		Requests for new information processing facilities shall be authorized only for business purposes and shall follow an authorization procedure. Additional approval from Information security team shall be required for all non-standard requests for new information processing facilities.

2.3.9		GENPACT shall coordinate with appropriate authorities (e.g. law enforcement, fire department supervisory authorities) and special interest groups or other specialist security forums and professional associations in order to improve knowledge about the best practices and staying up to date with relevant security information and to provide suitable liaison points when dealing with information security incidents.

2.3.10		GENPACT shall require employees, contractors and external party users to apply security in accordance with the organization’s established policies and procedures.

2.3.11		GENPACT shall ensure that all employees and external party users are aware of their information security roles and responsibilities prior to being granted access to sensitive information or information processing facilities.


		INFORMATION SECURITY POLICY

2.3.12

GENPACT shall require that all employees and external party users follow the organization’s information security policy and appropriate methods of working.

2.4

ISO 27001 Clauses/ Controls Addressed

	•		A.6.1.1 — Management commitment to information security.

	•		A.6.1.2 — Information security co-ordination.

	•		A.6.1.3 — Allocation of information security responsibilities.

	•		A.6.1.4 — Authorization process for information processing facilities

	•		A.6.1.6 — Contact with authorities

	•		A.6.1.7 — Contact with special interest groups

	•		A.8.2.1 — Management responsibilities

2.5

Associated Procedures/ Guidelines

	•		GENPACT security organization and its responsibilities.

	•		Information security leader responsibilities.

	•		BCP/DRP Knowledge Central.

	•		Authorization for information processing facilities.


		INFORMATION SECURITY POLICY

3.		EXTERNAL PARTY ACCESS

3.1		Objective

The objective of this policy is to ensure that GENPACT shall identify the risks to the organization’s information and information processing facilities from external parties and shall implement appropriate controls before granting access.

GENPACT shall maintain the security of its information processing facilities and information assets accessed, processed, communicated to, or managed by external parties.

3.2

Ownership and Responsibilities

	•		Sourcing Team

	•		Information Security Leader

3.3

Policy Rules

3.3.1		GENPACT shall consider all non-employees having access to the organization’s information or information processing facilities as external parties.

3.3.2		GENPACT shall ensure that a risk assessment is carried out at the earliest practical opportunity prior to granting access.

3.3.3		GENPACT shall ensure that all external parties go through a security risk analysis and mitigation strategies are implemented before providing access to the organization’s information or information processing facilities.

3.3.4		GENPACT shall include all relevant security requirements in the agreements with all external parties involving accessing, processing, exchanging, communicating or managing the organization’s information and information processing facilities.

3.3.5		Physical access to GENPACT premises by external parties shall be provided only after authorization.

3.3.6		GENPACT shall ensure that the security controls, service definitions and delivery levels included in the external party service delivery agreement are implemented, operated and maintained by the external party by regularly reviewing and monitoring of the services, reports and records provided by the external party.

3.3.7		GENPACT shall ensure that the external party maintains sufficient service capability together with workable plans designed to ensure that agreed service continuity levels are maintained following major service failures or disaster.

3.3.8		GENPACT shall review the external party audit trails and records of security events, operational problems, failures, tracing of faults and disruptions related to the services delivered,

3.3.9		GENPACT shall maintain sufficient overall control and visibility into all security aspects for sensitive or critical information or information processing facilities accessed, processed or managed by an external party.

3.3.10		GENPACT shall manage changes to the provision of services taking into account the criticality of the business systems and processes involved and reassessment of risks.

3.3.11		GENPACT shall take into account the changes in external party services to implement changes and enhancement to networks, use of new technologies, changes to physical location of service facilities or change of vendors.


		INFORMATION SECURITY POLICY


3.3.12	GENPACT shall continue to discharge its security responsibilities despite the fact that a system/ service has been outsourced.

3.4	ISO 27001 Clauses/ Controls Addressed

	•	A.6.2.1 — Identification of risks related to external parties

	•	A.6.22 — Addressing security when dealing with customers

	•	A.6.2.3 — Addressing security in external party agreements

	•	A.10.2.1 — Service delivery

	•	A.10.2.2 — Monitoring and review of external party services

	•	A.10.2.3 — Managing changes to external party services

	•	A.10.8.2 — Exchange Agreements

3.5	Associated Procedures/ Guidelines

	•	Security requirements in external party contracts.

	•	External party connections to the GENPACT network

	•	Security risk analysis toolkit

	•	GENPACT web hosting security requirements

	•	Procedure for outsourcing contracts (Sourcing BPMS)

	•	External Party Access Guidelines


		INFORMATION SECURITY POLICY


4.		ASSET MANAGEMENT

4.1		Objective

The objective of this policy is to ensure that GENPACT shall prepare and maintain an up to date inventory of all information assets associated with each CoE / Function along with a nominated owner and define classification guidelines in terms of its criticality, sensitivity and legal requirements to the organization.

GENPACT shall identify and maintain an inventory of all of information assets.


4.2	Ownership and Responsibilities

	•	Information Security Team

	•	Document management team

	•	CoE / Function SPOCs

4.3	Policy Rules

4.3.1	GENPACT shall align appropriate resources to create and maintain inventory of critical assets.

4.3.2	GENPACT shall include all necessary information like type of asset, format, location, backup information, license information etc. in the inventory for BCP, so as to help recover from a disaster.

4.3.3	GENPACT shall identify single points of contact (SPOCs) in each CoE / enabling function with the objective of creating and maintaining inventory of all information and information processing assets.

4.3.4	The SPOCs shall identify the location and the owners for each information asset within the CoE / Function.

4.3.5	The SPOCs shall evaluate the value of the assets based on feedback from the owners of the assets.

4.3.6	GENPACT shall identify, document and implement guidelines for acceptable use of information and assets associated with information processing facilities.

4.3.7	All employees, contractors and external party users shall follow guidelines for the acceptable use of information and assets associated with information processing facilities.

4.3.8	The asset owners shall classify the assets in terms of its legal requirements, sensitivity and criticality to the organization.

4.3.9	GENPACT shall seek support from its IM/Security and Legal functions to implement Data Classification guidelines.

4.3.10	Respective document owners shall be responsible for maintaining correct classification of the document.

4.3.11	GENPACT shall define handling procedures for each classification level including the secure processing, storage transmission, declassification and destruction.

4.3.12	The designated information owner may, at any time, declassify or downgrade information. To achieve this, the owner shall change the classification label appearing on the original document and inform the concerned business leader and all known recipients/ users.


		INFORMATION SECURITY POLICY


5.		HUMAN RESOURCES SECURITY

5.1		Objective

The objective of this policy is to ensure that GENPACT employees, contractors and external party users understand their responsibilities, and are suitable for the roles they are considered for, and to reduce the risks of human error, theft, fraud or misuse of facilities.

