ISMS Policy

Introduction

At (“Technomax Middle East Engg. LLC”), we are entrusted with sensitive and critical data—ranging from client information and employee records to confidential system credentials and regulated personal data. As part of our commitment to security, regulatory compliance, and customer trust, we maintain a formal policy that governs our response to data breaches.

The purpose of this policy is to ensure that all actual or suspected breaches of personal data are detected, reported, assessed, contained, and communicated in a timely and lawful manner, in accordance with the UAE Federal Decree Law No. 45 of 2021 (PDPL). This policy serves as an operational blueprint for data protection officers, IT administrators, legal personnel, and management teams during high-pressure breach events.

Data breaches, if not handled swiftly and transparently, can result in regulatory penalties, loss of stakeholder confidence, and irreversible damage to our brand reputation. Therefore, this policy sets forth our official response framework for data breach incidents, reinforcing our company-wide data privacy culture and ensuring full compliance with applicable legal obligations.

Purpose

The goal of this policy is not simply to meet regulatory requirements, but to embed a proactive, structured approach to data breach response within our operational framework. By clearly defining what constitutes a data breach, who is responsible, and how incidents must be reported and escalated, we aim to create organizational readiness for any potential compromise of personal or sensitive data.

This policy outlines the steps required to:

• Detect and respond to security incidents that may constitute a personal data breach.
• Notify internal leadership, regulatory authorities, and impacted individuals within legally required timeframes.
• Minimize the impact of the breach through technical containment and business continuity.
• Learn from each incident through investigation and continuous improvement.

Scope

This policy applies universally across the organization, encompassing all departments, systems, personnel, and third-party providers. It covers:

• All employees, whether full-time, part-time, or contractual.
• Vendors, freelancers, IT support teams, and managed service providers.
• Clients whose data we manage under our data processing or hosting obligations.
• All types of personal data, including names, emails, national IDs, biometric records, and any information classified under Personal Data Protection Law (PDPL) as sensitive personal data.

It also applies to all IT environments, including corporate infrastructure, development systems, mobile access platforms, cloud-based environments, SaaS tools, and any externally hosted environments under our operational control.

What is a Data Breach?

Under PDPL, a data breach refers to any event—intentional or accidental—those results in the unauthorized access, disclosure, alteration, loss, or destruction of personal data. This includes breaches of confidentiality, integrity, or availability.

Data breaches may occur in numerous forms. These include:

• Unauthorized access to databases containing personal data by a hacker or insider.
• Loss or theft of unencrypted mobile devices, USB drives, or laptops containing customer information.
• Accidental sharing of personal data with the wrong recipient via email or file-sharing platform.
• Ransomware attacks encrypting or ex filtrating critical datasets.
• Failure of internal security systems resulting in unmonitored external exposure of personal data.

Not all security incidents are considered data breaches under PDPL (Personal Data Protection Law). However, if an incident involves personal data and could negatively impact individuals' rights, privacy, or freedoms, it qualifies as a breach and must be treated accordingly.

Responsibilities and Reporting Structure

Timely breach response requires clarity in responsibilities. The Information Security Team has primary accountability for assessing and escalating any personal data breach. However, data protection is a shared responsibility. Every employee or contractor who identifies or suspects a data breach is required to immediately report it.

Initial reporting should be made within two (2) hours of discovery using internal channels (e.g. incident form, or email to (Infosec@technomaxme.com). Managers must not suppress or delay reporting under any circumstance. Once reported, the Information Security Office to initiate the Incident Response Plan, which includes containment, classification, and forensic assessment.

Roles during a breach include:

• Data Protection Officer (DPO): Regulatory communication, legal risk assessment, oversight of data subject notifications.
• IT Security Team: Technical containment, data recovery, vulnerability patching.
• Legal/Compliance: Internal documentation, coordination with regulators, enforcement of third-party obligations.
• Communications Team: Preparing public or data subject-facing messages if necessary.

Detection and Internal Notification Process

Speed is critical in breach response. Employees are trained to detect indicators of a breach such as suspicious file transfers, login anomalies, phishing attempts, disabled access, or data loss warnings. All employees must immediately report these signs to the IT Security team.

Once an alert is raised, the Incident Response Team (IRT) meets within four hours to conduct an initial triage:

• Determine the nature and scope of the breach.
• Identify whether personal data is involved.
• Assess the type of personal data and the number of data subjects impacted.
• Identify affected systems, users, and potential vulnerabilities exploited.

