IMRB International Declaration

Declaration Name: Common Declaration.

Purpose of Declaration: For SOX Compliance

Scope of Declaration: All IT Infrastructure and Financial Systems

Performed By: IT & Finance Department

Update Required: When there are changes

Risk in case of non In-effective SOX Control.

compliance:

Control No 9: Password Control

Here it is declared that for IMRBINT.local domain:
I. Password of below accounts are by default set to do not expire, these
account are compulsory to run IIS & Sophos servers internal processes to
interact with different windows services and website controls.

Sophos Antivirus processing accounts:

"CN=Sophos Update, OU=Corporate Systems, OU=MUM HQ,
DC=imrbint, DC=local"
"CN=SophosSAUIMPUNRADC30, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUCHNRES-ADC0, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUCOADC0, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUIMMUMCADC80, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUIMKOLFADC30, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUPUNFLDADC0, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUIMDELTADC30, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUPUNFLDADC1, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUIMBNGRADC30, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUPUNFLDADC2, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUIMGGNRADC30, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUCHNFLS-ADC0, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUCOPDC0, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUBNGFLS-ADC0, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUKOLITS-ADC0, CN=Users, DC=imrbint, DC=local"
"CN=SophosSAUDELITS-ADC0, CN=Users, DC=imrbint, DC=local"

IIS processing accounts:

"CN=IUSR_PUNFLDADC, CN=Users, DC=imrbint, DC=local"
"CN=IUSR_IMPUNRADC301, CN=Users, DC=imrbint, DC=local"
"CN=IUSR_DELITS-ADC, CN=Users, DC=imrbint, DC=local"
"CN=IUSR_CHNRES-ADC, CN=Users, DC=imrbint, DC=local"
"CN=IUSR_CHNITS-DC, CN=Users, DC=imrbint, DC=local"
"CN=IUSR_KOLITS-ADC, CN=Users, DC=imrbint, DC=local"
"CN=IUSR_BNGFLS-ADC, CN=Users, DC=imrbint, DC=local"
"CN=IUSR_COADC, CN=Users, DC=imrbint, DC=local"
"CN=IUSR_IMKOLFADC301, CN=Users, DC=imrbint, DC=local"
"CN=IUSR_GGNITS-MAIL, CN=Users, DC=imrbint, DC=local"

- 1 of 3 -
 IMRB International Declaration

"CN=IUSR_IMBNGRADC301, CN=Users, DC=imrbint, DC=local"

"CN=IWAM_PUNFLDADC, CN=Users, DC=imrbint, DC=local"
"CN=IWAM_BNGFLS-ADC, CN=Users, DC=imrbint, DC=local"
"CN=IWAM_CHNRES-ADC, CN=Users, DC=imrbint, DC=local"
"CN=IWAM_CHNITS-DC, CN=Users, DC=imrbint, DC=local"
"CN=IWAM_KOLITS-ADC, CN=Users, DC=imrbint, DC=local"
"CN=IWAM_DELITS-ADC, CN=Users, DC=imrbint, DC=local"
"CN=IWAM_IMPUNRADC301, CN=Users, DC=imrbint, DC=local"
"CN=IWAM_IMKOLFADC301, CN=Users, DC=imrbint, DC=local"
"CN=IWAM_GGNITS-MAIL, CN=Users, DC=imrbint, DC=local"
"CN=IWAM_IMBNGRADC301, CN=Users, DC=imrbint, DC=local"

Ldap integration with AD for IT & HR service desk.

"CN=otrs_ldap, OU=Corporate Systems, OU=MUM HQ, DC=imrbint,
DC=local"

II. Below two accounts were created on DC for providing access to presentation
laptops and IT support team of CMS.
Cms.fms  - CMS IT support team
Cosystem – Presentation laptops and general computer access

III. The account “adm_mcnicholasjo” was created with domain admin privileges
for AD replication between IMRBINT, Kantar Group and TNS domains.

IV. The account “otrs_ldap” was created for AD integration with IT ServiceDesk
and HR Servicedesk portal.

V. Here it is declared that on KT domain password for account

otrs_ldap@grpitsrv.com is set to never expire as this is service account and
used for AD integration with IT ServiceDesk and HR Servicedesk portal.

Control 10: Accounts Control

Here it is declared that:
a. The following accounts have server admin rights as described below.

Enterprise admin for IMRBINT – prakash.panda, & santosh.sandupatla

Domain admin for IMRBINT – prakash.panda, santosh.sandupatla and

adm_mcnicholasjo

b. The following account have rights on KT domain

adm_pandap – Admin for India (IMRB)
adm_sandupatlas – User admins
adm_pachpores – User admins
adm_kollonj - User admins
adm_rsenthil - User admins
adm_roys - User admins
adm_sahoob - User admins
adm_khatuap - User admins

Control 14: Physical Access

- 2 of 3 -
 IMRB International Declaration

Here it is declared that:

a. Lekha Bajpai, Prakash Panda, & Santosh Sandupatla are given access to
server room at Mezzanine Floor, ‘A’ Wing, Mhatre Pen Building & ‘B’ Wing 2nd
Floor, Mhatre Pen Building, Mumbai for administrative work.
b. Safal pachpore is given access to server room at IMRB International 229-
240, 2nd Floor, Sohrab Hall, Sasson Road, Off. Tadiwala Road, Pune - 411
001 for administrative work.
c. Jijesh Kollon is given to server room at IMRB International 95/3, M R Kote
Plaza, Doddanakundi, Marathahalli, KR Puram, Outer Ring Road, Bangalore
– 560037 for administrative work.
d. Senthil R is given access to server room at IMRB International Visnu
Building, New No.105, Old No.92, Pantheon Road, Egmore, Chennai 600 008
for administrative work.
e. Sunil Roy is given access to server room at IMRB International 8, Balaji
Estate 1st Floor, Guru Ravidass Marg, Kalkaji, New Delhi - 110 019 for
administrative work.
f. Bivudatta Sahoo is given access to server room IMRB International SCO-
47, Old Judicial Complex, Sec-15, Gurgaon-122001, Haryana for
administrative work.
g. Pradip Khatua is given access to server room at IMRB International 10th
Floor, 11, Shakespeare Sarani, Kolkata - 700 071 for administrative work.
h. In case of emergency the Security Guard on duty at above mentioned
locations are given rights to access server room. However the security should
inform either one of above member or to commercial or admin member on the
need to access the server room
i. Visitors log book is maintained at all the server rooms. Log book should be
ratified by authorized concerned person within 48 hours if server room is
accessed by security in case of emergency.

1) Revisions Log:
Revisions Editor IT Approved By Approved By Date
Manager Financial IT Head
Director

Created KITP Team Hemant Bansal Lekha Bajpai 21-Nov-

2013

- 3 of 3 -