GENPACT shall ensure that security is addressed during recruitment, employment and after
termination or change of employment, of employees and external parties.


5.2	Ownership and Responsibilities

	•	Human Resources

5.3	Policy Rules

5.3.1	GENPACT shall lay down security roles and responsibilities, and document them wherever appropriate. These responsibilities shall include any general responsibilities for implementing or maintaining security policy as well as any specific responsibilities for the protection of particular assets or for the execution of particular security processes or activities.

5.3.2	GENPACT shall ensure that background checks are done on employees and contractors/contingent workers prior to the commencement of employment.

5.3.3	GENPACT shall identify requirements for confidentiality or non-disclosure agreements for employees and external parties reflecting the organization’s need for the protection of information and shall regularly review these agreements.

5.3.4	GENPACT shall provide appropriate awareness trainings and regular updates in organizational policies and procedure to all employees of the organization and where relevant to contactors and external party users as relevant for their job function.

5.3.5	GENPACT shall follow a formal disciplinary process for employees who have committed a security breach.

5.3.6	GENPACT shall follow a termination / change in role process to include the return/review of all previously issued information and information processing assets.

5.3.7	GENPACT shall ensure that the access rights of all employees, contractors and third-party users to information and information processing facilities are removed upon termination of their employment, contract or agreement or adjusted upon change.

5.4	ISO 27001 Clauses/ Controls Addressed

	•	A.6.1.5 — Confidentiality agreements.

	•	A.8.1.1 — Roles and responsibilities

	•	A.8.1.2 — Screening

	•	A.8.1.3 — Terms and conditions of employment

	•	A.8.2.2 — Information security awareness, education and training

	•	A.8.2.3 — Disciplinary process

	•	A.8.3.1 — Termination responsibilities

	•	A.8.3.2 — Return of assets

	•	A.8.3.3 — Removal of access rights


		INFORMATION SECURITY POLICY

6.		PHYSICAL ACCESS CONTROL

6.1		Objective

The objective of this policy is to ensure that security perimeters shall be used to prevent unauthorized access, damage and interference to business premises and information.

GENPACT shall ensure that unauthorized physical access, damage and interference to the organization’s premises and information are prevented.

6.2

Ownership and Responsibilities

•

Logistics Team

6.3		Policy Rules

6.3.1		GENPACT shall implement physical security controls in its premises and information processing facilities, with adequate strength depending on the security requirements and risk assessment of the facility/premise.

6.3.2		GENPACT shall define different zones in its premises based on the sensitivity of the information processed within and deploy appropriate entry controls so that only authorized personnel are allowed access.

6.3.3		GENPACT shall design and implement guidelines for working in sensitive areas.

6.3.4		GENPACT shall monitor and review access to the premises and secure areas at regular intervals.

6.3.5		GENPACT shall ensure that the physical premises receive adequate protection against natural or man-made disasters like fire, flood, earthquake, explosion, civil unrest etc.

6.3.6		GENPACT shall ensure that access points such as delivery and loading areas and other points where unauthorized persons may enter the premises are controlled and, if possible, isolated from the information processing facilities. GENPACT shall follow defined guidelines for the movement of equipment to protect sensitive information from unauthorized disclosure or modification.

6.4		ISO 27001 Clauses/ Controls Addressed

	•		A.9.1.1 — Physical security perimeter

	•		A.9.1.2 — Physical entry controls

	•		A.9.1.3 — Securing offices, rooms and facilities

	•		A.9.1.4 — Protecting against external and environmental threats

	•		A.9.1.5 — Working in secure areas

	•		A.9.1.6 — Public access, delivery and loading areas

	•		A.10.8.3 — Physical media in transit

6.5

Associated Procedures/ Guidelines

	•		Guidelines for physical security.

	•		GENPACT Physical Security Policy


		INFORMATION SECURITY POLICY

7.		EQUIPMENT SECURITY

7.1		Objective

The objective of this policy is to prevent loss, damage, theft or compromise of assets and interruption to the organization’s activities.

GENPACT shall ensure that all organizational equipment are adequately protected, operated maintained and disposed.

7.2

Ownership and Responsibilities

	•		Information Security Team

	•		Logistics Team

	•		Server Management Group

	•		Network Management Group

	•		Workstation Management Group

	•		Security Operations Centre

7.3		Policy Rules

7.3.1		GENPACT shall ensure that all equipment that s not physically accessed by users is located in a secure area.

7.3.2		GENPACT shall ensure that there are adequate controls for preventing or suppressing environmental hazards like fire, moisture, etc.

7.3.3		GENPACT shall ensure that equipment is protected from power failures and other disruptions caused by failures in supporting utilities by building redundancy into the system

7.3.4		GENPACT shall ensure that power and telecommunications cabling carrying data or supporting information services is protected from interception or damage

7.3.5		GENPACT shall maintain all equipment according to the manufacturer’s / supplier’s specifications

7.3.6		GENPACT shall apply security to off-site equipment taking into account the different risks of working outside the organization’s premises.

7.3.7		GENPACT shall not allow any personal hardware to be added to or used on any corporate computer or LAN without prior written permission from Information Security Team.

7.3.8		GENPACT shall ensure that all data is removed from all equipment prior disposal or reuse

7.4		ISO 27001 Clauses/ Controls Addressed

	•		A.9.2.1 — Equipment siting and protection

	•		A.9.2.2 — Supporting utilities

	•		A.9.2.3 — Cabling security

	•		A.9.2.4 — Equipment maintenance

	•		A.9.2.5 — Security of equipment off-premises

	•		A.9.2.6 — Secure disposal or re-use of equipment

	•		A.9.2.7 — Removal of property


		INFORMATION SECURITY POLICY

8.		MALICIOUS CODE

8.1		Objective

The objective of this policy is to protect GENPACT information and underlying systems from potential damages from malicious codes

GENPACT shall ensure that precautions are implemented to detect and prevent the introduction of malicious code and unauthorized mobile code into the information processing facilities.

8.2

Ownership and Responsibilities

•

Information Security Team

8.3		Policy Rules

8.3.1		GENPACT shall ensure that malicious code prevention, detection and removal controls are in place for all devices.

8.3.2		GENPACT shall ensure that appropriate user awareness procedures are implemented to protect against malicious software

8.3.3		GENPACT shall ensure that all email servers are deployed with virus detection and shall implement filtering controls.

8.3.4		GENPACT shall ensure that mobile code is used only after approval from the Information Security Team.

8.4		ISO 27001 Clauses/ Controls Addressed

	•		A.10.4.1 — Controls against malicious code

	•		A.10.4.2 — Controls against mobile code

8.5

Associated Procedures/ Guidelines

	•		Virus Control BPMS.