A decision must be made quickly on whether regulatory or public notification is required, and what initial containment measures must be executed (e.g., disabling user accounts, isolating systems, restoring from backup).

Notification to Regulatory Authorities

If the breach is likely to result in a risk to individuals' rights or freedoms—especially those involving sensitive data such as health records, IDs, or financial data— Technomax Middle East Engg. LLC is obligated to notify the UAE Data Office without undue delay. While the PDPL does not impose a strict 72-hour window, Technomax Middle East Engg. LLC follows an internal maximum notification target of 72 hours post-confirmation to maintain best practices.

The notification shall include:

• The nature of the personal data breach and categories of personal data affected.
• Approximate number of records and individuals involved.
• Likely consequences of the breach.
• Measures taken or proposed to contain and mitigate harm.
• Contact details of the Data Protection Officer (DPO) and incident handler.

This ensures that regulatory bodies are fully informed and can offer guidance or initiate their own oversight as required by Personal Data Protection Law (PDPL).

Communication to Affected Individuals

Where the breach is deemed to pose a high risk to the personal data subject (e.g., risk of identity theft, fraud, or reputational harm), Technomax Middle East Engg. LLC must notify affected individuals directly, email and transparently.

The notification must be made in a clear, accessible format, free of technical jargon, and should include:

• A plain-language summary of what happened.
• Details of what personal data was involved.
• Advice on how individuals can protect themselves (e.g., password resets, fraud alerts).
• Contact information for our Data Protection Officer (DPO) and support channels.

Technomax Middle East Engg. LLC will provide this notification via email, SMS, phone, or postal letter depending on data subject preferences. In cases where direct contact is not possible, a public notice on the website and social media may be used.

Post-Incident Activities: Containment and Recovery

After the initial notification phase Technomax Middle East Engg. LLC focuses on containment, remediation, and system hardening. This includes:

• Identifying root causes and any system misconfigurations or vulnerabilities.
• Restoring affected systems from clean backups.
• Reviewing and revising access controls and firewall rules.
• Disabling compromised accounts and issuing new credentials.
• Conducting post-mortem analysis with logs, evidence collection, and forensic examination.

A comprehensive post-incident report is prepared within ten business days of breach closure. The report includes timeline of events, actions taken, affected assets, lessons learned, and recommended improvements to prevent recurrence.

Training, Awareness, and Continuous Improvement

All employees undergo mandatory training on data breach recognition and response during onboarding, with annual refreshers. Realistic incident simulations and tabletop exercises are conducted at least once per year by the DPO and IT Security Office. These exercises test our readiness and allow process refinements before a real breach occurs.

Continuous learning is key. Following every breach or near-miss, the Breach Response Team conducts a review meeting to analyze the effectiveness of the response, identify process gaps, and implement improvements.

Policy Review and Governance

This policy is reviewed annually by the Data Protection Officer (DPO) in the event of:

• Major regulatory updates to Personal Data Protection Law (PDPL) or international data protection law.
• Significant changes in technology or operational scope.
• A critical breach that exposes a gap in current response procedures.

Updates are version-controlled, and all revisions are approved by the Executive Management Committee and published to staff through official channels.

Contact Information

To report a data breach or seek assistance, please contact:

Information Security OfficeMail ID: Infosec@technomaxme.com

Aim of the Data Protection Policy

Technomax Middle East Engg. LLC acknowledges that information technology must serve individuals, protect privacy, and uphold the principles of human dignity and fundamental rights. Our Data Protection Policy aligns with the UAE Personal Data Protection Law (PDPL) and reflects internationally recognized best practices for the protection of personal data.

Data protection forms the foundation of trust between Technomax Middle East Engg. LLC and its clients, partners, suppliers, employees, and other stakeholders. This policy aims to ensure that Technomax Middle East Engg. LLC maintains a consistent and lawful approach to handling personal data across its operations.

