Network Solutions has implemented the following organizational, physical and procedural safeguards to ensure that revenues and assets of the Network Solutions Registry business are not utilized to advantage the Network Solutions Registrar business to the detriment of other competing registrars. Network Solutions recognizes the potential for organizational conflicts of interest ("OCI") between the Registry and Registrar businesses and has placed these generally accepted, US Government recognized safeguards in place to avoid operational issues.
I. NSI ORGANIZATIONAL STRUCTURE
In recognition of potential OCI, Network Solutions established organization barriers by separating Network Solutions Registry, Registrar and Information Technology Services businesses into separate profit and loss ("P&L") centers, each with its own General Manager. Each General Manager reports directly to the Chief Executive Officer of Network Solutions and has dedicated direct reporting employees in the finance, marketing, engineering, customer affairs and customer service functions, as appropriate. Each P&L employee is dedicated to the line of business for which he/she directly works.
The corporate administrative support functions under the Chief Financial Officer, Chief Information Officer, Chief Technology Officer, and General Counsel provide support to each line of business on a cost allocated basis or a dedicated project accounting basis. These officers and the Chief Executive Officer will be compensated based on consolidated financial results, versus Registrar or Registry results.
The Registry General Manager has authority over all operational decisions and is the business owner of this compliance plan. The Registry employs a Compliance Officer to administer day-to-day oversight and administration of this plan.
The Network Solutions General Counsels office employs an overall OCI compliance function to oversee corporate adherence to the Plan and to resolve potential conflicts or actual conflicts among Network Solutions functions.
II. FINANCIAL SEPARATION
The Registry business accounts for its own costs, revenues, cash flow, etc. as a separate P&L center, using separate and distinct systems and accounting functions. Reasonable and independently auditable internal accounting controls are in place to ensure the adequacy of these systems and functions. The individual financial statements of each P&L center are then consolidated at the corporate level for tax and SEC reporting.
III. LOCATION CHANGE
To further separate businesses and, among other things, ensure that the risk of inadvertent disclosure of sensitive information is effectively mitigated, Network Solutions has relocated the Registry and Registrar businesses to separate facilities.
IV. PHYSICAL BARRIERS
Each NSI business unit employee has a security badge that will provide him/her access only to the facility he/she works in and the Network Solutions headquarters facility. At the Registry facility, only Registry-assigned personnel ("Registry Personnel") will have regular badge access to the premises and any other person will be treated as a visitor to the facility and will gain access only through established visitor sign-in and identification badge procedures.
V. ACCESS TO THE REGISTRY
The Registry business provides access to all Registry customers through the following mechanisms and separates Registry Systems and information from NSI Registrar Systems and information through these processes:
1. All Registrars (including Network Solutions as a Registrar) connect to the Shared Registration System Gateway via the Internet by utilizing the same maximum number of IP addresses and SSL certificate authentication.
2. All Registrars have access to Registry-generated data to reconcile their registration activities from Registry Web and ftp servers. All Registrars may perform basic automated registrar account management functions using the same Registrar tool made available to all Registrars by the Registry.
3. The Shared Registration System does not include any algorithms that differentiate among Registrars with respect to functionality, including database access, system priorities and overall performance.
4. Network Solutions as Registrar will not be given any access to the Registry not available to any other Registrar.
5. Any information regarding the technical interface of Registry/Registrar operations will be made equally available to all Registrars.
VI. INFORMATION CONTROL
The Registry has in place various procedural safeguards to ensure that data and information of the Registry business are not utilized to advantage the Network Solutions Registrar business. Network Solutions has adopted a policy regarding the marking, access and dissemination of business sensitive information (Exhibit A). This policy requires employees to mark all sensitive information as "Registry Sensitive Information." Furthermore, the policy requires that all sensitive information be limited in access and disseminated only to those Registry Personnel and other personnel who are identified to have a legitimate "need to know," which shall not include Registrar-assigned personnel. The Registry General Manager maintains a matrix that dictates who can access particular categories of Registry Sensitive information. All sensitive information is secured in an appropriate manner to ensure confidentiality and security. Consent of the Registry General Manager is required prior to release of financial or statistical information relating to the Registry business.
All Registry Personnel and other employees who have a need to know Registry business undergo a formal OCI Training Program, developed by the Registry Compliance Officer, providing the staff members with a clear understanding of this Plan and the staff members responsibility under the plan. OCI training is required before any potential staff member is given an assignment or access to Registry material. OCI refresher training is given on an annual basis.