	•		GENPACT Security Metrics Process

	•		Information Security Policy Snapshot.

	•		GENPACT Incident Res Procedure.

	•		Guidelines on the use of mobile code


		INFORMATION SECURITY POLICY

9.		BACKUP

9.1		Objective

The objective of this policy is to ensure that backup of business critical information, applications and systems is available.

GENPACT shall ensure backup of business critical information, applications and systems is maintained, tested and restored on a regular basis.

9.2

Ownership and Responsibilities

	•		Server Management Group

	•		Network Management Group

	•		BCP Team

9.3		Policy Rules

9.3.1		GENPACT shall identify business critical information, applications and information systems that require to be backed up as per business process requirement.

9.3.2		GENPACT shall define the type (full, incremental or differential) and frequency of backups.

9.3.3		GENPACT shall follow guidelines for the storage of backup onsite, offsite as well as the secure movement of backup.

9.3.4		GENPACT shall define and, follow guidelines for securing the backup; this shall be inline with the data classification guidelines.

9.3.5		GENPACT shall define and implement restoration testing and recovery procedures along with the frequency of testing required.

9.3.6		GENPACT shall ensure that the backup procedures defined are in line with the Business Continuity Plan.

9.4		ISO 27001 Clauses/ Controls Addressed

•

A.10.5.1 Information back-up

9.5

Associated Procedures/ Guidelines

	•		Data availability & Backup procedure

	•		Data Classification Guidelines


		INFORMATION SECURITY POLICY

10.		NETWORK. SECURITY MANAGEMENT

10.1		Objective

The objective of this policy is to prevent unauthorized access to networked services.

GENPACT shall ensure that access to both internal and external network services is controlled and user access to networks and networked services shall not compromise the security of the networked services.

10.2

Ownership and Responsibilities

•

Network Management Group

10.3		Policy Rules

10.3.1		GENPACT shall ensure that the use of network services is consistent with the user access management policy and the requirements of the business applications.

10.3.2		GENPACT shall ensure that the network and supporting utilities are adequately protected.

10.3.3		GENPACT shall ensure that operational responsibility for networks is separated from computer operations where appropriate.

10.3.4		Special controls shall be established by GENPACT to safeguard the confidentiality and integrity of data passing over public networks and over wireless networks and shall protect the connected systems and applications.

10.3.5		GENPACT shall identify and include in the network services agreements with external parties, a clear description of the security features, service levels and management requirements of all network services used by the organization.

10.3.6		GENPACT shall ensure that access to resources by remote users is subjected to authentication.

10.3.7		GENPACT shall ensure that access to configuration and diagnostic ports shall only be allowed after approval.

10.3.8		GENPACT shall ensure that controls are introduced in networks to segregate groups of information services, users and information systems.

10.3.9		GENPACT shall implement routing controls for networks to ensure that computer connections and information flows do not breach the access control policy.

10.3.10		GENPACT shall implement and manage its Fire walls as per Eire all Security Guidelines.

10.4		ISO 27001 Clauses/ Controls Addressed

	•		A.10.6.1 — Network controls

	•		A.10.6.2 — Security of network services

	•		A.10.8.5 — Business information systems

	•		A.11.4.1 — Policy on use of network services

	•		A.11.4.2 — User authentication for external connections

	•		A.11.4.4 — Remote diagnostic and configuration port protection

	•		A.11.4.5 — Segregation in networks

	•		A.11.4.6 — Network connection control


		INFORMATION SECURITY POLICY

11.		INFORMATION AND MEDIA HANDLING

11.1		Objective

The objective of this policy is to ensure that access to and usage of information and media within GENPACT are controlled.

GENPACT shall control the access to and usage, transit, disposal of all types of information and media.

11.2

Ownership and Responsibilities

	•		Document Management Team

	•		Information Security Team

	•		Server Management Group

	•		Network Management Group

	•		Workstation Management Group

	•		Security Operations Centre

	•		Logistics Team

11.3		Policy Rules

11.3.1		GENPACT shall ensure that exchange of information through any media shall follow well-defined procedures / guidelines.

11.3.2		GENPACT shall define and implement controls to manage the usage of removable computer media within its premises.

11.3.3		GENPACT shall define and follow procedures for the secure disposal of media and information. These shall be in line with the data classification guidelines.

11.3.4		All information shall be handled according to the data classification guidelines.

11.3.5		GENPACT shall follow defined guidelines for the movement of physical media to protect sensitive information from unauthorized disclosure or modification.

11.3.6		GENPACT shall take appropriate steps to ensure the integrity of publicly available electronically published information to prevent unauthorized modification that could harm their reputation.

11.4		ISO 27001 Clauses/ Controls Addressed

	•		A.10.7.1 Management of removable computer media

	•		A.10.7.2 Disposal of media

	•		A.10.8.1 Information exchange policies and procedures

	•		A.10.8.3 Physical media in transit

	•		A.10.9.3 Publicly available information

11.5

Associated Procedures/ Guidelines

	•		Equipment and media disposal procedure

	•		Data Classification Guidelines

	•		Guidelines for Management of Removable Media

	•		Material Movement (GENPACT Physical Security Policies)


		INFORMATION SECURITY POLICY

12.		EMAIL SECURITY

12.1		Objective

The objective of this policy is to ensure that information involved in electronic messaging systems shall be appropriately protected.

GENPACT shall ensure that adequate controls are put in place to reduce security risks created by the use of electronic mail.

12.2

Ownership and Responsibilities

•

Server Management Group

12.3		Policy Rules

12.3.1		The e-mail system and all copies of messages created, sent, received or stored on the system are (and remain) the property of GENPACT.

12.3.2		GENPACT maintains the right to review, audit, intercept, access, monitor, delete and disclose all messages created, received, sent, or stored on the e-mail server, client or in any other form.

12.3.3		The confidentiality of any message shall not be assumed.

12.3.4		GENPACT maintains its e-mail system solely for conducting its business. The use of the e-mail system for any other purpose is unauthorized and a violation of GENPACT’s policy. Unauthorized use includes, but is not limited to transmitting or storing offensive material; compromising the security of information contained in GENPACT computers; conducting or soliciting for political, personal, religious or charitable causes or other commercial ventures outside the scope of the user’s employment and user’s responsibilities to the company.

12.3.5		The e-mail system shall not be used to create, send, receive or store any offensive or disruptive messages, or materials that infringe the copyright or other intellectual property right of any third parties. Among those that are considered offensive are any messages, which contain but not limited to sexual implications, gender-specific comments, defamatory statements, or any other comment that offensively addresses someone’s religious or political beliefs, national origin, or disability.

12.3.6		GENPACT’s e-mail capacity is not unlimited. GENPACT’s e-mail system and connection to the Internet are provided for the business purpose and may not be used to engage in improper or illegal activity. Employees shall not use the e-mail system for purposes that could reasonably be expected to directly or indirectly cause strain on any computing facilities. GENPACT shall restrict attachments size on the company mail system.