Scope

This policy applies to all entities, operations, and personnel of Technomax Middle East Engg. LLC, including:

• Employees, contractors, and governance members
• Implementing partners, vendors, suppliers, and service providers
• All personal data processed in digital or physical form

Definitions and Covered Data Sets

This policy applies to all personal data managed or processed by Technomax Middle East Engg. LLC, including but not limited to:

• Employee records (national/international staff, interns, volunteers)
• Customer and client data (individuals, organizations)
• Beneficiaries of services
• Contractors, suppliers, and partners

Personal data includes, but is not limited to:

• Name, address, phone number, email, Bank details 
• Passport, ID details
• Biometric data (e.g., fingerprints)
• Employment or contractual information
• Geo-location data

Processing includes collection, storage, access, transfer, analysis, and deletion.

Compliance with UAE National Law

Technomax Middle East Engg. LLC is headquartered in the UAE and strictly follows the UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. Where stricter internal standards apply, Technomax Middle East Engg. LLC may implement additional safeguards.

In any event, where national legal obligations conflict with internal policy, legal obligations under UAE PDPL shall prevail.

Principles for Processing Personal Data

Technomax Middle East Engg. LLC adheres to key principles outlined in the UAE PDPL when handling personal data. All personal data is processed lawfully and fairly, ensuring that individuals’ rights are protected and their information is handled with integrity and transparency. Data is collected for specific, clear, and legitimate purposes and not used in ways that conflict with those original purposes. We ensure that only the minimum amount of personal data necessary is collected and retained, and we take all reasonable steps to ensure the data is accurate and kept up to date. Data is stored only for as long as needed to fulfil its intended purpose, and strong security controls are implemented to protect it from unauthorized access or loss. Finally, we are committed to transparency, ensuring individuals are informed about how their data is used and protected.

Data Security and Confidentiality

• Access to personal data is restricted to authorized personnel based on role and necessity.
• Data is encrypted during storage and transmission.
• Staff members receive training in data confidentiality and are bound by confidentiality agreements.
• Security incidents and access to sensitive data are logged and reviewed regularly.

Data Subject Rights

• Right to access personal data held by Technomax Middle East Engg. LLC.
• Right to request correction of inaccurate or outdated information.
• Right to request deletion of data under applicable legal conditions.
• Right to restrict or object to certain types of data processing.
• All rights requests must be made in writing and are subject to identity verification.

Retention and Deletion

Personal data is retained only for as long as necessary to fulfil its purpose or meet legal obligations. Once expired, data is securely deleted unless justified by historical, statistical, or legal grounds.

Data Transfers

• Data is transferred outside the UAE only to jurisdictions with adequate data protection or under contractual safeguards.
• Transfers require prior consent from the data subject unless legally justified.
• Transfers are recorded and reviewed for compliance.

Telecommunications, Email, and Internet Use

Company-provided communication tools are for official use. Any monitoring will be limited to protecting IT infrastructure and require justified suspicion. Data is evaluated only in documented and authorized cases.

Subject Access Requests (SARs)

• SARs may be submitted by individuals wishing to review, correct, or delete their personal data.
• Requests are handled by authorized personnel following identity verification.
• Technomax Middle East Engg. LLC maintains logs of SARs and responds within the timeframes set by UAE PDPL.

Breach Reporting and Sanctions

• All staff and third parties must report suspected data breaches immediately.
• Investigations will be conducted and documented.
• Sanctions for violations may include disciplinary action, termination, or legal reporting.

Security of Processing

• Technomax Middle East Engg. LLC uses up-to-date technical and organizational measures to ensure data security.
• Risk assessments are conducted before deploying new processing systems.
• Security policies are reviewed periodically and adapted to evolving threats.

Review and Audit

This policy is reviewed annually. Regular internal audits are conducted to ensure compliance with Personal Data Protection Law (PDPL) and internal standards. External audits may be conducted when required.

Communication

For any clarification or Request, the User can contact License Purchase Request (LPR) by Emailing to: Mail ID: Infosec@technomaxme.com

Introduction

As a technology-driven organization that manages sensitive personal, commercial, and operational information, Technomax Middle East Engg. LLC is committed to protecting data based on its level of sensitivity and associated risks. A consistent and structured classification model is essential to applying appropriate security controls that protect data confidentiality, integrity, and availability throughout its lifecycle.

This guideline provides a comprehensive framework to classify, handle, store, share, and dispose of data in compliance with international standards, national regulations such as the UAE Personal Data Protection Law (PDPL).