VIII. NON-DISCLOSURE AGREEMENTS/OCI AVOIDANCE CERTIFICATIONS
Upon completion of the training program, all Registry Personnel and other employees who have a need to know Registry business (which shall not include Registrar-assigned personnel), are required to sign a non-disclosure agreement (Exhibit B) and a Registry Business OCI Avoidance Certification (Exhibit C) acknowledging his/her understanding of the OCI requirements, and certifying that he/she will strictly comply with the provisions of the OCI Plan. The signed agreements are maintained in the program files and the individuals personnel file. Each staff member acknowledges verification of the annual refresher training required by this Plan.
Policy/Procedure No. A-1
Page 1 of 3
Title: Access and Dissemination of Proprietary Information Date: September 24, 1999
Approved: Jim Rutt, Chief Executive Officer
1. Purpose: To establish policies (i) for the protection of Proprietary Information developed by and/or in the possession of Network Solutions, Inc. ("Network Solutions"), and (ii) for the protection of Sensitive Information of the Registry Business to ensure that the revenue and assets of the Registry Business are not utilized to advantage the Registrar Business to the detriment of other competing registrars.
2. Scope: This policy is applicable to all employees of Network Solutions.
3.1 Proprietary Information. Financial, personnel, technical, or business information owned or possessed by Network Solutions which has not been authorized for public release. Such information is frequently referred to as "Proprietary Information," "Confidential Information" or "Privileged Information."
3.2 Registry Sensitive Information. Proprietary Information or other financial, personnel, technical, or business information owned or possessed by Network Solutions relating to its Registry business which could be utilized to advantage the Network Solutions Registrar business to the detriment of other competing registrars. Examples are found in Attachment 1.
3.3 Registrar Sensitive Information. Proprietary Information or other financial, personnel, technical, or business information owned or possessed by Network Solutions relating to its Registrar business.
3.4 Computer Software. Computer programs and computer databases.
3.5 Computer Software Documentation. Technical data, including computer listing and printouts, in human-readable form which (i) document the design or details of computer software, (ii) explain the capabilities of the software, or (iii) provide instructions for using the software to obtain desired results from a computer.
4. Procedures for Protection of Proprietary Information:
4.1 Responsibility. Managers are responsible for identifying Proprietary Information, Registry Sensitive Information and Registrar Sensitive Information developed, produced or possessed by their business unit and for instructing employees reporting to them regarding the proper handling and safeguarding of such information. Each Network Solutions employee should exercise reasonable care to protect Proprietary Information, Registry Sensitive Information and Registrar Sensitive Information from unauthorized or inadvertent disclosure.
4.2 Disclosure. It is recognized that there are occasions to disclose Proprietary Information to outsiders. Such disclosure should not be made without the prior written approval of an authorized Corporate officer of Network Solutions. Advice from Corporate counsel should be obtained on all questions relating to the identification or releasing of Proprietary Information, Registry Sensitive Information or Registrar Sensitive Information.
4.3 Marking of Documents. Employees should, as a matter of routine, mark each document containing Proprietary Information, Registry Sensitive Information or Registrar Sensitive Information with one of the markings described below at the time the document is produced. Computer tapes and other recorded material should be identified by proper labeling which is visible to the ordinary person while the material is being stored. In addition, all such material should have a warning notice at the beginning of the material to ensure the user is forewarned about the proprietary or sensitive nature of its contents (as soon as access is afforded to a computer tape or at the beginning of a sound recording, etc.).
4.3.1 Internal Documents
On internal documents (reports, memoranda, drawings, etc.) the applicable following legend shall be put at the top or bottom of the first page or, in the case of drawings, in the space provided for such legends. The "need to know" principle shall be the guideline when divulging Proprietary Information or Sensitive Information internally.
The information on this document is proprietary to Network Solutions. It may not be used, reproduced or disclosed without the written approval of Network Solutions.
The information on this document is proprietary to Network Solutions and Network Solutions Registry business. It may not be used, reproduced or disclosed without the written approval of the General Manager of the Network Solutions Registry business.
The information on this document is proprietary to Network Solutions and Network Solutions Registrar business. It may not be used, reproduced or disclosed without the written approval of the General Manager of the Network Solutions Registrar business.