12.3.7		Notwithstanding GENPACT’s right to retrieve and read any e-mail messages, all messages should be treated as confidential and accessed only by the intended recipient. Employees shall only disclose information or messages obtained from the e-mail system to recipients authorized to have such information.

12.3.8		Employees and external parties are not authorized to retrieve or read any e-mail messages that are not addressed to them. Employees should not attempt to gain access to another employee’s messages without his / her permission.


		INFORMATION SECURITY POLICY

12.3.9		In order to guard against dissemination of confidential corporate information, employees should take due care while reading confidential mails. E-mail windows should not be left open on the screen when the computer is unattended; at such times the screen should be cleared, and the computer should be locked so that for re-access the user’s password would be needed. Email password (or other computer passwords) should be kept secret and changed periodically. Email users are fully responsible for maintaining their own passwords

12.3.10		Users must not automatically forward their e-mails to any address outside the GENPACT system networks, unless approved by the Information Security Leader. Auto forwarding of e-mails within GENPACT system for business purposes, may be allowed for a limited period with the prior approval of the concerned manager.

12.3.11		Users must not send ‘confidential’ or ‘restricted’ information via e-mail outside GENPACT; unless it is compliant to the document classification procedures.

12.4		ISO 27001 Clauses/ Controls Addressed

•

A.10.8.4 — Electronic messaging

12.5

Associated Procedures/ Guidelines

	•		Information Security Policy Snapshot.

	•		Document Classification Guidelines

	•		Blackberry Usage guidelines

	•		Out of Office Email Notification Guidelines


		INFORMATION SECURITY POLICY

13.		MONITORING

13.1		Objective

The objective of this policy is to ensure information access that GENPACT detects unauthorized information access.

GENPACT shall ensure that critical systems are monitored and information security events are recorded.

13.2

Ownership and Responsibilities

•

Security Operations Centre

13.3

Policy Rules

13.3.1		GENPACT shall ensure that audit logs recording exceptions and other security-relevant events are produced for critical systems and kept for an agreed period to assist in future investigations and access control monitoring.

13.3.2		GENPACT shall ensure that procedures for monitoring use of information processing facilities are established and the results of the monitoring activities are reviewed regularly.

13.3.3		GENPACT shall ensure that controls are implemented to protect logging facilities and log information against tampering and unauthorized access.

13.3.4		GENPACT shall ensure that system administrator and system operator activities such as the time at which the event occurred, the information of the event or failure, which account and which administrator or operator was involved etc are be logged.

13.3.5		GENPACT shall ensure that faults reported by users regarding problems with information processing or communications systems are logged and corrective action is taken.

13.3.6		GENPACT shall ensure that the clocks of all relevant information processing systems within the organization or security domain are synchronized with an agreed accurate time source to maintain accuracy of logs.

13.3.7		GENPACT shall ensure that timely information about technical vulnerabilities of information systems being used is obtained, exposure to such vulnerabilities is evaluated and appropriate measures are taken to address the associated risk.

13.3.8		All managers shall contribute in spreading security awareness within their area of responsibility.

13.3.9		GENPACT shall ensure that information systems are reviewed regularly for compliance with security implementation standards.

13.4		ISO 27001 Clauses/ Controls Addressed

	•		A.10.10.1 — Audit logging

	•		A.10.10.2 — Monitoring system use

	•		A.10.10.3 — Protection of log information

	•		A.10.10.4 — Administrator and operator logs

	•		A.10.10.5 — Fault logging

	•		A.10.10.6 — Clock synchronization

	•		A.12.6.1 — Vulnerability management


		INFORMATION SECURITY POLICY

14.		USER ACCESS MANAGEMENT

14.1		Objective

The objective of this policy is to ensure that GENPACT establishes access control rules that take into account policies for information dissemination and authorization.

GENPACT shall ensure that an access to information and information processing systems is controlled and reviewed based on business and security requirements for access.

14.2

Ownership and Responsibilities

	•		Server Management Group

	•		Workstation Management Group

14.3		Policy Rules

14.3.1		GENPACT shall ensure that access to information; information processing facilities is controlled on the basis of business requirements.

14.3.2		GENPACT shall ensure that there is a formal user registration and deregistration procedure in place for granting and revoking access to all information systems and services.

14.3.3		GENPACT shall ensure that user’s access rights are reviewed at regular intervals.

14.3.4		GENPACT shall ensure that the procedure for logging into an operating system is designed to minimize the opportunity for unauthorized access.

14.3.5		GENPACT shall ensure that all users have a unique identifier (user ID) for their individual use only, and a suitable authentication technique is chosen to substantiate the claimed identity of a user. The use of group IDs shall be permitted with prior authorization where they are suitable for the work carried out.

14.3.6		GENPACT shall ensure the use of utility programs that might be capable of overriding system and application controls are restricted and tightly controlled.

14.3.7		GENPACT shall ensure that a time-out facility shall clear the session screen and also if required, close both the application and the network sessions after a pre-determined period of inactivity.

14.3.8		GENPACT shall ensure that access to information and application system functions by users and support personnel is on a need-to-know basis and is consistent with the organization access control policy and Asset Management Policy.

14.4		ISO 27001 Clauses/ Controls Addressed

	•		A.10.8.5 — Business information systems

	•		A.11.1.1 — Access control policy

	•		A.11.2.1 — User registration

	•		A.11.2.2 — Privilege management

	•		A.11.2.4 — Review of user access rights

	•		A.11.5.1 — Secure log-on procedures

	•		A 11.5.2 — User identification and authentication

	•		A.11.5.4 — Use of system utilities

	•		A.11.5.5 — Session time-out


		INFORMATION SECURITY POLICY

15.		PASSWORD

15.1		Objective

The objective of this policy is to ensure that quality passwords are used and securely managed to prevent unauthorized access to GENPACT information assets.

GENPACT shall define and follow a robust password policy to control access to information and information processing facility.

15.2

Ownership and Responsibilities

	•		Information Security Team

	•		Server Management Group

15.3		Policy Rules

15.3.1		GENPACT shall follow a formal password management process for the allocation of passwords. This process shall be system controlled wherever possible.

15.3.2		GENPACT shall ensure that all passwords are kept confidential and not shared unless otherwise authorized by the ISL.

15.3.3		GENPACT shall define procedures for password resets and also for verification, authentication and subsequent secure communication of temporary passwords to concerned personnel.

15.3.4		GENPACT shall implement controls such that passwords shall not be stored on computer systems in unprotected form.

15.3.5		GENPACT shall implement controls such that users follow complexity guidelines in the selection of passwords to ensure its quality.

