POLICY ON OUTSOURCING OF ACTIVITIES



Outsourcing of Activities

Scope

The outsourcing policy has been devised to ensure safeguarding the interest of Infomerics and the issuers/investors by adopting sound and responsive management practices through due diligence and management of risks arising out of outsourcing activities.The guidelines are applicable to outsourcing arrangements entered into by Infomerics with the service provider located in India.The policy incorporates the criteria for selection of the activities that may be outsourced, risks arising out of outsourcing, management of these risks, delegation of powers, etc.

Definition

For the purpose of this policy, Outsourcing shall refer to Infomerics’ use of a third party (either an affiliated entity within a corporate group or an entity that is external to the corporate group) to perform activities on a continuing basis (including agreements for a limited period), that would normally be undertaken by Infomerics, now or in the future. The activities shall refer to outsourcing of sourcing and verification/validation services and shall not be applicable to rating process related issues.

Indicative list of activities

Sourcing and verification/validation services that can be outsourced by Infomerics may include client approach, document verification/validation, etc. Additional activities within the definition of outsourcing can also be outsourced by Infomerics as permitted under the regulation for credit rating agencies.

Activities that should not be outsourced

Core management functions including rating process, analysis, site visit, report preparation, industry research, rating committee functions shall not be outsourced by Infomerics.

Check list for outsourcing

While outsourcing any activity, Infomerics shall consider all relevant laws, regulations, guidelines and conditions of approval, licensing or registration.Infomerics shall retain ultimate control of the outsourced activity, as outsourcing of any activity by Infomerics does not diminish its obligations, and those of its Board and Senior Management, who have responsibility for the outsourced activity. Infomerics shall therefore remain responsible for the actions of its service provider including Direct Sales Agents/ Direct Marketing Agents and the confidentiality of information pertaining to the customers that is available with the service provider.

Appraisal of a service provider

While outsourcing or renewing contract of outsourcing of an activity with a service provider, Infomerics shall take into consideration the capability of the service provider to comply with obligations in the outsourcing agreement such as qualitative, quantitative, financial, operational and reputational factors; past experience and competence to implement and support the proposed activity over the contracted period and financial soundness and ability to service commitments.

The outsourcing agreement

The terms and conditions governing the contract between Infomerics and the service provider shall be carefully defined in written agreements and vetted by Infomerics legal counsel on their legal effect and enforceability. Every such agreement shall address the risks and risk mitigation strategies.The contract should clearly define the activities that are being outsourced, including appropriate service and performance standards.Controls to ensure customer data confidentiality and service providers’ liability in case of breach of security and leakage of confidential customer related information provide that the confidentiality of customer’s information shall be maintained even after the contract expires or gets terminated and provide for the prior approval/consent by Infomerics of the use of sub-contractors by the service provider for all or part of an outsourced activity.A termination clause and minimum periods to execute a termination provision, if deemed necessary, should be included.

Powers for approving outsourcing activities

Powers for approving outsourcing activities and reviewing the same shall remain with the Board of Directors.

Review of the policy

The policy will be reviewed at yearly intervals or as and when considered necessary by the Board of Directors of Infomerics.