INFORMATION TECHNOLOGY SERVICE AGREEMENT
This INFORMATION TECHNOLOGY SERVICE AGREEMENT (this "Agreement"), dated
as of June, 25th 2002 (the "Effective Date"), is by and between CONEXANT
SYSTEMS, INC., a Delaware corporation (together with its subsidiaries and
affiliates, "Conexant") and ALPHA INDUSTRIES, INC., a Delaware corporation
(together with its subsidiaries "Alpha"). Conexant and Alpha are individually
referred to herein as a "Party" and collectively as the "Parties."
BACKGROUND
A. On December 16, 2001, Conexant, Washington Sub, Inc., a
Delaware corporation and successor to the Washington Business ("Washington"),
and Alpha entered into an Agreement and Plan of Reorganization, pursuant to
which Washington will merge with and into Alpha, with Alpha being the surviving
corporation (the "Merger"). Alpha, as the surviving corporation after the
Merger, is referred to herein as "Skyworks".
B. As a condition to the Merger, Skyworks desires to obtain from
Conexant, and Conexant desires to provide to Skyworks, certain information
technology services during the term of, and subject to the terms and conditions
of, this Agreement.
C. The information technology services provided under this
Agreement are intended to provide Skyworks with the same level of information
technology services that Conexant provides to the Washington Business as of the
Effective Date. In addition, Conexant has agreed to provide such other
information technology services beyond the Washington Business as set forth in
this Agreement, as well as such Additional Services as may be mutually agreed
upon from time to time.
NOW, THEREFORE, in consideration of the mutual covenants herein and for
good and valuable consideration, receipt of which is hereby acknowledged, the
Parties agree as follows.
AGREEMENT
1. DEFINITIONS. The following terms, when used in this Agreement with
initial capital letters, have the meanings ascribed to such terms in this
Section 1.
1.1 "ADDITIONAL SERVICES" means any services, functions, or
responsibilities, other than the Base Services, that Conexant will provide
pursuant to Additional Services Orders mutually agreed upon in accordance with
the process identified in Attachment E. Additional Services include any Projects
and any IT Services above the Base Services as well as the addition, deletion,
transfer, migration, upgrade, modification, expansion, installation, creation,
or implementation of any desktop, help desk, data center, infrastructure,
programming, application, or other services, or any Supported Hardware or
Supported Software.
1.2 "ADDITIONAL SERVICES ORDER" has the meaning given in
Attachment E.
1.3 "ALPHA LOCATIONS" mean the locations listed in Attachment B-3.
If the Parties mutually agree to add a new location pursuant to the provisions
of Attachment E, it will be included in Alpha Locations as of the date of such
agreement.
1.4 "BASE SERVICES" means the information technology services
identified on Attachment A.
1.5 "CONEXANT HARDWARE" means Hardware that is owned or leased by
Conexant, or obtained by Conexant (with or without Skyworks' assistance) from a
third party. Conexant retains ownership and lease rights, as appropriate, to all
Conexant Hardware, subject only to express rights granted in this Agreement.
1.6 "CONEXANT HOLIDAYS" for the balance of Conexant's fiscal year,
ending September 27, 2002, include July 4th, July 5th and September 2nd.
Conexant will determine, and notify Skyworks of, Conexant Holidays beyond
September 27, 2002, by September 27, 2002.
1.7 "CONEXANT SOFTWARE" means Software that is owned, leased or
licensed by Conexant, or obtained by Conexant (with or without Skyworks'
assistance) from a third party. Conexant retains ownership, lease and license
rights, as appropriate, to all Conexant Software, subject only to express rights
granted in this Agreement.
1.8 "EMERGENCY" means a business critical situation that will
cause a quantifiable, material impact to the operations, revenue or profit of
the Washington Business.
1.9 "FIRST LEVEL SUPPORT" means that the Party providing such
support will make every attempt to resolve the problem or issue prior to
contacting the other Party.
1.10 "FISCAL YEAR" means the annual period ending on the Friday
closest to September 30.
1.11 "HARDWARE" means computer and communications equipment,
including data center class servers and peripherals, personal computers and
peripherals, data, voice and video infrastructure and any related third party
documentation.
1.12 "INTELLECTUAL PROPERTY RIGHTS" means all trademarks, trade
names, and other indications of origin, trade secrets, copyrights and other
rights of authorship whether copyrightable or not, copyright registrations and
applications, and all extensions, renewals and derivatives thereof, patent and
patent application rights, including divisions, continuations in part and
renewals thereof, moral rights, and other proprietary rights throughout the
world.
1.13 "IT SERVICES" means the Base Services and any Additional
Services.
1.14 "PROJECT" means a discrete project agreed upon by the Parties
as Additional Services pursuant to Attachment E.
1.15 "REMOTE LOCATIONS, SATELLITE LOCATIONS OR REMOTE SITES" means
Washington Locations other than Newport Beach, CA.
1.16 "SECOND LEVEL SUPPORT" means that the Party providing such
support shall be available to consult with the other Party to attempt to resolve
the problem or issue.
1.17 "SERVICE HOURS" means, unless otherwise noted, the hours
of 8 a.m. to 5 p.m. local time, at the location from which the service is being
provided, Monday through Friday, excluding Conexant Holidays.
2
1.18 "SERVICE LEVELS" means the performance standards specifically
designated on Attachment A as "Service Levels."
1.19 "SKYWORKS HARDWARE" means Hardware that is owned or leased by
Skyworks, or obtained by Skyworks (with or without Conexant's assistance) from a
third party. Skyworks retains ownership and lease rights, as appropriate, to all
Skyworks Hardware, subject only to express rights granted in this Agreement.
1.20 "SKYWORKS LOCATIONS" means the combined Alpha Locations and
Washington Locations.
1.21 "SKYWORKS SOFTWARE" means Software that is owned, leased or
licensed by Skyworks, or obtained by Skyworks (with or without Conexant's
assistance) from a third party. Skyworks retains ownership, lease and license
rights, as appropriate, to all Skyworks Software, subject only to express rights
granted in this Agreement.
1.22 "SOFTWARE" means software programs in object code, including
supporting documentation and online help facilities. Software includes
applications software programs and operating systems software programs.
1.23 "SUPPORTED SOFTWARE" means the items of Software listed on
Attachment C.1 and C.2 (not C.3). In addition, Supported Software includes other
Software listed in Attachment D which is resident on Supported Hardware.
1.24 "SUPPORTED HARDWARE" means the items of Hardware listed on
Attachment D.
1.25 "SUPPORTED WASHINGTON PERSONNEL" means up to 3,500 employees
of Skyworks located at the Washington Locations, including those who were
employees of Conexant immediately prior to the Merger.