15.3.6		GENPACT shall implement controls to change passwords as per he defined periodicity.

15.4		ISO 27001 Clauses/ Controls Addressed

	•		A.112.3 User password management

	•		A.113.1 Password use

	•		A.11.5.3 Password management system

15.5

Associated Procedures/ Guidelines

•

Password management guidelines


		INFORMATION SECURITY POLICY

16.		OPERATIONS MANAGEMENT

16.1		Objective

The objective of this policy is to ensure the correct and secure operation of Information Processing facilities and to establish responsibilities and procedures for their management.

GENPACT shall manage operations within the organization to maintain the security of its information processing facilities and information assets.

16.2

Ownership and Responsibilities

	•		Server Management Group

	•		Network Management Group

	•		Workstation Management Group

	•		Application Support Group

	•		Security Operations Centre

16.3		Policy Rules

16.3.1		GENPACT shall maintain documented operating procedures for the management of information-processing facilities and ensure that they are available to all employees who require them.

16.3.2		GENPACT shall incorporate formal change management procedures for the control of changes made.

16.3.3		GENPACT shall ensure segregation of duties, wherever applicable, to prevent against system misuse, disclosure and corruption.

16.3.4		GENPACT shall physically / logically separate development, testing and production environments to prevent unwanted modification of files, system environment, or system failure.

16.3.5		GENPACT shall maintain and follow rules for the migration of application systems and data between different environments.

16.3.6		GENPACT shall continuously monitor and make projections for future capacity requirements to ensure adequate processing power, storage and other resources to prevent system overload.

16.3.7		GENPACT management shall ensure that the requirements and criteria for acceptance of new systems, upgrades, new versions are clearly defined, agreed, documented and tested

16.3.8		GENPACT shall carry out system acceptance test prior to acceptance of any new type of information processing facilities.

16.3.9		GENPACT shall implement appropriate controls to protect equipment, applications and data from unauthorized access when left unattended by the user.

16.3.10		All employees of GENPACT shall be required to follow clear desk guidelines for papers and removable storage media and clear screen guidelines for information processing facilities in order to reduce the risks of unauthorized access, loss of, and damage to information during and outside normal working hours.

16.3.11		GENPACT shall identify sensitive information systems and ensure that these systems run on logically / physically isolated systems to avoid disruptions.

16.3.12		GENPACT shall control the installation of software on its production systems to prevent corruption of systems and information.


		INFORMATION SECURITY POLICY

16.3.13		GENPACT shall ensure that application systems are reviewed and tested to ensure that there is no adverse impact on operation or security when changes to the operating system are made.

16.4		ISO 27001 Clauses/ Controls Addressed

	•		A.10.1.1 Documented operating procedure

	•		A.10.1.2 Change management

	•		A.10.1.3 Segregation of duties

	•		A.10.1.4 Separation of development test and operational facilities

	•		A.103.1 Capacity management

	•		A.10.32 System acceptance

	•		A.10.8.5 — Business information systems

	•		A.11.3.2 Unattended user equipment

	•		A.11.3.3 Clear desk and clear screen policy

	•		A.11.6.2 Sensitive system isolation

	•		A.12.4.1 Control of operational software

	•		A.12.5.2 Technical review of applications after operating system changes

16.5

Associated Procedures/ Guidelines

	•		Guideline for documenting operating procedures

	•		Change Control Process

	•		Kintana Change Management

	•		Managing GENPACT IP networks

	•		Capacity Management

	•		System Acceptance Checklists

	•		Clear desk and clear screen guidelines

	•		GENPACT Physical Security Policy

	•		Procedure / Guidelines for controlling installation / use of software on operational systems (ESR Process)


		INFORMATION SECURITY POLICY

17.		TELEWORKING AND MOBILE COMPUTING

17.1		Objective

The objective of this policy is to ensure information security when using mobile and teleworking facilities.

GENPACT shall ensure that when using mobile computing and teleworking, the risks of working in an unprotected environment are considered and appropriate protection is applied.

17.2

Ownership and Responsibilities

•

Information Security Team

17.3		Policy Rules

17.3.1		GENPACT shall ensure that special care is taken to ensure that business information is not compromised when using mobile computing and communication facilities like palmtops, laptops, smart cards and mobile phones.

17.3.2		GENPACT shall take into account the risks of working with mobile computing equipment in unprotected environment.

17.3.3		GENPACT shall ensure that all mobile computing facilities are adequately protected by using appropriate techniques.

17.3.4		GENPACT shall ensure that access to business information by remote users across public networks takes place only after successful identification and authentication.

17.3.5		GENPACT shall train users on the additional risks resulting from using their mobile computing equipments in public areas or over the public network.

17.3.6		GENPACT shall allow teleworking only horn authorized systems and processes.

17.3.7		GENPACT shall not allow privately owned devices to connect to the GENPACT network.

17.3.8		GENPACT shall not allow use of any personal hardware / software for business purposes.

17.3.9		GENPACT has Blackberry Usage Guidelines and shall ensure that its employees adhere to the same.

17.3.10		GENPACT also has Work From Home (WFH) Policy with the objective to secure GENPACT assets, systems and equipment for the purpose of WORK FROM HOME.

17.4		ISO 27001 Clauses/ Controls Addressed

	•		A.11.7.1 — Mobile computing and communications

	•		A.11.7.2 — Tele-working

17.5

Associated Procedures/ Guidelines

	•		VPN Connections To GENPACT Network (VPN Hub)

	•		End user awareness for use of mobile computing equipment

	•		Mobile computing guideline

	•		Work From Home Policy


		INFORMATION SECURITY POLICY

18.		APPLICATION DEVELOPMENT AND MANAGEMENT

18.1		Objective

The objective of this policy is to ensure that security is built into application development.

GENPACT shall effectively manage the process of application development, testing and deployment.

18.2

Ownership and Responsibilities

•

Digitization Team

18.3		Policy Rules

18.3.1		GENPACT shall ensure that security requirements for new applications systems are explicitly defined during the design stages, and shall comply with the Data Classification Guidelines.

18.3.2		GENPACT shall implement procedures to verify and protect the input data with adequate checks and controls.

18.3.3		GENPACT shall ensure test data used in the application development is adequately protected.

18.3.4		GENPACT shall ensure that the source code of developed applications available for access, modification or use only to authorized individuals.

18.3.5		GENPACT shall define and document change control procedures for all applications developed / modified to minimize the risk of corruption.

18.3.6		GENPACT shall ensure that operational software is purchased only from approved vendors.

18.3.7		GENPACT shall ensure that any changes to purchased software products shall follow the application change control procedures.

18.3.8		GENPACT shall ensure that applications developed are protected from information leakage

18.3.9		GENPACT shall ensure that agreements and adequate controls are in place while outsourcing application development to external parties.