4.3.2 Documents for External Distribution
A. Reports and Similar Documents
The following legend shall be typed or stamped on the cover and/or title page of reports or on the face of other documentation provided to others:
This document is the property of Network Solutions, Inc. It may be used by recipient only for the purpose for which it was transmitted and shall be returned upon request or when no longer needed by recipient. It may not be copied or communicated without the prior written consent of Network Solutions.
On letters to outsiders which contain Proprietary Information, the following statement or equivalent shall appear in the text:
Information contained herein is Network Solutions Proprietary Information and is made available to you because of your interest in our company (or program, etc.). This information is submitted in confidence and its disclosure to you is not intended to constitute public disclosure or authorization for disclosure to other parties.
C. Proposals to Commercial Companies
1.A restrictive legend such as the following shall be placed on the title page of each volume of the proposal:
Network Solutions, Inc.s (NSIs) proposal, which follows, contains information and data that are privileged and/or confidential to NSI. This information and data are not made available for public review and are submitted voluntarily to XYZ COMPANY NAME only for purposes of review and evaluation in connection with this proposal. No other use of the information and data contained herein is permitted without the express written permission of NSI. Information and data contained herein is protected by the Virginia Trade Secrets Act, as codified, and any improper use, distribution, or reproduction is specifically prohibited. No license of any kind whatsoever is granted to any third party to use the information and data contained herein unless a written agreement exists between NSI and the third party which desires access to the information and data. Under no condition should the information and data contained herein be provided in any manner whatsoever to any third party without the prior written permission of NSI. The data subject to this restriction is contained in pages ________.
2.Each page of the proposal which contains Proprietary Information shall be marked as follows:
Use or disclosure of proposal information is subject to the restriction on the title page of this proposal.
D. Proprietary Information Released Pursuant to Contract
When Proprietary Information is exchanged between Network Solutions and another company, a Confidentiality Agreement or Non-Disclosure Agreement shall be executed by the parties concerned.
1.The parties will designate in writing one or more individuals within their own organization as the only person(s) authorized to receive Proprietary Information exchanged between the parties pursuant to this Agreement (see Attachment 2 for a sample agreement).
2.All information which the disclosing party claims as proprietary shall be received in writing, clearly identified as proprietary, and delivered personally or by mail addressed to individuals designated above to receive the Proprietary Information.
When not in use, Proprietary Information, Registry Sensitive Information or Registrar Sensitive Information should be stored in a locked desk, cabinet or file. Such material should not be left unattended during the workday and should be turned face down in the presence of visitors or employees who have no need to know.
Burning, shredding or comparable methods should be used for the destruction of Proprietary Information, Registry Sensitive Information or Registrar Sensitive Information.
7. Terminating Employees
Terminating employees should be reminded of their responsibilities and obligations in protecting Proprietary Information as outlined in Administrative Policy A-3, "Standards of Business Ethics and Conduct." Permission to retain such information after termination must be in writing and approved by the Network Solutions General Counsel prior to removal.
8. Third-Party Proprietary Information
Proprietary Information received from other companies through contractual or pre-contractual relationships will be afforded the same level of protection given to Network Solutions Proprietary Information.
Questions concerning implementation or interpretation of this policy should be referred to the appropriate General Manager or the General Counsel.
A. Engineering Information
Engineering information, including schematics, code, and engineering notes should be considered Registry Sensitive Information.
B. Statistical Information
Some statistical information will be available for public consumption. Such information does not require any special treatment, so long as neither the Network Solutions Registrar nor Registry does not receive any preferential treatment (e.g., early access to such information). Other statistics, such as numbers of registrations, transfers, etc., performed by each registrar, as well as processing times, numbers of failures or any information that is trending negative or contains negative performance factors not generally available to the public should be considered either Registry Sensitive Information or Registrar Sensitive Information, as applicable.
One area of statistical data that is deserving of special attention is Registry information pertaining to the numbers of registrations, transfers, etc., performed by each registrar. All such information is Registry Sensitive Information and will be treated accordingly. Unless otherwise approved, registration activity information must be protected from disclosure to any registrar other than the registrar to which the information refers. Such protection extends to precluding Network Solutions Board of Directors, Chief Executive Officer, Chief Financial Officer, and the General Manager of the Registrar business from access to Registry Sensitive Information pertaining to any registrar other than Network Solutions.