1.26 "TOWERS OF SERVICE" means each of the following five (5)
general services: (i) data center operations management, as described in
Sections 10 through 12 of Attachment A, (ii) remotesite support, as described in
Section 3 of Attachment A, (iii) IT infrastructure, as described in Sections 4
through 9 of Attachment A, (iv) programming services, as described in Section 2
of Attachment A, and (v) applications support, as described in Section 1 of
Attachment A.
1.27 "WASHINGTON BUSINESS" means the business conducted by the
Wireless Communications Division and Mexicali operations of Conexant immediately
prior to the Merger.
1.28 "WASHINGTON LOCATIONS" means the locations listed in
Attachment B.2. If the Parties mutually agree to add a new location pursuant to
the provisions of Attachment E, it will be included in the Washington Locations
as of the date of such agreement.
1.29 "YEAR" means each twelve (12) month period beginning on the
Effective Date and each anniversary thereof during the Term.
2. RIGHTS AND LICENSES
2.1 SKYWORKS SOFTWARE. Skyworks hereby grants to Conexant, at no
charge, a nonexclusive license to install, execute, copy, modify, display, and
otherwise use all Skyworks
3
Software that may be reasonably required by Conexant for the sole purpose of
performing IT Services under this Agreement.
2.2 SKYWORKS HARDWARE. Skyworks hereby grants to Conexant, at no
charge, the nonexclusive right to use Skyworks Hardware that may be reasonably
required by Conexant for the sole purpose of performing IT Services under this
Agreement.
2.3 REQUIRED CONSENTS
(a) Prior to giving Conexant access to any Skyworks
Software or Skyworks Hardware, Skyworks will use [commercially reasonable
efforts] to obtain all consents, approvals, and agreements that may be required
from third parties for the grant of rights under Sections 2.1 and 2.2 and for
Conexant to perform the IT Services ("Skyworks Required Consents").
(b) Prior to giving Skyworks access to any Conexant
Software or Conexant Hardware, Conexant will use [commercially reasonable
efforts] to obtain all consents, approvals, and agreements that may be required
from third parties for the grant of rights under Section 2.4 ("Conexant Required
Consents").
(c) Skyworks will pay any and all fees or costs
associated with acquiring any and all Skyworks Required Consents and Conexant
Required Consents. If, after using [commercially reasonable efforts], Skyworks
does not obtain any Skyworks Required Consent or Conexant does not obtain any
Conexant Required Consent, and Conexant is unable to perform any or all IT
Services without infringing any third party rights or breaching the terms of its
contracts as a result thereof, the Parties will meet to mutually agree upon
alternative approaches to permit Conexant to perform the IT Services.
Alternative approaches may include Skyworks purchasing the rights to use such
Software or Hardware pursuant to Section 2.4 or adjustments to the scope of the
IT Services, the Service Levels and the charges for the IT Services. If an
alternative approach is not agreed upon and adopted, then Conexant will be
relieved of its obligations under this Agreement, and the charges for such IT
Services or Services Levels adjusted accordingly, to the extent that Conexant's
ability to perform is hindered, delayed or prevented due to Conexant's inability
to access or use, or permit Skyworks to access or use, the affected Software or
Hardware.
2.4 USE OF SUPPORTED HARDWARE AND SUPPORTED SOFTWARE. To the
extent consents or approvals of third party vendors are not required, or are
obtained pursuant to Section 2.3, Conexant hereby grants to Skyworks a
nonexclusive, nontransferable license to use the Supported Hardware and
Supported Software for the Washington Business for as long as Skyworks pays for
the IT Services related to such Supported Hardware or Supported Software during
the Term. If, after using [commercially reasonable efforts] Conexant does not
obtain any required consents and approvals and adjustments are not agreed to
pursuant to Section 2.3, or if the Parties determine that additional Software or
Hardware is necessary to operate the Washington Business, Skyworks will buy such
Software or Hardware and provide Conexant with the right to use such Software or
Hardware for the sole purpose of performing IT Services under this Agreement in
accordance with Sections 2.1, 2.2 and 2.3. To avoid any ambiguity, Software or
Hardware purchased, leased or licensed by Skyworks under this Section 2.4 shall
be Skyworks Software and Skyworks Hardware, respectively.
4
2.5 RETURN OF HARDWARE AND SOFTWARE; CONTINUED USE
(a) Within 15 business days of the effective date of
termination of any Tower of Service, Skyworks shall physically return to
Conexant all Conexant Hardware set forth opposite such terminated Tower of
Service on Attachment J.1 and delete all Conexant Software set forth opposite
such terminated Tower of Service on Attachment J.2 from Skyworks personal
computers (i.e. EPO, SMS) and servers, unless otherwise negotiated with the head
of Conexant IT operations or such Conexant Hardware or Conexant Software is
transferred to Skyworks pursuant to Section 2.6. If Skyworks continues to use
Supported Hardware or Supported Software, or does not return or delete it as
required, irrespective of use, after termination, Conexant will continue to bill
Skyworks, and Skyworks will be required to pay, for use of such Supported
Hardware or Supported Software.
(b) Within 15 business days of the effective date of
termination of any Tower of Service, Conexant shall physically return to
Skyworks all Skyworks Hardware and delete all Skyworks Software from Conexant
personal computers and servers, unless otherwise negotiated with the head of
Skyworks IT operations.
2.6 TRANSFER OF CONEXANT SOFTWARE AND CONEXANT HARDWARE
(a) Promptly following the Effective Date, Conexant will
use commercially reasonable efforts to transfer the licenses for the Supported
Software that are identified on Attachment J.2 (the "Identified Licenses"). The
transfer of the Identified Licenses will occur no later than December 31, 2002,
may be subject to restrictions on transfer imposed by third-party vendors and
will only be transferred to the extent such transfer does not impair Conexant's
use of any Identified License. As consideration for, and upon the transfer of,
an Identified License, Skyworks will pay Conexant the amount set forth in the
"Consideration" column of Attachment J.2 for that Identified License. If, after
using commercially reasonable efforts, Conexant is unable to transfer an
Identified License and Skyworks purchases such license directly from the vendor,
the amount set forth in the "Consideration" column on Attachment J.2 for that
Identified License will not be paid to Conexant. If any fees are required to be
paid to transfer an Identified License, Conexant shall pay such fees; provided
that if such fees, in the aggregate, exceed $200,000, Skyworks shall pay such
excess amount. The parties agree that the transfers discussed above will not
change the Base Services Fee until the Rate Review Date.