18.4		ISO 27001 Clauses/ Controls Addressed

	•		A.12.1.1 Security requirements analysis and specification

	•		A.12.2.1 Input data validation

	•		A.12.2.2 Control of internal processing

	•		A.12.2.3 Message integrity

	•		A.12.2.4 Output data validation

	•		A.12.4.2 Protection of system test data

	•		A.12.4.3 Access control to program source code

	•		A.12.5.1 Change control procedures

	•		A.12.5.3 Restrictions on changes to software packages

	•		A.12.5.4 Information leakage

	•		A.12.5.5 Outsourced software development


		INFORMATION SECURITY POLICY

19.		CRYPTOGRAPHY

19.1		Objective

The objective of this policy is to regulate the usage of cryptographic controls within GENPACT to protect confidential information.

GENPACT shall ensure that the usage of cryptographic controls is controlled, authorized and commensurate to the sensitivity of information to be protected.

19.2

Ownership and Responsibilities

•

Information Security Team

19.3		Policy Rules

19.3.1		GENPACT shall use cryptographic controls, where appropriate for the protection of sensitive information.

19.3.2		GENPACT shall follow documented procedures detailing the roles and responsibilities for management of cryptographic techniques.

19.3.3		The level and use of cryptographic controls shall be based on business requirement and shall be in line with the Data Classification Guidelines.

19.3.4		GENPACT shall ensure that the cryptographic controls used abide by the laws of the land.

19.4		ISO 27001 Clauses/ Controls Addressed

	•		A.12.3.1 — Policy on the use of cryptographic control

	•		A.12.3.2 — Key management

19.5

Associated Procedures/ Guidelines

	•		Guidelines for using cryptography tools

	•		Guidelines for selection of encryption algorithm


		INFORMATION SECURITY POLICY

20.		INCIDENT RESPONSE AND MANAGEMENT

20.1		Objective

The objective of this policy is to formulate an incident response and management strategy and procedure to minimize the damage caused by security incidents and to monitor and learn from such events.

GENPACT shall ensure that all employees report security incidents and these are logged and resolved.

20.2

Ownership and Responsibilities

	•		Information Security Team

	•		Logistics Team

	•		Crisis Management Team

20.3

Policy Rules

20.3.1		GENPACT shall ensure that a point of contact exists for all employees to report information security incidents and weaknesses.

20.3.2		GENPACT shall ensure multiple teams are in place to handle different types of security incidents and weaknesses.

20.3.3		Incident triage shall be carried out by trained personnel and then directed to the different teams designed to resolve particular type of incidents.

20.3.4		GENPACT shall train all its employees on the different types of information security incidents and also to report security incidents and weaknesses. Users shall report any information security incident or weakness to his/her Manager & the ISL/ISO.

20.3.5		GENPACT shall ensure that the roles and responsibilities for all involved parties are well defined and documented.

20.3.6		GENPACT shall log and retain records of all information security incidents.

20.3.7		A root cause analysis for all logged information security incidents shall be carried out to prevent reoccurrence.

20.3.8		In case of requirement for legal action, GENPACT shall conform to the rules of evidence laid down in the respective countries and present the evidence accordingly.

20.3.9		20.3.9 The Incident response procedure shall be in line with the business continuity policy.

20.4		ISO 27001 Clauses/ Controls Addressed

	•		A.13.1.1 Reporting information security events

	•		A.13.1.2 Reporting security weaknesses

	•		A.13.2.1 Responsibilities and procedures

	•		A.13.2.2 Learning from information security incidents

	•		A.13.2.3 Collection of evidence

20.5

Associated Procedures/ Guidelines

	•		Incident Response Procedure

	•		IT Helpdesk

	•		BCP activation procedure


		INFORMATION SECURITY POLICY


21.		BUSINESS CONTINUITY PLANNING

21.1		Objective

The objective of this policy is to ensure that well-defined and tested business continuity plans exists to safeguard all critical business processes, information, information processing facilities and personnel from disruptions.

GENPACT shall define, implement, test and maintain continuity plans to reduce the disruption caused by disasters and security failures to an acceptable level,


21.2		Ownership and Responsibilities

		• BCP Team

21.3		Policy Rules

21.3.1		GENPACT shall ensure that a managed process exists to facilitate effective development, maintenance, testing and execution of business continuity plans.

21.3.2		GENPACT shall ensure that a business impact analysis is carried out periodically to determine the potential impact of the interruptions and subsequently put alternate controls and processes in place.

21.3.3		The business continuity planning framework shall be defined to maintain or restore business operations in the required time frames to cause least disruptions to business.

21.3.4		A business continuity framework shall be designed that states the conditions or activation and personnel responsible for execution of each component of the plan.

21.3.5		GENPACT shall ensure that business continuity plan is inline with the Incident Management Policy.

21.3.6		The plans shall be regularly tested and improved to ensure that they are effective and up to date.

21.4		ISO 27001 Clauses/ Controls Addressed

		• A.14.1.1 — Including information security in the management process

		• A.14.1.2 — Business continuity and risk assessment

		• A.14.1.3 — Developing and implementing continuity information security

		• A.14.1.4 — Business continuity planning framework

		• A.14.1.5 — Testing, maintaining and re-assessing business continuity plans

21.5		Associated Procedures/ Guidelines

		• Emergency Service Level Procedure

		• Crisis Management Procedure

		• Business Continuity Testing Procedure

		• BCP Handbook / Red Book


		INFORMATION SECURITY POLICY


22.		ACCEPTABLE USAGE

22.1		Objective

The objective of this policy is to educate end users on the acceptable usage of company information and information processing facilities.

GENPACT shall ensure that all employees & external party workers use GENPACT information assets as defined by the policies, procedures and guidelines and only for business purposes.


22.2		Ownership and Responsibilities

All users accessing GENPACT’s information systems


22.3		Policy Rules

22.3.1		Users shall not surf the Internet for non-business purposes and should strictly avoid visiting pornographic or entertainment sites.

22.3.2		Users shall not download songs, movies, humour clippings, advertisements, pornographic & other non-business or non-productive material.

22.3.3		Users shall not download software from the network / Internet without prior approval.

22.3.4		Users shall not post any company proprietary information on Internet share drives /briefcase, public forums, newsrooms or bulletin boards.

22.3.5		Users shall not access non-Genpact e-mail sites such as Yahoo, Hotmail, Gmail etc. unless authorized for business use.

22.3.6		Users shall not use their official email ID’s to subscribe to any newsletters, participate in surveys, online quizzes, registrations etc. unless explicitly authorized. Your Genpact e-mail account is provided for business purposes; however limited non-business use which is not an abuse of Company time and/or resources, and which does not violate any Genpact policies.

22.3.7		Users shall not participate in chain mails, forwarding of jokes and other non-productive emails.

22.3.8		Users shall ensure that they do not send advertisement of sale of assets, invitations, wishes, etc to large groups without prior approval or unless they are authorized.

