Network and Computer Usage Policy

Announcement of Ratch Group Public Company Limited

No.2/2019

Re: Network and Computer Usage Policy

In order to use the company's network and computer systems effectively and create maximum benefit, the company has set a policy for the network and computer systems usage as guideline.

Introduction

1. This policy is set out for employees or other persons permitted to use the Company’s network system, computer and information system as well as the connection to the Internet via the Company’s network. All employees and other related persons are required to strictly comply with this policy.
2. As the Company business operation is under the Thai law, the network system and computer usage as well as the connection to the Internet must comply with the Computer-related Crime Act and other related law.
3. The computer system, computers and the connection device are the assets provided by the Company for supporting the Company’s business.
4. The Company reserves the right to investigate, collect evidences and perform any necessary action in cases where the violation or incompliance with Network and Computer Usage Policy as well as regulations relating to the connection to the Internet is found.

Chapter 1

1. In this notification, the terms and definitions are as follows:
   1. “Company” refers to RATCH Group Public Company Limited and subsidiaries that provides and uses the computer network and shared information.
   2. “Supervisor” refers to the person with authority to command according to the Company’s organizational structure.
   3. “Employee” refers to the Company’s employees, probationary employees and temporary employees.
   4. “Network system and computer” refers to the computers which is the Company’s assets as well as its accessories, network and remote desktop connection-related accessories in the Company.
   5. “Information” means a material which communicates matters, facts, data or anything, whether such communication is made by the nature of such material itself or through any means whatsoever and whether it is arranged in the form of a document, file, report, book, diagram, map, drawing, photograph, film, visual or sound recording, or recording by a computer or any other method which can be displayed;
   6. “Information system” refers to the Company’s computer program system relating to information and data storage, process and output in order to support the Company’s operation.
   7. “Administrator” refers to the Manager of Network System and Computer Department; Manager of Information System Management Department; or other employees designated by the Vice President and higher-level executives to be responsible for maintaining computer and computer network which can access computer network program in order to manage data base of computer network and/or designated to be responsible for developing, correcting and monitoring data base and programs; or units directly responsible for maintaining computer and computer network or information system.
2. The Vice Executive President-Corporate Administration shall have authority to stipulate additional regulations and practices in compliance with this notification as appropriate.

Chapter 2

1. The use of network and computer
   1. The network system shall be used via the Company’s computer only.
   2. The use of network system via other computer (that is not the Company’s computer) shall be permitted by the administrator. In case where the inappropriate use is found, the administrator shall be authorized to immediately disable the said inappropriate use.
2. The use of information system
   1. The information system development or improvement must be jointly tested by the user and the administrator before the official launch of information system.
   2. The use of information system must be in line with the access control as agreed between the administrator and users. The access control table was approved by the Executive Vice President- Corporate Administration or higher-level executives.

Chapter 3

1. All employees are authorized to use the network, computer and information system under this terms and conditions. The Company shall appropriately stipulate the disciplinary punishment and take the legal action against those who are incompliance with this policy that causes damage to the Company or any person.
2. The employees shall efficiently use the network resource and avoid downloading/uploading information or performing other action that is irrelevant to their works as well as browsing websites that are not related to their works.
3. The employees shall be polite and use appropriate language for sending or forwarding any message to other persons as well as complying with good practice for the use of network.
4. The employees must be cautious about the use of network and shall not allow other persons to access the network through their own account.
5. To prevent other persons’ misuse of the employees’ password that may cause damage to the Company, the employees shall keep the password confidential and avoid setting programs to automatically remember the password in their personal computer.
6. If computer virus is found, the employees shall immediately report this to the administrator for promoting the safety of computer network.
7. The employees shall delete irrelevant or unnecessary information from their personal computer in order to save the memory and storage.
8. The employees shall work in collaboration with and facilitate the administrator or the computer network system unit to check the safety of personal computers and computer network as well as complying with suggestions about safety of the computer network system of the Company.
9. The employees are prohibited to use the network and computer for:
   1. Illegal actions that may cause damage to other persons
   2. Any action that is contrary to public orders or good moral
   3. Trading or seeking profit or personal interest
   4. Disclosure of confidential information derived from operation for the Company, including information of the Company, employees and insiders
   5. Actions that should be regarded as the infringement of the Company or other persons’ intellectual property.
   6. Any action to receive other persons’ information without their permission
   7. Receiving or sending information that may cause damage to the Company, such as a chain letter or receiving, sending or forwarding illegal information to employees or other persons
   8. Inhibiting the use of computer network by the Company or employees or damaging the computer network so that it causes an error
   9. Giving or posting personal opinions relating to the Company’s operation on any website that may results in misunderstanding or damage to the Company or other persons
   10. Any other action that may results in the conflict of interest of the Company or conflicts or damage to the Company
10. All employees are prohibited to install the Computer programs or other related equipment aside from the items provided by the Company’s administration. In cases where it is necessary to install the computer program or other related equipment, the employees shall inform the administrator to install such program and equipment.
11. All employees are prohibited to send or forward unnecessary emails to all network members (Ratchaburi.everyone).

Chapter 4

1. The responsibility of network and computer administrator
   1. To control, maintain and improve the computer network to keep it available for work. If any system error is found, the administrator shall authorize to disbled the use of computer or network system in order to prevent any damage.
   2. To avoid accessing others’ information that is sent or received via the computer network (unauthorized information) and to confidentially keep information received from the operation as being administrator because it shall be regarded as inappropriate disclosure.
   3. To keep traffic data in compliance with the Computer Crimes Act.
   4. To control and ensure that software and computer programs installed on the employees’ personal computer is copyrighted.
   5. To arrange the network and computer usage manual as the guideline and practice for the users.
   6. To perform other related- networks duties as assigned by the supervisor.
2. The responsibility of information system administrator
   1. To develop, improve and maintain information system as well as specifying the safety conditions.
   2. To assign the system access control prior to the official launch of system.
   3. To control the software installation to information system or computer of employees in order to prevent any damage to core or overall systems.
   4. To disable the employees’ use of network in case of the inappropriate use or the use that breaches the agreement is found.
   5. To arrange the information system usage manual as a guideline and good practice for the users.
   6. To perform other related- information system duties as assigned by the supervisor.

This order shall take effect from today onwards.

Announced on 17 April 2019

Chief Executive Officer