(b) Within 5 business days following (i) the effective
date of termination of the IT infrastructure Tower of Service or, if later, (ii)
the date on which Conexant receives a payment of $500,000, Conexant will
transfer ownership to Skyworks all Conexant Hardware set forth on Attachment J.1
2.7 STATISTICAL INFORMATION. Conexant may gather, copy,
distribute, and use nonconfidential IT metrics gathered in connection with
performing the IT Services; provided, that Conexant will not copy, distribute or
use for non-internal purposes statistical information from which Skyworks can
reasonably be identified as the source and Conexant will not identify Skyworks
or its customers to any third party as the source of such statistics.
2.8 OWNERSHIP OF MODIFICATIONS. In the event Conexant, or a third
party engaged by Conexant, develops any upgrades or updates or otherwise
modifies any Conexant Software, with or without the assistance of Skyworks
("Modifications"), Conexant shall retain sole ownership to all such
Modifications. If such Modifications are made in connection with Conexant
providing any IT
5
Services for Skyworks, Conexant hereby grants to Skyworks a nonexclusive
perpetual, royalty-free license to use such Modifications.
3. SERVICES
3.1 BASE SERVICES. Subject to the terms and conditions of this
Agreement, Conexant will provide to Skyworks, and Skyworks will obtain from
Conexant, the Base Services. The parties agree that Conexant will be the
exclusive provider of the Base Services provided, however, that Skyworks shall
have the right to internally provide such services, excluding data center
operations management and IT infrastructure services described in Section 1.26.
3.2 ADDITIONAL SERVICES. Subject to the terms and conditions of
this Agreement, Conexant will provide to Skyworks any Additional Services agreed
upon by the Parties pursuant to the procedures of Attachment E.
3.3 SUBCONTRACTING. Skyworks understands that before and after the
Effective Date, Conexant may have contracted, and may in the future contract,
with third parties to provide services in connection with all or any portion of
the IT Services to be provided under this Agreement. Conexant reserves the right
to continue to contract with third parties to provide the foregoing or to enter
into new contractual relationships for any of the foregoing. Provided, however,
that should Conexant in the future enter into a contract with a third party or
otherwise enter contract discussions or negotiations with a third party under
this Section 3.3, then Conexant shall use commercially reasonable efforts to
include in such contract the right to share the contract with, or to assign the
contract to Skyworks, after the Term. In the event Conexant is not permitted to
share or assign the contract after the Term, Conexant will notify Skyworks of
such restriction and, at the end of the Term, will assist Skyworks in obtaining
a contract directly between that third party and Skyworks.
3.4 PERFORMANCE. Conexant will use commercially reasonable
efforts to perform the Base Services in conformance with the applicable Service
Levels. In the event any third-party supplier fails to perform its obligations
related to the IT Services, provided Conexant uses reasonable efforts to cause
such third party to perform, Conexant shall not be responsible for any such
failure to perform and any delay or suspension of IT Services arising from such
failure will not result in any reduction to the Base Services Fee, as defined
below.
4. OBLIGATIONS
4.1 CONEXANT POLICIES. Skyworks will comply with Conexant's
computer security policies, procedures, requirements and restrictions with
respect to Skyworks' use of IT Services, a current copy of which are set forth
in Attachment G, and the standards set forth in Attachment C and D. Conexant's
computer security policies, procedures, requirements and restrictions may change
from time to time upon notice and delivery of an electronic copy of such
policies, procedures, requirements and restrictions to Skyworks.
4.2 COOPERATION. In order to enable Conexant to perform IT
Services, Skyworks will provide Conexant with such cooperation and assistance as
Conexant reasonably and timely requests. Such cooperation and assistance shall
include providing Conexant in a timely manner answers to questions, technical
consultation and other information that is necessary for Conexant to perform the
IT Services, is in the possession of Skyworks and not reasonably available to
Conexant without out-of-pocket costs to Conexant. Skyworks' Account Manager (as
described in Section 6.1 below) will
6
be Skyworks' principal point of contact for Conexant to obtain such cooperation
and assistance. Conexant shall be excused from performing IT Services and
meeting any Service Levels, unless the charges for IT Services and/or Services
Levels are adjusted upon mutual agreement to account for the lack of cooperation
and assistance, but only to the extent Conexant's performance is actually
prevented or hindered by: (i) Skyworks' nonperformance; (ii) the failure by
Skyworks personnel or any Skyworks third-party contractor to adequately perform
its tasks related to the IT Services; (iii) unreasonable, untimely, inaccurate,
or incomplete information from Skyworks; (iv) the failure of any Hardware or
Software that is not the fault of Conexant; and (v) the occurrence of an event
described in Section 13.3.
4.3 NEW SOFTWARE, HARDWARE AND PHONE LINES. Unless otherwise
agreed to under a separate agreement, any new or additional Software, Hardware
or phone lines (voice and data lines) that Conexant may require from time to
time to perform the IT Services on behalf of Skyworks (including maintaining,
upgrading, enhancing, and implementing new versions of existing Software) will
be purchased, leased, or licensed by Skyworks in its own name and at its own
expense. Should such purchase, lease or license restrict or prohibit Conexant's
use thereof in connection with the IT Services, then to the extent that
Conexant's performance is actually prevented or hindered by this restriction,
Conexant shall be excused from performing such IT Services and meeting such
Service Levels, and the charges for IT Services and Service Levels shall be
adjusted accordingly.
4.4 FACILITIES. If IT Services are to be performed at Skyworks
Locations, Skyworks will provide to Conexant, at no charge, the facilities and
facilities related equipment, supplies and services that Conexant may reasonably
require to perform such IT Services and that Skyworks provides to its own
employees. To the extent reasonably necessary to perform the IT Services,
Skyworks will provide Conexant access to the Skyworks Locations twenty-four (24)
hours per day, seven (7) days per week. Skyworks will provide reasonable storage
space for backup media as reasonably requested in connection with the IT
Services. Skyworks will provide to Conexant reasonable advance notice of any
alteration or relocation of the Skyworks Locations to allow Conexant to prepare
for the relocation and, before any alteration or relocation is undertaken, the
Parties will agree upon adjustments to the IT Services and Service Levels as may
be reasonably required, and to a corresponding adjustment to the charges for
such IT Services and Service Levels in connection with the alteration or
relocation.
4.5 RISK OF LOSS. As between the Parties, risk of loss for
Hardware and Software will remain with the Party at whose facility the Hardware
or Software is located.