22.3.9		Users shall avoid opening any mail from unknown users / sources and also avoid downloading or opening suspicious attachments or clicking on suspicious links.

22.3.10		Suspicious mails shall be reported to the Manager / IT SPOC / Security Team immediately.

22.3.11		Users shall access Company resources using their own ID’s.

22.3.12		Users shall keep all their passwords confidential.

22.3.13		Users shall ensure that Corporate Hardware/Software is not used for Personal purpose. Use of any Personal Hardware/Software shall not be allowed for corporate purpose.

22.3.14		Use of External Storage devices (Floppies/CD’s/Zip Drives/USB Hard disk) shall not be permitted on Corporate network/Hardware unless authorized by Information Security.


		INFORMATION SECURITY POLICY


22.3.15		Users shall report any information security incident or weakness to his/her Manager & the ISL/ISO.

22.3.16		Users shall follow the clear desk and clear screen guidelines to protect information and information processing facilities from unauthorized access.

22.3.17		If privileged access is given to Users, they should use those access rights only for the business purpose for which they are given access.

22.3.18		Mobile computing facilities such as Laptops/PDA should not be left unattended in public areas such as airports, hotels and meeting rooms.

22.3.19		Using Company resources to conduct outside business ventures or other actions inconsistent or in violation of the Company policies shall not be permitted

22.3.20		Users of GENPACT systems shall be aware that their information systems and information are not private and the company reserves the right to monitor and audit these from time to time.

22.3.21		Any breach of company policy shall warrant necessary disciplinary action up to termination of employment.

22.3.22		Users shall raise any concerns about the appropriate use of Genpact Information resources such as loss or misuse of devices (e.g. a laptop or PDA) or unauthorized sharing or disclosure of Genpact Information with their immediate managers and Genpact Information Security team (infosec@genpact.com)

22.4		ISO 27001 Clauses/ Controls Addressed

		• A.7.1.3 — Acceptable Usage of Assets

		• A.10.8.4 — Electronic messaging

		• A.10.10.2 — Monitoring system use

		• A.11.3.3 — Clear Desk and Clear screen policy

22.5		Associated Procedures/ Guidelines

		• ISMS Policy snapshot

		• E-mail Policy

		• Awareness Guidelines


		INFORMATION SECURITY POLICY


23.		COMPLIANCE

23.1		Objective

The objective of this policy is to ensure that GENPACT avoids breaches of any law, statutory, regulatory or contractual obligations, and of any security requirements.

GENPACT shall define, document and maintain up to date all relevant statutory, regulatory and
contractual requirements and the organization’s approach to meet these requirements for each of the
information systems.


23.2		Ownership and Responsibilities

	•		Legal Team

	•		Information Security Team


23.3		Policy Rules


23.3.1		GENPACT shall define and document the specific controls and individual responsibilities to meet all the statutory, regulatory and contractual requirements.

23.3.2		GENPACT shall implement appropriate procedures to ensure compliance with legislative, regulatory and contractual agreements on the use of material in respect of which there might be intellectual property rights and on the use of proprietary software products.

23.3.3		GENPACT shall ensure that copyrights and intellectual property rights are not violated.

23.3.4		GENPACT shall protect all important records from loss, destruction and falsification, in accordance with statutory, regulatory, contractual and business requirements.

23.3.5		GENPACT shall ensure data protection and privacy as required in relevant legislation, regulations and contractual clauses.

23.3.6		GENPACT shall ensure that cryptographic controls are used in compliance with all relevant agreements, laws and regulations.

23.3.7		GENPACT shall seek legal advice to ensure compliance with national laws and regulations.

23.3.8		GENPACT shall carefully plan the audit requirements and activities involving checks on operational systems so as to minimize the risk of disruptions to business processes.

23.3.9		GENPACT shall protect access to information systems audit tools in order to prevent any possible misuse or compromise.


23.4		ISO 27001 Clauses/ Controls Addressed

	•		A.6.1.8 — Independent review of Information Security

	•		A.15.1.1 — Identification of applicable legislation

	•		A.15.1.2 — Intellectual property rights (IPR)

	•		A.15.1.3 — Protection of organizational records

	•		A.15.1.4 — Data protection and privacy of personal information

	•		A.15.1.6 — Regulation of cryptographic controls

	•		A.15.3.1 — Information systems audit controls

	•		A.15.3.2 — Protection of information systems audit tools


		INFORMATION SECURITY POLICY


24.		APPENDIX

24.1		APPENDIX A: Abbreviations


•	BPMS	: Business Process Management System

•	BCP/DRP	: Business Continuity/ Disaster Recovery Planning team

•	EHS	: Environmental Health & Safety team

•	ISL	: Information Security Leader

•	RFP	: Request for Proposal

•	NDA	: Non-Disclosure Agreement

•	SPOC	: Single Points of Contact

•	ESR	: Employee Service Request

•	GTN	: GE Telecommunications Network

•	SSO	: Single Sign-On

•	SDLC	: Software Development Life Cycle

•	SLA	: Service Level Agreement

•	IPR	: Intellectual Property Rights

•	CIO	: Chief Information Officer

•	CTO	: Chief Technology Officer

•	CFO	: Chief Finance Officer


		INFORMATION SECURITY POLICY

24.2 APPENDIX B: Terms & Definitions

Certain Terms are used throughout this policy. In order to avoid misinterpretation, several of the more commonly used terms are defined below.


Associate	:	Any full time or part time worker who has been hired by GENPACT, and is authorized to read, listen, record, enter, or update GENPACT Data resources.

Temporary Personnel	:	Non- GENPACT personnel; typically temporary personnel contracted with GENPACT through a temporary employment agency. Although temporary personnel often have access to many corporate resources, they are not considered GENPACT associates.

Contract Programmer or Consultant	:	Any personnel who contracts to work for a local or corporate GENPACT IT department, typically on a specific project such as the implementation of a new application or platform. Contract programmers and consultants are not considered GENPACT associates.

COE	:	Centre of Excellence - GENPACT is vertically divided into different Business Units (BU) called Centres of Excellence, referred to as COE in this document.

ISL	:	Information Security Leader - accountable for the overall management of information security for each pole. The term ISL refers to local (pole) ISL. Wherever global ISL is required, it will be explicitly mentioned in the document.

Global ISL	:	Global Information Security Leader - accountable for the overall management of information security in GENPACT

ISMS	:	Information Security Management System - It is that part of the overall management system, based on a Business risk approach, to establish implement, operate, monitor, maintain and improve information security. The management system includes organization, structure, and policies, planning activities, responsibilities, practices, administration and resources.

GENPACT Global Security Council	:	GENPACT Management — responsible for overseeing the implementation of information security across the organization.

