KONE Acceptable use

Security Policy

1. PURPOSE
This policy is intended to provide a clear understanding of a security framework
regarding acceptable
use of KONE�s computer environment to protect KONE business, employees, and
partners from
illegal or damaging actions.

2. SCOPE
This policy applies to employees, contractors, consultants, temporaries, and other
workers at KONE,
including all personnel affiliated with third parties. This policy applies to all
computer equipment that is
KONE owned, leased or used to store and operate KONE data.

3. POLICY
# KONE end-user devices are allocated for business purposes only upon appropriate
approval
from KONE management. Only allowed standard devices and KONE standard software must
be used.
# Only authorized staff are allowed to perform support functions, including
hardware or software
modifications. System administrator privileges should not be available for end
users without
approval from GIS Security.
# All end-user devices must comply to the corporate standards for security
protection (antivirus,
patches, firewall, etc.). Privileges for modifying these tools must be limited to
authorized
support staff.
# KONE data must be stored on servers where adequate levels of security and
redundancy are
provided. No sensitive data should be stored locally. All data is a subject of
antivirus scanning.
Upon relevant approval, data may be a subject to audit.

4. TARGET AUDIENCE
End-users
# Must strictly follow all related KONE policies and procedures while operating
KONE end-user
device and software.
# Must never try to compromise KONE security protection measures or knowingly
circumvent
corporate security procedures. Users are accountable for the actions taken under
their user id
and for ensuring the privacy of their password(s).
# Must never utilize KONE owned resources in ways that can bring harm to KONE
business,
KONE image or KONE staff. Non-business usage of equipment is allowed but should be
restricted to minimum. Non-business usage may not be a reason for modification of
Software
or Hardware configuration.
# Must under no circumstances is an employee of KONE authorized to engage in any
activity
that is illegal under local, state, federal or international law while utilizing
KONE owned
resources.
# Must report immediately all cases of IT & security incidents or this policy�s
violation to GIS
Security.
Operations team
# Define & maintain list of standard hardware and software. Must allocate and
receive devices
and software according to standard procedures, perform asset and licenses tracking.
# Perform end-user support according defined SLA.
# Must ensure that all protection measures are installed, up-to-date and properly
configured.
Must provide compliancy reports based as per SLA and/or identification of non-
compliance.
� 2005 KONE Corporation BDS0201
All rights reserved. 2 ( 2 ) (-) 2006-08-17
# Must ensure proper acceptance forms are signed and archived.
# Must ensure that recycled devices are thoroughly cleaned before reassignment to a
user or
returning to the provider.
GIS ISS Security
# Develops and reviews Acceptable Use policies and related processes.
# Performs periodical compliancy check.
# Escalate cases of non-compliancy.

5. REFERENCE TO PROCEDURES
For further guidance refer to the following associated Acceptable Use procedures,
standards and
guidelines.

6. ACCEPTANCE OF THE POLICY

Every KONE employee, consultant and contractor must carefully read this policy and
related
procedures prior to get access to KONE environment. As misuse of KONE owned
resources may
cause a significant harm to KONE end-users must confirm this policy�s statements
understanding by
signing an acknowledgement form.

7. COMPLIANCY
The use of KONE owned resources in a way which is not compliant with current policy
is strictly
forbidden. All known cases of violation must be immediately reported to GIS
security group. Identified
use of system or data non-compliant with KONE policies, procedures and standards
will be stopped
immediately without warning.
KONE reserves the right to audit networks and systems on a periodic basis to ensure
compliance
with this policy. KONE also reserves the right to monitor networks and workstations
if abuse is
suspected.
All exceptions to this policy are subject to written approval from Security office.
Violation of this policy will result in disciplinary action up to, and including,
termination.