5. RESTORATION OF DATA
5.1 APPLICATIONS.
(a) CORE APPLICATIONS. If Skyworks' machine-readable
files relating to Core Applications identified in Attachment C are lost,
destroyed or impaired due to the negligence of Conexant (including it's
personnel, consultants or third party contractors under the control of
Conexant), Conexant will use reasonable best efforts to recover a prior version
of the files from backup media maintained by Conexant. If, after using
reasonable best efforts, Conexant is unable to restore such files from back-up
media, Conexant will use reasonable best efforts to perform such
7
restoration as can reasonably be performed using machine-readable source data
furnished by Skyworks.
(b) MAJOR APPLICATIONS. If Skyworks' machine-readable
files relating to Major Applications identified in Attachment C (excluding Core
Applications) are lost, destroyed or impaired due to the negligence of Conexant
(including it's personnel, consultants or third party contractors under the
control of Conexant), Conexant will use commercially reasonable efforts to
recover a prior version of the files from back-up media maintained by Conexant.
If, after using commercially reasonable efforts, Conexant is unable to restore
such files from back-up media, Conexant will use commercially reasonable efforts
to perform such restoration as can reasonably be performed using
machine-readable source data furnished by Skyworks.
5.2 DATA. Conexant will use commercially reasonable efforts, at
the sole expense of Skyworks, to recover and restore Skyworks data files on
Conexant IT servers that are lost, destroyed, or impaired by the acts or
omissions of Skyworks (including it's personnel, consultants or third party
contractors under the control of Skyworks). If the acts or omissions of Skyworks
impact files, servers or applications of Conexant or any third partie s,
Conexant may attempt restoration in any manner it reasonably deems appropriate,
at the sole expense of Skyworks. Conexant may use third parties to assist in
such restoration efforts.
6. COORDINATION AND COMMUNICATION
6.1 ACCOUNT MANAGERS. Skyworks and Conexant will each appoint a
single "Account Manager" who will serve as the primary point of contact for the
other Party for matters related to this Agreement. Either Party may replace its
Account Manager with an individual of comparable qualifications and experience
by notifying the other Party of such new appointment. Either party may assign an
alternate as needed in writing.
6.2 ESCALATION. All matters regarding the performance of IT
Services under this Agreement will be brought to the attention of the Account
Managers assigned to Skyworks and Conexant. It will be the responsibility of the
Account Managers to promptly communicate and develop a timely resolution for
such matters and only those matters handled in compliance with this procedure
will be addressed and reported on pursuant to Section 6.3. If an Emergency is
jointly declared by the Skyworks Account Manager and the Conexant Account
Manager, the Conexant Account Manager will provide the Skyworks Account Manager
with daily updates on the progress to resolve the Emergency. In the event the
Account Managers are unable to resolve any matter, the dispute shall be resolved
in accordance with the dispute resolution procedures set forth in Section 13.2.
6.3 REPORTS. Monthly during the Term, Conexant will furnish to
Skyworks a report that shows Conexant's performance during the preceding month
of the IT Services measured against the applicable Service Levels.
6.4 SERVICE PERFORMANCE REVIEWS. The Account Managers will meet
formally each month and informally as needed in order to review Service Levels,
address new requirements, review outstanding issues and new issues and other
items as needed. Each Account Manager will submit to the other a list of agenda
items no less than twenty-four (24) hours prior to the scheduled meeting.
Meetings will be scheduled based on the availability of both Account Managers.
8
6.5 SOFTWARE LICENSE REPORTING. When either party recognizing a
Software license utilization problem, such Party shall report the problem to
both Account Managers immediately.
6.6 CHANGE REQUESTS. At the end of each calendar quarter, either
Party may request changes to the lists of Supported Software and/or Supported
Hardware by notifying the Account Manager of the other Party in writing of such
change request. The receiving Party shall have ten (10) business days to accept
or reject the requested change, provided that failure to respond to such change
request within such ten (10) day period shall be deemed acceptance.
7. PRICING & PAYMENTS
7.1 FEES FOR BASE SERVICES. Skyworks will pay Conexant each month
the Base Services Fee of $700,000 per month. The monthly Tower of Services fees
are as follows: remote site support $39,000, data center operations management
$210,000, IT infrastructure $205,000, applications $204,000, and programming
services $42,000. The parties hereby agree that they will meet on or before
February 1 of each year during the Term ("Rate Review Date") to discuss the fees
and Service Levels of the Towers of Service. In the event that a particular
Tower of Service is terminated pursuant to Section 12.2, the Base Services Fee
charged for the terminated services between the Rate Review Date and the
effective date of termination shall not be increased under this Section by more
than 10% of the rate in effect on the date of receipt of notice of termination
7.2 FEES FOR ADDITIONAL SERVICES. For each month during which
Conexant provides Additional Services, Skyworks will pay Conexant at the rates
or fees set forth in the applicable Additional Services Order (the "Additional
Services Fees").
7.3 EXPENSES. In addition to the Base Services Fee and Additional
Services Fees, Skyworks will reimburse Conexant for any actual and reasonable
expenses of the type identified in Attachment F attached hereto that are
incurred by Conexant in connection with performance of IT Services.
7.4 TAXES. The Base Services Fee and any Additional Services Fees
exclude all applicable excise, sales, use, gross receipts, value added, goods
and services, property, or other tax of any federal, state, or local taxing
authority ("Taxes") that may be imposed on the Base Services Fee or any
Additional Services Fees, and Skyworks will be responsible for payment of all
such Taxes and any related penalties and interest.
7.5 INVOICING. On or about the first day of each month, Conexant
will invoice Skyworks for an amount equal to the Base Services Fee for such
month, any applicable Additional Services Fees for the preceding month, any
expenses reimbursable under Section 7.3 and other amounts due under this
Agreement. Skyworks will pay in full the amount invoiced no later than thirty
(30) days after receipt of an invoice. Skyworks will pay interest on all
payments received more than thirty (30) days after the invoice date at the rate
of the lesser of the Prime rate published on the first day of the then most
recent month by the Wall Street Journal, plus four percent (4%), or the maximum
rate permitted by law. In the event Skyworks fails to pay any invoiced amount
within sixty (60) days after the date of the invoice (a "Payment Default")
Conexant shall have the right to suspend the performance of IT Services.
7.6 INVOICE RECORDS. Conexant will maintain complete and accurate
records of the fees billed to Skyworks in accordance with generally accepted
accounting principles. Conexant will
9
maintain such records applicable to fees for a period of one (1) year after
Skyworks is invoiced for such fees.