Purpose

The purpose of this document is to:

• Establish a formal data classification model that defines categories of data sensitivity
• Guide employees and third parties on how to handle each class of data appropriately
• Enable Technomax Middle East Engg. LLC to comply with legal, contractual, and security requirements
• Reduce the risk of data breaches, unauthorized access, or non-compliance
• Improve awareness and accountability for data protection across teams

These guidelines support other policies such as the Data Protection Policy, Information Security Policy, Remote Work Policy, and Mobile Device Management Policy.

Scope

This guideline applies to:

• All employees, contractors, third-party vendors, and service providers who handle or access organizational data.
• All categories of data: structured (e.g., databases), semi-structured (e.g., logs, emails), and unstructured (e.g., text documents, spreadsheets, images).
• All storage mediums and platforms: Cloud Infrastructure, local desktops, mobile devices, cloud collaboration platforms, backups, and physical media.
• All phases of the data lifecycle: data creation, modification, usage, transmission, storage, archival, and destruction.

It applies throughout the entire data lifecycle, including collection, storage, use, transmission, archival, and destruction.

Data Classification Levels

Technomax Middle East Engg. LLC has defined four levels of classification, each with specific handling and protection requirements:

Level 1: Public

Public information is content approved for open release and access by the general public. Disclosure of such data poses no risk to the organization.

Examples:

• Published marketing brochures
• Website content
• Press releases
• Public job announcements

Handling Requirements:

• No encryption required
• Can be shared freely using publicly approved platforms
• No access restrictions required

Level 2: Internal

Internal information is intended strictly for internal circulation. Its unauthorized disclosure may result in minor reputational or operational impact.

Examples:

• Team meeting minutes
• Organizational policies
• Internal project timelines
• Employee contact directories

Handling Requirements:

• Must be stored within company-managed systems (e.g., Microsoft 365, SharePoint)
• Shared only with authorized employees
• Cannot be transferred to personal devices or emails without explicit permission

Level 3: Confidential

Confidential data includes business-sensitive content that, if leaked or exposed, may cause significant harm to the company’s competitiveness or reputation.

Examples:

• Customer contracts and vendor agreements
• Source code and architectural diagrams
• Budget forecasts and financial records
• Audit and compliance reports

Handling Requirements:

• Must be encrypted both in transit and at rest
• Accessible only to individuals with a need-to-know basis
• Shared through secure means such as encrypted email or secure portals
• Not to be stored on personal or unmanaged devices

Level 4: Restricted / Personal Data

Restricted data includes personally identifiable information (PII) and other regulated content subject to privacy laws. Unauthorized disclosure may lead to legal penalties and harm to individuals.

Examples:

• National IDs, passport numbers, and visa documents
• Biometric or health records
• Cardholder and banking data
• Login credentials and session tokens

Handling Requirements:

• Encryption (AES-256 or equivalent) must be enforced at all stages
• Stored only on company-controlled, MDM-managed systems
• Multi-Factor Authentication (MFA) must be enabled for access
• Logging and continuous monitoring should be active
• Must be reviewed by the DPO before external sharing

Classification Authority

Responsibility for data classification is shared between the originator of the data and designated approval authorities:

• Class A – Sensitive / Secret: Approved by the IT Director or their delegate.
• Class B – Confidential: Approved by Department Heads.
• Class C/D – Internal or Public: Approved by Line Managers or designated personnel.

Labelling and Marking

Each data asset must be labeled according to its classification to ensure appropriate handling. Labeling should follow these practices:

• Documents: Indicate classification in headers or footers (e.g., “CONFIDENTIAL”)
• Digital Files: Use naming conventions or metadata tags (e.g., "Client_Billing_CLASS-B.pdf")
• Emails: Include classification in subject line (e.g., “[INTERNAL] Upcoming Launch Plan”)
• Folders: Add visual or naming cues based on data class (e.g., “/restricted/personal-data”)
• Cloud Storage: Use built-in labeling tools (Microsoft Sensitivity Labels, Google Drive Metadata)

Handling and Access Control

 

Data Access

• Access is role-based and regularly reviewed.

 

• Higher classification levels require fewer access grants and additional approvals.

 

Data Transmission

• Class A and B must be encrypted during transfer (VPN, TLS, HTTPS).
• Avoid using personal communication platforms.

Data Storage

• Secure storage is required for all but public data.
• Restricted and Confidential data should reside in encrypted environments.