GENPACT Security Council	:	Information Security Forum for each of the poles. All local COEs have representation in GENPACT security council headed by GENPACT ISL. Security council refers to the


		INFORMATION SECURITY POLICY


		local (pole) security policy. Wherever global security council is required, it will be explicitly mentioned in the document.

Pole	:	Country office

Custodian	:	A full time associate who is appointed custodian is responsible for the administration of controls and for processing, storing and protecting data and other resources residing on personal computers, Servers, LANs or mainframes. This responsibility includes one or more of:

		• Providing physical safeguards

		• Developing procedural safeguards

		• Controlling and monitoring information access

		• Backing up data and other resources

Guardian	:	A management-level, full time associate of GENPACT company, who is responsible for creating or maintaining resources, including data or software which reside on a personal computer/Server, LAN or mainframe.

Home Computer	:	A generic term which applies to non-GENPACT desktop or laptop PC used by an associate or covered employee to perform work-related tasks or telecommute from a worksite other than a GENPACT location.

ID or User ID	:	A unique identifier assigned to a system user. It can be a domain user id or an SSO id

Information Resource	:	Any tangible or intangible asset owned, leased or rented by GENPACT for use by an associate or covered employee which stores, retrieves or possesses electronic or hardcopy data. This definition includes any peripheral devices or technologies which support or enhance the storage, retrieval or processing of electronic data.

Owner	:	An associate who creates any data would be the owner of that data and shall, be responsible for ensuring that the data is protected as per the security requirements set by GENPACT. Final ownership of any data shall be with GENPACT.

IT Fixed Asset Management Process

For GREEN DOT

Technology Equipment, Media selection and disposal guidelines

•		Technology Solution is provided with the right selection of equipments

•		All equipments are refreshed basis the guidelines laid out under (subject to availability of compatible successor or EOL whichever is earlier)


§	Desktops	[^***]

§	Workstation Phones	[^***]

§	Desktop Operating system (windows xp)	[^***]

§	Anti Virus	Regular Updates

§	Data network equipments	[^***]

§	Distributed Computing Equipments	[^***]

•

Disposal Policy – (Equipments sent out for repair / replacement are subject to data sanitization process)


^***		Confidential material redacted and filed separately with the Commission


GENPACT INTERNATIONAL, INC. acting through its Hungarian Branch		GREEN DOT CORPORATION

By:	/s/ Michael Corning	By:	/s/ Steve Streit
	(Signature)		(Signature)
	Name: Michael Corning Title: SVP, Business Development Date: 5/29/09		Name: Steve Streit Title: CEO Date: 5/28/09


23.	COMPLIANCE	45

	23.1 Objective	45

	23.2 Ownership and Responsibilities	45

	23.3 Policy Rules	45

	23.4 ISO 27001 Clauses/ Controls Addressed	45

	23.5 Associated Procedures/ Guidelines	46

24.	APPENDIX	47

	24.1 APPENDIX A: Abbreviations	47

	24.2 APPENDIX B: Terms & Definitions	48


		Page(s)
20.11	Remedies Cumulative		25

20.12	Entire Agreement; Amendments		25

20.13	Survival		25

20.14	Third Party Beneficiaries		25

20.15	Governing Law		25

20.16	Covenant of Further Assurances		25

20.17	Negotiated Terms		25

20.18	Export		25

20.19	Non-solicitation		26

20.20	Nondisclosure of Terms		26

20.21	Publicity		26


Exhibit 1		Definitions

Exhibit 2		Form of Statement of Work

Exhibit 3		Disaster Recovery Policy

Exhibit 4		Background Policy

Exhibit 5		Data Security Policy

Exhibit 6		Insurance

Exhibit 7		Information Security Addendum

Exhibit 8		Genpact Affiliates

Exhibit 9		Refresh Schedule


4.3.13	GENPACT shall establish guidelines for the handling and storage of information to protect it from unauthorized disclosure or misuse.

4.4	ISO 27001 Clauses/ Controls Addressed

	•	A.7.1.1 — Inventory of assets

	•	A.7.1.2 — Ownership of assets

	•	A.7.2.1 — Classification guidelines

	•	A.7.2.2 — Information labelling and handling

	•	A.10.7.3 — Information handling procedures

	•	A.10.7.4 — Security of system documentation

4.5	Associated Procedures/ Guidelines

	•	Asset Identification & Classification methodology

	•	Data classification guidelines

	•	Document management procedures

	•	Integrity policy

	•	Disciplinary process for breach of policy

	•	Innovation and proprietary information agreement

	•	GENPACT Human Resources Policy

	•		Cabling security guideline

	•		GENPACT Physical Security Polio

	•		Equipment and media disposal procedure

	•		External party connection to the GENPACT Network

	•		VPN End User Guidelines

	•		VPN Connections To GENPACT Network (VPN Hub)

	•		Waging GENPACT IP Network

	•		Segregation of networks

	•		Wireless LAN guidelines

	•		Modem Guidelines

	•		Firewall Security Guidelines

	•		A.15.2.1 — Compliance with security policy and standards

	•		A.15.2.2 — Technical compliance checking

	•		Procedures for monitoring of system use.

	•		ESR (Employee service request) process

	•		ISMS Management reference document.

	•		GENPACT Security Metrics BPMS.

	•		ESR (Employee Service request process

	•		GENPACT Human Resources Policy

	•		Account Management BPMS

	•		Guidelines for secure logon

	•		Procedure for checking for utilities / software installed

	•		Password :Management Guidelines

	•		SSO security guidelines For GENPACT worker

	•		Application Security Tollgate Review (Tollgate Procedure)

	•		Application Development/Change control procedures

	•		Data validation processing guidelines

	•		Outsourced software development guidelines

	•		Emergency evacuation procedure

	•		Disciplinary process for breach of policy

	•		Legal Knowledge Central

	•		ISMS Management Reference Document

	•		Integrity policy

	•		Document in management policy / Document retention Policy

	•		Data Privacy Policy


Personal Computer/Desktop/ Workstation	:	Also referred to as a PC, microprocessor, or desktop computer. It typically consists of a CPU, monitor and keyboard, and optional peripherals such as a modem or a printer.

Portable computer	:	A generic term that applies to any portable GENPACT owned or rented computer hardware, including the software loaded on it used by and assigned to any GENPACT associate regardless of their location.

	(a)		Errors and omissions/network and internet ($5MM) per occurrence and in annual aggregate.

	(b)		Crime ($5MM) per occurrence and in annual aggregate.

	(c)		Umbrella policy ($5MM) per occurrence and in annual aggregate.

	(d)		Commercial general liability ($1MM) per occurrence and in annual aggregate.

	1.		Genpact Services LLC. — Philippines

	2.		Genpact Administraciones-Guatemala, S.A. — Guatemala