8. CONFIDENTIALITY
8.1 GENERAL. Notwithstanding any termination, expiration or
cancellation of this Agreement, the Parties agree that they will keep in
confidence and prevent the unauthorized use of, or disclosure to, any Person or
Persons (other than an employee, agent, subcontractor or division of a Party
hereto with a need to know solely to exercise the Parties' respective rights or
obligations under this Agreement and who are bound to protect such information
against any other use or disclosure) all data marked or otherwise properly
identified as proprietary or confidential and exchanged between the Parties and
the terms of this Agreement ("Confidential Information"). The Parties agree to
protect the Confidential Information by using the same degree of care, but no
less than a reasonable degree of care, to prevent the unauthorized use,
disclosure, dissemination or publication of the Confidential Information as the
Parties use to protect their own comparable confidential and proprietary
information. Confidential Information shall only be used by the receiving party
for the purposes of providing services under this Agreement. Any oral disclosure
of Confidential Information shall be identified as proprietary or confidential
at the time of disclosure and shall be reduced to writing within thirty (30)
days of such disclosure, and identified as Confidential Information by an
appropriate stamp or other reasonable form of identification.
8.2 EXCLUSIONS FROM NONDISCLOSURE OBLIGATIONS. The obligation of
confidentiality imposed on each Party pursuant to Section 8.1 above shall not
apply to any particular item of Confidential Information that the receiving
Party can prove was:
(a) rightfully in the possession of the receiving Party
without restrictions prior to receiving it from the disclosing Party;
(b) in the public domain prior to the date of this
Agreement or subsequently came into the public domain through no act of the
receiving Party;
(c) independently developed by the receiving Party,
without use of the Confidential Information, by personnel, consultants or third
party contractors under the control of the disclosing Party;
(d) lawfully received by the receiving Party without
restrictions from a source other than the disclosing Party; or
(e) disclosed pursuant to a valid order by a court or
other governmental body or otherwise necessary to comply with laws or
regulations provided that such Party shall give the other Party reasonable
advance notice of such proposed disclosure and shall use its commercially
reasonable efforts to secure confidential treatment of any such Confidential
Information. Any compelled disclosure shall be limited to the maximum disclosure
required by such order or applicable law.
8.3 REMEDY. Each Party hereby acknowledges the other party's claim
that any violation by such Party of the obligations described in this Section 8
will cause immediate and irreparable harm to the other Party. Accordingly, each
Party shall have the right to seek preliminary and final injunctive relief
without the requirement of posting a bond to enforce this Agreement in case of
any
10
actual or threatened breach of this Section 8, in addition to any other rights
and remedies in law or equity that may be available to such Party.
8.4 OWNERSHIP OF CONFIDENTIAL INFORMATION. All Confidential
Information (including all copies thereof) of a Party hereto shall at all times
remain the property of such Party. No rights or licenses to Intellectual
Property Rights are implied or granted under this Agreement, except as expressly
set forth herein.
9. ACCESS TO COMPUTER SYSTEMS BY IT PERSONNEL
9.1 SKYWORKS ACCESS. If Skyworks is given access to any Conexant
Hardware, Conexant Software, networks or electronic files owned or controlled by
Conexant, Skyworks shall limit such access and use solely to the extent required
to receive IT Services under this Agreement and shall not access or attempt to
access any Conexant Hardware, Conexant Software, networks or electronic files,
other than those specifically required to receive the IT Services. Skyworks
shall limit such access to those with a requirement to have such access in
connection with this Agreement, shall advise Conexant in writing of the name of
each such person and the duration (from date and to date) who will be granted
such access, and shall comply with all Conexant security rules and procedures
for use of Conexant's electronic resources that have been communicated in
writing to Skyworks. All user identification numbers and passwords disclosed to
Skyworks and any Conexant Confidential Information obtained by Skyworks as a
result of their access to and use of any Conexant Hardware, Conexant Software,
networks and electronic files owned or controlled by Conexant, shall be deemed
to be, and shall be treated as, Conexant Confidential Information under
applicable provisions of this Agreement. Skyworks agrees to cooperate with
Conexant in the investigation of any apparent unauthorized access by Skyworks to
any Conexant Hardware, Conexant Software, networks or electronic files owned or
controlled by Conexant, or any apparent unauthorized release of Conexant
Confidential Information by Skyworks employees. Nothing in this Agreement shall
require Conexant to provide access to any of its Conexant Hardware, Conexant
Software, networks or electronic files and any such access shall be at the
reasonable discretion of Conexant.
9.2 CONEXANT ACCESS. If Conexant is given access to any Skyworks
Hardware, Skyworks Software, networks, electronic files or clean rooms owned or
controlled by Skyworks, Conexant shall limit such access and use solely to the
extent required to provide IT Services under this Agreement and shall not access
or attempt to access any Skyworks Hardware, Skyworks Software, networks,
electronic files or clean rooms, other than those specifically required to
provide the IT Services. Conexant shall limit such access to those with a
requirement to have such access in connection with this Agreement, shall advise
Skyworks in writing of the name of each such person and the duration (from date
and to date) who will be granted such access, and shall comply with all Skyworks
security rules and procedures for use of Skyworks' electronic resources that
have been communicated in writing to Conexant. All user identification numbers
and passwords disclosed to Conexant and any Skyworks Confidential Information
obtained by Conexant as a result of their access to and use of any Skyworks
Hardware, Skyworks Software, networks, electronic files and clean rooms owned or
controlled by Skyworks, shall be deemed to be, and shall be treated as, Skyworks
Confidential Information under applicable provision of this Agreement. Conexant
agrees to cooperate with Skyworks in the investigation of any apparent
unauthorized access by Conexant to any Skyworks Hardware, Skyworks Software,
networks, clean-rooms or electronic files owned or controlled by Skyworks, or
any apparent unauthorized release of Skyworks Confidential Information by
Conexant employees. Nothing in this Agreement shall require Skyworks to provide
access to any of its Skyworks Hardware, Skyworks Software, networks, electronic
files or clean rooms and any
11
such access shall be at the reasonable discretion of Skyworks; provided, that if
such access is required to perform IT Services and is denied by Skyworks,
Conexant shall be relieved of its obligations to provide those IT Services that
are dependent on access, without any adjustment to the Base Service Fees.
9.3 PHYSICAL ACCESS RIGHTS. Each Party shall only be provided
access to the other Party's data center or data closet in accordance with this
Section 9 during normal business hours, accompanied by an escort of the Party
providing such access, and upon reasonable advanced notice of such access, which
shall not be less than twenty-four (24) hours, or as otherwise mutually agreed
between the Parties.
10. LIMITATIONS OF LIABILITY
10.1 WAIVER. IN NO EVENT SHALL EITHER PARTY BE LIABLE FOR ANY LOSS
OF PROFIT, INDIRECT, INCIDENTAL, SPECIAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES
ARISING OUT OF OR RELATING TO THIS AGREEMENT, EVEN IF ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES OCCURRING.