Data Disposal

• Data no longer required should be securely destroyed.
• Digital: File wiping, degaussing
• Physical: Shredding, incineration

Declassification and Downgrading

Information may be declassified or downgraded under the following conditions:

Automatic Declassification:

• Data will be considered for downgrading after five years, unless specifically marked as permanent sensitive content.

Event-Driven Declassification:

• A change in legal, business, or public standing may trigger declassification (e.g., public launch of previously confidential project).

Procedural Requirements:

• Reclassification must be approved by the original data owner
• All labeling and access permissions must be updated
• Stakeholders must be notified

Data Handling Responsibilities

All personnel handling organizational data must:

• Understand the classification of the data they manage
• Handle it according to defined policies
• Prevent unauthorized viewing, editing, or distribution
• Report any breaches or potential risks to the InfoSec team

Supervisors and Data Owners are responsible for:

• Ensuring employees understand classification policies
• Reviewing and approving access to sensitive data
• Enforcing encryption, Data Protection Officer (DLP), and Role-Based Access Control (RBAC) controls
• Supporting audits and investigations as needed

Classification Review and Exceptions

Classification levels must be periodically reviewed:

• At project closure or data archival
• When migrating to new platforms
• During legal/regulatory updates

Exception Handling:

• Any deviation from standard procedures must be documented and approved by the InfoSec team, with compensating security measures applied.

Enforcement

Non-compliance with classification and handling guidelines may result in disciplinary action, including termination or legal reporting. Examples include:

• Sending restricted data unencrypted
• Uploading confidential files to unauthorized cloud platforms
• Sharing sensitive documents with external parties without approval

All violations must be reported and will be handled per the Central Disciplinary Policy.

Related Documents

• Data Protection Policy
• Information Security Management Policy
• Remote Work Policy
• Mobile Device Management Policy
• Incident Response Plan
• Central Disciplinary Policy
• Acceptable Use Policy

Reference Standards

This guideline is based on and supports compliance with the following standards and regulations:

• UAE Personal Data Protection Law (PDPL): Requirements for handling personally identifiable information (PII) and other sensitive data.

Policy Review and Maintenance

This policy will be reviewed on an annual basis or earlier under these conditions:

• Post-incident review related to data mishandling or misclassification
• Regulatory updates from Personal Data Protection Law (PDPL)
• Expansion into new regions or services

Ownership and updates of this document rest with the Information Security (InfoSec) team.

Policy Statement

This Acceptable Use Policy outlines the responsibilities of all personnel when using TECHNOMAX MIDDLE EAST ENGG. LLC information resources. All users must support legitimate business functions and comply with UAE laws and Technomax Middle East Engg. LLC systems policies.

Personnel are responsible for complying with all Technomax Middle East Engg. LLC policies when using company information resources and/or working during company hours. If any policy requirements are unclear, employees / User must seek clarification from the Information Security Committee (Email: Infosec@technomaxme.com).

Incident Reporting

Personnel must promptly report harmful events or violations involving company assets or information to their manager or a member of the Incident Handling Team. Reportable events include, but are not limited to:

• Technology incidents: Any event causing failure, interruption, or loss in the availability of Technomax Middle East Engg. LLC Information Resources.
• Data incidents: Any loss, theft, or compromise Technomax Middle East Engg. LLC information.
• Unauthorized access incidents: Any unauthorized access or attempted access to Technomax Middle East Engg. LLC.
• Facility security incidents: Any damage or unauthorized access to Technomax Middle East Engg. LLC owned, leased, or managed facilities.
• Policy violations: Any suspected violation of this or other Technomax Middle East Engg. LLC policies, standards, or procedures.

Prohibited Activities

Personnel must not intentionally:

• Harass, threaten, impersonate, or abuse others.
• Degrade the performance of Technomax Middle East Engg. LLC information resources.
• Deny authorized personnel access to systems or data.
• Obtain additional computing resources without approval.
• Circumvent Technomax Middle East Engg. LLC security controls.

Additionally, employees must not:

• Download, install, or run unauthorized software, including password crackers, packet sniffers, port scanners, or similar tools.
• Intentionally access, create, store, or transmit materials deemed offensive, indecent, or obscene by Technomax Middle East Engg. LLC.

