Information Security Terms & Conditions

1. Overview

This document defines the Information Security requirements that must be met by Consultants engaged to deliver Services to iMerit, Inc.

2. Definitions

• “iMerit” includes iMerit, Inc and all its subsidiaries.

• “Consultant” includes Consultant engaged to deliver Products to iMerit whether directly or through a Third-Party.

• “System” includes the hardware, software, and network infrastructure the Consultant uses and/or provides to create iMerit deliverables.

• “Equipment” includes hardware, software and network devices that form part of a system.

All Consultant Personnel

The following requirements are required of the Consultant providing professional technology services to iMerit:

1

Requirement

The Consultant adheres to local and international environmental, social, health & safety and business integrity laws and regulations in each jurisdiction in which it operates.

2

Requirement

The Consultant reviews and acknowledges their understanding of and commitment to comply with iMerit Code of Conduct, Anti-harassment and Information Security Management System (ISMS) policies.

3

Requirement

The Consultant takes steps to prevent unauthorized access to the facilities or information used to create iMerit deliverables.

4

Requirement

Consultant uses only Systems in performing Services that conform to iMerit SOW requirements. Use of personal equipment must be pre-authorized in writing by iMerit.

5

Requirement

The Consultant returns or securely destroys all proprietary and/or confidential information provided to the Consultant at completion of each SOW in accordance with iMerit’s policies for secure data deletion.

Consultant Working using iMerit Provided Equipment

All Consultant Personnel when working from Consultant facilities or home offices using iMerit provided equipment, Consultant shall:

1

Acknowledge receipt

Acknowledge receipt of the equipment and Consultant’s personal and financial responsibilities regarding use and protection of that equipment.

2

ISMS compliance

Adhere to iMerit’s ISMS policies and procedures pertaining to use of such equipment.

3

Authorized use

Use the equipment for iMerit Inc. business related purposes only.

4

Software licensing

Avoid installing any unauthorized copies of software and comply with software copyright infringement laws.

5

Report changes

Promptly report and document any changes in the status of such equipment to their iMerit supervisor.

6

Report theft

Report any theft of equipment to local police as well.

7

Return equipment

Promptly return equipment at completion of services in accordance with iMerit’s instructions.