10.2 LIABILITY LIMIT. IN NO EVENT WILL THE AGGREGATE LIABILITY OF
CONEXANT OR SKYWORKS UNDER THIS AGREEMENT EXCEED $1 MILLION.
10.3 BASIS OF THE BARGAIN. EACH PARTY ACKNOWLEDGES THAT THE MUTUAL
LIMITATIONS OF LIABILITY CONTAINED IN THIS SECTION 10 REFLECT THE ALLOCATION OF
RISK SET FORTH IN THIS AGREEMENT AND THAT NEITHER PARTY WOULD ENTER INTO THIS
AGREEMENT WITHOUT THESE LIMITATIONS ON LIABILITY.
10.4 DISCLAIMER. THE SERVICES PROVIDED UNDER THIS AGREEMENT ARE
PROVIDED "AS IS." CONEXANT MAKES NO REPRESENTATIONS OR WARRANTIES UNDER THIS
AGREEMENT, AND CONEXANT DISCLAIMS ANY AND ALL REPRESENTATIONS OR WARRANTIES,
EXPRESS OR IMPLIED, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
11. INDEMNIFICATION
11.1 Skyworks will, at its expense, defend, indemnify, and hold
Conexant harmless from and against any and all claims, actions, demands, suits,
losses, liabilities, judgments, expenses and costs (including reasonable
attorneys' fees and fees of other professionals) ("Claims") (a) arising out of
or related to any failure of Skyworks to obtain Required Consents, (b) alleging
that Conexant's use, in accordance with this Agreement, of any Skyworks
Intellectual Property Rights infringes or misappropriates a third party's
Intellectual Property Rights, or (c) arising out of or relating to any personal
injury (including death) or loss or damage to tangible property (other than data
or information) to the extent such injury or damage is the result of negligence
or wrongful misconduct of Skyworks or its employees. Conexant will use
reasonable efforts to notify Skyworks promptly in writing of any Claim for which
Conexant believes it is entitled to indemnification under this Section 11.1;
however, Skyworks will be relieved of its indemnification obligations under this
Section 11.1 only if and to the extent that the failure to receive prompt notice
materially prejudices Skyworks' ability to defend the Claim. If Conexant tenders
defense of any such Claim to Skyworks, Skyworks
12
must assume and bear the cost of the defense of the Claim. Conexant may, at its
option and expense, retain its own counsel to participate in any proceeding
related to a Claim.
11.2 Conexant will, at its expense, defend, indemnify, and hold
Skyworks harmless from and against any and all Claims arising out of or relating
to any personal injury (including death) or loss or damage to tangible property
(other than data or information) to the extent such injury or damage is the
result of negligence or wrongful misconduct of Conexant or its employees.
Skyworks will use reasonable efforts to notify Conexant promptly in writing of
any Claim for which Skyworks believes it is entitled to indemnification under
this Section 11.2; however, Conexant will be relieved of its indemnification
obligations under this Section 11.2 only if and to the extent that the failure
to receive prompt notice materially prejudices Conexant's ability to defend the
Claim. If Skyworks tenders defense of any such Claim to Conexant, Conexant must
assume and bear the cost of the defense of the Claim. Skyworks may, at its
option and expense, retain its own counsel to participate in any proceeding
related to a Claim.
11.3 Neither Party shall have the right to settle any Claims in a
manner that would reasonably be expected to materially diminish the rights or
interests of the other Party without such other Party's prior written consent,
which shall not be unreasonably withheld or delayed. If the Party to whom the
defense is tendered fails to promptly assume the defense of such Claim, the
other Party may assume the defense of such Claim at the expense of the Party to
whom the defense was tendered.
12. TERM AND TERMINATION
12.1 TERM. The term of this Agreement (the "TERM") will begin on
the Effective Date and will continue until terminated pursuant to this Section
12.
12.2 TERMINATION FOR CONVENIENCE. Examples of termination under
this Section 12.2 are set forth in Attachment H.
(a) On or before each of the following dates: February 1
and August 1 of each year (each, a "Notice Date"), either Party may notify of
the intent to terminate this Agreement with respect to any Tower of Service by
providing the other Party with at least six (6) months advance written notice of
termination, unless the Parties mutually agree to a shorter period of notice.
The effective date of termination of any Tower of Service pursuant to the
previous sentence shall be six (6) months from the applicable Notice Date,
whether such notice is delivered on or before such Notice Date. In the event
either Party delivers notice of termination to the other Party pursuant to this
Section, the recipient of such notice shall have five (5) business days to
respond to such notice, during which time, the recipient Party may elect to
terminate (1) a Tower of Service described in (i), (ii) or (iii) of Section 1.26
if the other Party delivers notice of termination of a Tower of Service
described in (i), (ii) or (iii) of Section 1.26, or (2) a Tower of Service
described in (iv) or (v) of Section 1.26 if the other Party delivers notice of
termination of a Tower of Service described in (iv) or (v) of Section 1.26.
(b) If a Party has a justifiable concern regarding the
continuation of any Tower of Service, on or before the next Notice Date, such
Party may provide the other Party written notice of its intent to evaluate
termination of a Tower of Service on or before a date that is three (3) months
following the applicable Notice Date (an "Evaluation Date"). If any such notice
of evaluation is delivered in good faith, the Party delivering such notice may
elect to terminate the applicable Tower of Service on or before the applicable
Evaluation Date, which termination shall be effective six (6)
13
months following such Evaluation Date. If notice of termination is not received
by the applicable Evaluation Date, the expressed concern shall be deemed
alleviated.
(c) If either Party delivers notice of termination as set
forth in 12.2(a) or (b), such Party shall have up to ninety days (90) days to
request an extension. The Tower of Service shall then be extended for six (6)
months beyond the otherwise effective date of termination. The Parties may
mutually agree to adjust the applicable IT Services, Service Levels and charges
relating to the affected Tower of Service to reflect reduced IT Services during
such extension period.
(d) Only after delivery of notice of termination of a
particular Tower of Service in accordance with this Section 12.2, Skyworks may
utilize a third party for any such Tower of Service to ensure a smooth
transition away from Conexant by the time such Tower of Service is terminated.
In the event of termination of a Tower of Service, Conexant will use reasonable
efforts to assist Skyworks in the transition of such services, including, but
not limited to, data migration in a mutually agreed upon format, provided such
assistance does not unreasonably interfere with ordinary business operations of
Conexant.