Intellectual Property and Data Ownership

• All inventions, intellectual property, and proprietary materials—including but not limited to reports, software code, designs, workflows, data, blueprints, and technical documentation—developed during working hours or using Technomax Middle East Engg. LLC resources are considered the sole property of Technomax Middle East Engg. LLC.
• Employees are prohibited from removing, distributing, or disclosing such information to external parties without proper authorization. Upon termination or change in employment, individuals must return or securely delete any proprietary information in their possession.
• Any use or sharing of proprietary materials must align with Technomax Middle East Engg. LLC confidentiality agreements, data protection policies, and applicable intellectual property laws.

Encryption and Data Access

• Encryption tools must be used in accordance with company policies to protect sensitive and confidential data during storage or transmission. However, the use of encryption must not impede access by authorized personnel when needed for operational, legal, or investigative purposes.
• All encryption solutions must be approved and implemented by the Information Security team. Employees may not use personal or unapproved encryption tools to protect or obscure company data.
• Access credentials and encryption keys must be securely stored and shared only with designated personnel.

Personal Use and Legal Compliance

Use of Technomax Middle East Engg. LLC resources, including internet access, systems, email, and hardware, must be primarily for business purposes. Limited personal use is permitted only if it does not:

• Interfere with job responsibilities.
• Consume significant bandwidth or storage.
• Violate Technomax Middle East Engg. LLC policies or any applicable laws.

Technomax Middle East Engg. LLC strictly prohibits the use of its resources for activities related to personal business ventures, gambling, spreading malware, engaging in political campaigns, or viewing or distributing obscene, defamatory, or discriminatory content.

Employees are expected to respect intellectual property laws and adhere to proper licensing terms for all software, media, and content used during their employment. Downloading or sharing pirated materials is strictly forbidden.

Cooperation and Enforcement

Employees are required to fully cooperate with all internal and external investigations, including regulatory audits, cybersecurity inquiries, and legal proceedings. This includes providing timely responses, accurate records, and unrestricted access to systems when authorized.

Technomax Middle East Engg. LLC reserves the right to:

• Monitor network traffic, user activity, and data transfers.
• Audit usage of company resources.
• Investigate policy violations.
• Take disciplinary action up to and including termination, depending on the severity of the violation.

Repeated or serious violations may result in civil or criminal liability under UAE law.

Limitation of Liability

Technomax Middle East Engg. LLC provides its services, systems, and resources on an “as-is” and “as-available” basis. While we take all reasonable steps to ensure the security, availability, and reliability of our IT infrastructure and services, Technomax Middle East Engg. LLC expressly disclaims liability for any damages resulting from:

• Loss of data, unauthorized access, system downtime, or service interruption.
• Malware, viruses, or harmful code introduced through third-party software or network vulnerabilities.
• Delays or failures in performance due to acts of God, cyberattacks, utility failures, or other force majeure events.
• Errors or omissions in data input, configuration, or software development.
• Unauthorized use of credentials, access rights, or employee negligence.

To the maximum extent permitted by applicable law, Technomax Middle East Engg. LLC shall not be held liable for:

• Indirect, incidental, consequential, special, punitive, or exemplary damages, including but not limited to loss of profits, revenue, business opportunities, or goodwill.
• Any claims arising from user misuse of IT resources in violation of this policy or applicable laws.
• Legal action resulting from an employee’s unauthorized or malicious use of systems.

In no event shall TECHNOMAX MIDDLE EAST ENGG. LLC total cumulative liability (whether in contract, tort, or otherwise) to any individual, client, or third party exceed the total fees paid to Technomax Middle East Engg. LLC for the specific services or period during which the incident occurred, or **AED 50,000**, whichever is lower, unless otherwise required by applicable law or contract.

This limitation shall not apply in cases involving:

• Proven gross negligence or willful misconduct by Technomax Middle East Engg. LLC personnel.
• Legal obligations under UAE Data Protection Law where data subject rights are affected.
• Liability that cannot be excluded under applicable local law.

All personnel, contractors, and third-party users acknowledge and accept this limitation as a condition of using Technomax Middle East Engg. LLC services and systems.

Acknowledgment

All personnel are required to read, understand, and sign an acknowledgment form indicating that they agree to comply with this Acceptable Use Policy. Continued use of Technomax Middle East Engg. LLC and resources constitute implied acceptance of these terms.

Personnel who do not understand any aspect of this policy must contact the Information Security Committee for clarification before engaging in any related activities.