C. Financial Information
Financial data related to either the NSI Registry or Registrar is Sensitive Information and will not be released without the express consent of the applicable General Manager, Chief Executive Officer or Chief Financial Officer of Network Solutions. Monthly expenses and income shall be kept sensitive and restricted from disclosure to any party other than the appropriate Registry or Registrar staff and select members of Network Solutions senior staff.
This is an Agreement, effective _______________ __, 199_ between Network Solutions, Inc. (hereinafter referred to as "NSI") and _________________________ (hereinafter referred to as "_________________"). It is recognized that it may be necessary or desirable to exchange information between NSI and _________________ for the purpose of ____________________________ _____________________________________________. With respect to the information exchanged between the parties subsequent to this date, the parties agree as follows:
(1) "Proprietary Information" shall include, but not be limited to, performance, sales, financial, contractual and special marketing information, ideas, technical data and concepts originated by the disclosing party, not previously published or otherwise disclosed to the general public, not previously available without restriction to the receiving party or others, nor normally furnished to others without compensation, and which the disclosing party desires to protect against unrestricted disclosure or competitive use, and which is furnished pursuant to this Agreement and appropriately identified as being proprietary when furnished.
(2) In order for proprietary information disclosed by one party to the other to be protected in accordance with this Agreement, it must be: (a) in writing or in electronic form; (b) clearly identified as proprietary information at the time of its disclosure by each page thereof being marked with an appropriate legend indicating that the information is deemed proprietary by the disclosing party; and (c) delivered by letter of transmittal, hand delivery, or electronically transmitted to the individual designated in Paragraph 3 below, or his designee. Where the proprietary information has not been or cannot be reduced to written or electronic form at the time of disclosure and such disclosure is made orally and with prior assertion of proprietary rights therein, such orally disclosed proprietary information shall only be protected in accordance with this Non-Disclosure Agreement provided that complete written summaries of all proprietary aspects of any such oral disclosures shall have been delivered to the individual identified in Paragraph 3 below, within 20 calendar days of said oral disclosures. Neither party shall identify information as proprietary which is not in good faith believed to be confidential, privileged, a trade secret, or otherwise entitled to such markings or proprietary claims.
(3) In order for either party's proprietary information to be protected as described herein, it must be submitted in written or electronic form as discussed in Paragraph 2 above to:
Telephone No: ________________
FAX No: _____________________
(4) Each party covenants and agrees that it will keep in confidence, and prevent the disclosure to any person or persons outside its organization or to any unauthorized person or persons, any and all information which is received from the other under this Non-Disclosure Agreement and has been protected in accordance with paragraphs 2 and 3 hereof; provided however, that a receiving party shall not be liable for disclosure of any such information if the same:
A. Was in the public domain at the time it was disclosed,
B. Becomes part of the public domain without breach of this Agreement,
C. Is disclosed with the written approval of the other party,
D. Is disclosed after three years from receipt of the information,
E. Was independently developed by the receiving party,
F. Is or was disclosed by the disclosing party to a third party without restriction, or
G. Is disclosed pursuant to the provisions of a court order.
As between the parties hereto, the provisions of this Paragraph 4 shall supersede the provisions of any inconsistent legend that may be affixed to said data by the disclosing party, and the inconsistent provisions of any such legend shall be without any force or effect.
Any protected information provided by one party to the other shall be used only in furtherance of the purposes described in this Agreement, and shall be, upon request at any time, returned to the disclosing party. If either party loses or makes unauthorized disclosure of the other party's protected information, it shall notify such other party immediately and take all steps reasonable and necessary to retrieve the lost or improperly disclosed information.
(5) The standard of care for protecting Proprietary Information imposed on the party receiving such information, will be that degree of care the receiving party uses to prevent disclosure, publication or dissemination of its own proprietary information, but in no event less than reasonable care.
(6) Neither party shall be liable for the inadvertent or accidental disclosure of Proprietary Information if such disclosure occurs despite the exercise of the same degree of care as such party normally takes to preserve its own such data or information.
(7) In providing any information hereunder, each disclosing party makes no representations, either express or implied, as to the information's adequacy, sufficiency, or freedom from defect of any kind, including freedom from any patent infringement that may result from the use of such information, nor shall either party incur any liability or obligation whatsoever by reason of such information, except as provided under Paragraph 4, hereof.