12.3 TERMINATION FOR CAUSE. Each Party may terminate this Agreement
immediately, upon written notice, (i) if the other Party breaches any material
term of this Agreement and fails to cure such breach within thirty (30) days
after receipt by the breaching Party of written notice from the non-breaching
Party describing such breach; (ii) upon the institution by or against the other
Party of insolvency, receivership or bankruptcy proceedings or any other
proceedings for the settlement of the other Party's debts, (iii) upon the other
Party's making an assignment for the benefit of creditors, (iv) upon the other
Party's dissolution or ceasing to conduct business in the normal course, see
13.4 assignability or (v) the other Party's failure to pay its debts as they
mature in the ordinary course of business.
12.4 TERMINATION FOR PAYMENT DEFAULT. Conexant may terminate this
Agreement immediately, upon written notice, (i) if the Skyworks fails to satisfy
its payment obligations when due under the terms of this Agreement and fails to
cure such breach within ten (10) days after receipt of written notice from
Conexant of a Payment Default, or (ii) any time after Skyworks has failed to
satisfy its payment obligations when due under the terms of this Agreement on
three separate occasions. The Parties agree that Conexant's right to terminate
this Agreement under this Section shall not apply to amounts that are in dispute
and are in the process of being resolved in accordance with Section 13.2.
12.5 SURVIVAL. Sections 1, 2.5, 2.6, 7, 8, 10, 11 and 13 shall
survive termination of this Agreement for any reason.
12.6 FIRST CONSIDERATION. At the time that Skyworks discontinues
utilizing Conexant, in part or in total, as its IT service provider, Skyworks
will give Conexant IT employees first consideration for employment with Skyworks
in lieu of reduction in force by Conexant.
12.7 EMPLOYEE TERMINATION. Within ten (10) business days of receipt
of termination notification of any Tower of Service, payment of retention and
severance packages, if any, will be mutually agreed to in writing by the Chief
Information Officers and designated human resources officers of each Party. If
agreement cannot be reached within such ten (10) day period, all Service Levels
and charges relating to the terminated Tower of Servic e may be adjusted
accordingly to the extent that Service Levels or charges are affected by the
Parties inability to agree on retention and
14
severance packages. After receipt of termination notification of any Tower of
Service, the Parties shall meet monthly to discuss resolution of retention and
severance packages.
12.8 PASSWORDS AND DATA. Provided that termination of a Tower of
Service is not the result of a breach by Skyworks, upon termination of a Tower
of Service, Conexant will (i) deliver to Skyworks such passwords or other access
codes associated with the terminated Tower of Service as deemed appropriate in
Conexant's reasonable discretion and (ii) as soon as practicable, return all
Skyworks data to Skyworks in a mutually agreed upon format. Conexant shall not
be required to return data to Skyworks that is not readily separable from
Conexant data without compromising Conexant data or otherwise impeding the
operations of Conexant.
13. GENERAL
13.1 NOTICES. All notices, requests, claims, demands and other
communications required or permitted to be given hereunder shall be in writing
and shall be delivered and will be deemed given (a) when so delivered if
delivered by hand, (b) when written confirmation is received if delivered by
telecopier, (c) when e-mail confirmation is received if delivered by e-mail, (d)
three (3) business days after mailing in the case of registered or certified
mail, or (e) one (1) business day after mailing in the case of express mail or
overnight courier service. All such notices, requests, claims, demands and other
communications shall be addressed as set forth below, or pursuant to such other
instructions as may be designated in writing by the party to receive such
notice:
If to Skyworks, to:
Skyworks Solutions, Inc.
25 Computer Drive
Haverhill, MA 01832-1236
Attention: President
With copies to (not effective for purposes of notice):
Skyworks Solutions, Inc. Skyworks Solutions, Inc.
4311 Jamboree Road 4311 Jamboree Road
Newport Beach, CA 92660-3095 Newport Beach, CA 92660-3095
Attention: General Counsel Attention: Chief Information Officer
or if to Conexant, to:
Conexant Systems, Inc.
4311 Jamboree Road
Newport Beach, CA 92660-3095
Attention: Chief Executive Officer
With copies to (not effective for purposes of notice):
Conexant Systems, Inc. Conexant Systems, Inc.
4311 Jamboree Road 4311 Jamboree Road
Newport Beach, CA 92660-3095 Newport Beach, CA 92660-3095
Attention: General Counsel Attention: Chief Information Officer
15
13.2 CHOICE OF LAW; DISPUTE RESOLUTION.
(a) This Agreement and the rights and obligations of the
Parties hereunder shall be governed by the substantive laws of the State of
California applicable to contracts made and to be performed therein, without
reference to principles of conflicts of laws. In the event that any dispute,
claim or controversy (collectively, a "Dispute") arises out of or relates to any
provision of this Agreement or the breach, performance or validity or invalidity
thereof, an appropriate authorized manager of Conexant and an appropriate
authorized manager of Skyworks shall attempt a good faith resolution of such
Dispute within thirty (30) days after either Party notifies the other of such
Dispute. If such Dispute is not resolved within thirty (30) days of such
notification, such Dispute will be referred for resolution to the Skyworks
President and the Conexant Chief Executive Officer. Should they be unable to
resolve such Dispute within thirty (30) days following such referral to them, or
within such other time as they may agree, Skyworks and Conexant shall submit
such Dispute to binding arbitration, initiated and conducted in accordance with
the then-existing American Arbitration Association Commercial Arbitration Rules,
before a single arbitrator selected jointly by Conexant and Skyworks. If
Conexant and Skyworks cannot agree upon the identity of an arbitrator within ten
(10) days after the arbitration process is initiated, then the arbitration shall
be conducted before three (3) arbitrators, one (1) selected by Conexant, one (1)
selected by Skyworks, and the third selected by the first two. The arbitration
shall be conducted in the County of Orange, California and shall be governed by
the United States Arbitration Act, 9 USC Section 116, and judgment upon the
award may be entered by any court having jurisdiction thereof. The
arbitrator(s) shall have case management authority and shall resolve the Dispute
in a final award within one hundred eighty (180) days from the commencement of
the arbitration action, subject to any extension of time thereof allowed by the
arbitrators upon good cause shown. There shall be no appeal from the arbitral
award, except for fraud committed by an arbitrator in carrying out his or her
duties under the aforesaid rules; otherwise the Parties irrevocably waive their
rights to judicial review of any Dispute arising out of or related to this
Agreement. Notwithstanding the foregoing, either Party may pursue immediate
equitable relief in the event of a breach of Section 8 or an alleged violation
or misappropriation of the Intellectual Property Rights of either Party.