(8) This Non-Disclosure Agreement contains the entire agreement relative to the protection of information to be exchanged hereunder, and supersedes all prior or contemporaneous oral or written understandings or agreements regarding this issue. This Non-Disclosure Agreement shall not be modified or amended, except in a written instrument executed by the parties.
(9) Nothing contained in this Non-Disclosure Agreement shall, by express grant, implication, estoppel or otherwise, create in either party any right, title, interest, or license in or to the inventions, patents, technical data, computer software, or software documentation of the other party.
(10) Nothing contained in this Non-Disclosure Agreement shall grant to either party the right to make commitments of any kind for or on behalf of any other party without the prior written consent of that other party.
(11) The effective date of this Non-Disclosure Agreement shall be the date upon which the last signatory below executes this Agreement.
(12) This Non-Disclosure Agreement shall be governed and construed in accordance with the laws of the Commonwealth of Virginia.
(13) This Non-Disclosure Agreement may not be assigned or otherwise transferred by either party in whole or in part without the express prior written consent of the other party, which consent shall not unreasonably be withheld. This consent requirement shall not apply in the event either party shall change its corporate name or merge with another corporation. This Non-Disclosure Agreement shall benefit and be binding upon the successors and assigns of the parties hereto.
(14) Both parties agree to take all reasonable precautions to prevent any trading in Company securities by their respective officers, directors, employees and agents having knowledge of the proposed transaction between the parties until the proposed transaction has been sufficiently publicly disclosed. The parties understand and agree that until a press release is issued regarding a proposed transaction between the parties, neither party will disclose the fact that negotiations are taking place, except to professional advisors and to employees of the parties on a need-to-know basis.
(15) It is further understood and agreed that money damages would not be a sufficient remedy for any breach of this agreement by either party or any of its representatives and that the non-breaching party shall be entitled to equitable relief, including injunction and specific performance, as a remedy for any such breach. Such remedies shall not be deemed to be the exclusive remedies for a breach of this agreement but shall be in addition to all other remedies available at law or equity. In the event of litigation relating to this agreement, if a court of competent jurisdiction determines that either party or any of its representatives have breached this agreement, then the breaching party shall be liable and pay to the non-breaching party the reasonable legal fees incurred in connection with such litigation, including an appeal therefrom.
Network Solutions, Inc.
I understand I am an employee assigned to the Registry business of Network Solutions, Inc. ("Network Solutions") or another employee who has a need to know information related to the Registry Business of Network Solutions (but not a Registrar-assigned employee) which is proprietary, confidential or business sensitive, belonging to the Registry Business of Network Solutions, other companies or customers of the Registry Business ("Need to Know Employee"). I agree not to disclose or otherwise disseminate such information to anyone other than Need to Know Employees, except as directed, in writing, by the General Manager of the Registry Business or his/her designee. This prohibition is specifically intended to prevent the disclosure of any such information to Network Solutions Registrar-assigned personnel. I understand that disclosure of such information to anyone other than a Need to Know Employee or use of such information could result in personal liability for such unauthorized use or disclosure.
I agree to use such proprietary, confidential and/or business sensitive information only in the performance of requirements necessary to carry out my duties as a Need to Know Employee , and I agree to take suitable precautions to prevent the use or disclosure of such information to any party, other than Need to Know Employees. I will report to the General Manager of the Registry Business or his/her designee any potential violation of this agreement. I further agree to surrender any and all data and information, of any type whatsoever, to the General Manager of the Network Solutions Registry Business or his/her designee upon the termination of my employment as an employee of Network Solutions, or my assignment with the Network Solutions Registry Business.
I certify that I have read and fully understand this Non-Disclosure Agreement and agree to abide by all requirements contained herein. I understand that my strict compliance is essential to Network Solutions Registry Business, and any violation of these requirements may result in termination of my employment.
I hereby certify that I have received training in and understand the requirements of conflict of interest issues and the requirements of the Organizational Conflict of Interest Compliance Plan of the Registry Business of Network Solutions, Inc. I certify that I will strictly comply with the provisions of this Plan. I understand my obligation to (i) refrain from any activities which could pose a personal conflict of interest and (ii) report to the General Manager of the Registry Business, any conflict, whether personal or organizational, which is perceived or identified during the course of my employment with the Registry Business.