(b) During any period in which the Parties are resolving
a Dispute pursuant to this Section 13.2, the Parties shall continue to provide
the services and support pursuant to the terms of this Agreement; provided,
however, that (i) if the Parties jointly determine that any such services or
support shall be suspended during the period in which the Parties are resolving
a Dispute, then the deadlines and time periods in which such services and/or
support are to be provided pursuant to this Agreement (as described herein)
shall be extended for the same amount of time as the services and/or support
were suspended, and (ii) if the Dispute pertains to the payment of fees due
under the terms of this Agreement or any Additional Services Order, the Party
claiming entitlement to such fees may suspend the provision of services until
the other Party pays such amounts in Dispute or deposits such amounts with a
neutral third party in escrow for distribution upon resolution of the Dispute.
13.3 FORCE MAJEURE. Neither Party will be liable for delays or
failure to perform the Services if due to any cause or conditions beyond its
reasonable control, including delays or failures due to acts of God, natural
disasters, acts of civil or military authority, fire, flood, earthquake,
strikes, wars, or utility disruptions (shortage of power).
13.4 ASSIGNMENT. Neither Party shall assign or subcontract its
rights and obligations under this Agreement without the prior written consent of
the other Party, which may not be unreasonably withheld or delayed.
Notwithstanding the foregoing, each Party may assign, delegate
16
or sublicense all or any portion of its rights and obligations under this
Agreement to (i) the surviving entity resulting from a merger or consolidation
involving such Party, (ii) the acquiring entity of a sale or other disposition
of all or substantially all of the assets of such Party as a whole or of any
line of business or division of such Party, or (iii) any other party that is
created as a result of a spin-off from, or similar reorganization transaction
of, such Party or any line of business or division of such Party, including,
without limitation, a subsidiary of Conexant into which the assets of Conexant's
information technology organization are transferred; provided that, in no event
shall either Party assign delegate or sublicense any of its rights or
obligations under this Agreement to any party that is engaged in a business that
is similar to or competitive with the other Party without such other Party's
prior written consent, which may not be unreasonably withheld or delayed. In the
event of an assignment pursuant to (ii) or (iii) above, Skyworks and Conexant
shall, at the assigning Party's request, use good faith, commercially reasonable
efforts to enter into separate agreements with each of the resulting entities
and take such further actions as may be reasonably required to assure that the
rights and obligations under this Agreement are preserved, in the aggregate, and
divided equitably between such entities.
13.5 ENTIRE AGREEMENT; AMENDMENT; WAIVERS. This Agreement, together
with all Attachments hereto, constitutes the entire agreement between the
Parties pertaining to the subject matter hereof and supersedes all prior
agreements, understandings, negotiations and discussions, whether oral or
written, of the Parties. No supplement, modification or waiver of this Agreement
shall be binding unless executed in writing by the Party to be bound thereby. No
waiver of any of the provisions of this Agreement shall be deemed or shall
constitute a waiver of any other provision hereof (whether or not similar), nor
shall such waiver constitute a continuing waiver unless otherwise expressly
provided.
13.6 INVALIDITY. In the event that any one or more of the
provisions contained in this Agreement or in any other instrument referred to
herein, is, for any reason, held to be invalid, illegal or unenforceable in any
respect, such invalidity, illegality or unenforceability shall not affect any
other provision of this Agreement or any other such instrument and the invalid,
illegal or unenforceable provision shall be deemed modified so as to be valid,
legal and enforceable to the maximum extent allowed under applicable law.
13.7 CONSTRUCTION. The headings of the Sections herein are inserted
for convenience of reference only and are not intended to be a part of or to
affect the meaning or interpretation of this Agreement. All Section and
Attachment references in this Agreement are to Sections and Attachments,
respectively, of or to this Agreement unless specified otherwise. Unless
expressly stated otherwise, when used in this Agreement the word "including"
means "including but not limited to." The Parties have participated jointly in
the negotiation and drafting of this Agreement. If an ambiguity or question of
intent or interpretation arises, this Agreement shall be construed as if drafted
jointly by the Parties, and no presumption or burden of proof will arise or
disfavoring any Party by virtue of the authorship of any provisions of this
Agreement.
13.8 PARTIES OBLIGATED AND BENEFITED. This Agreement will be
binding upon the Parties hereto and their respective permitted assigns and
successors in interest and will inure solely to the benefit of such Parties and
their respective permitted assigns and successors in interest, and no other
Person.
13.9 RELATIONSHIP. Nothing in this Agreement shall be deemed or
construed as creating a joint venture or partnership between the Parties.
Neither Party is by virtue of this Agreement
17
authorized as an agent, employee, or legal representative of the other Party,
and the relationship of the Parties is, and at all times will continue to be,
that of independent contractors.
13.10 NO EMPLOYEE SOLICITATION. Without the other Party's written
consent, during the Term of this Agreement and for a period of twelve (12)
months thereafter, each Party agrees not to hire, contract with, or solicit for
hire any IT personnel previously employed by such other Party in the twelve (12)
months immediately preceding such hiring, contracting, or soliciting and with
whom the hiring, contracting or soliciting Party had material contact in
connection with the performance of IT Services during the Term of this
Agreement. Notwithstanding the foregoing, this Section does not preclude either
Party from contracting with third-party vendors engaged by the other Party.
Nothing in this Section shall be deemed to reduce or otherwise amend each
Party's non-solicitation obligations under the Contribution and Distribution
Agreement between Conexant and Washington dated December 16, 2001 or any other
documents executed in connection with the Merger.
13.11 COUNTERPARTS. This Agreement may be executed in one or more
counterparts, each of which will be deemed to be an original but all of which
will constitute one and the same agreement.
13.12 EXECUTION. This Agreement may be executed by facsimile
signatures and such signature will be deemed binding for all purposes of this
Agreement, without delivery of an original signature being thereafter required.
18
The Parties have executed this Information Technology Service Agreement as of
the Effective Date.
CONEXANT SYSTEMS, INC.
By: /s/ Dennis E. O' Reilly
-----------------------------------
Name: Dennis E. O' Reilly
Title: Senior Vice President, General
Counsel and Secretary
ALPHA INDUSTRIES, INC.
By: /s/ Paul E. Vincent
-----------------------------------
Name: Paul E. Vincent
Title: Vice President, Chief Financial
Officer, Treasure and Secretary
19
ATTACHMENT A
BASE SERVICES
The Base Services consist of the services described in this Attachment A. A
summary of the Service Levels described herein is set forth on Attachment I. The
Service Levels may change from time to time upon mutual agreement of the
Parties.
1. Application Support. Conexant will provide computer security, architecture
& technology services and application support to the Skyworks Locations
for the number of access accounts listed in Attachment B.1.
a. Communication with the third-party application vendor on licenses,
bug fixes, upgrades and updates, new products, and consulting
services.
b. Troubleshooting of Supported Software application issues.
c. Changes to current configuration, if required to support business
processes.
d. Training on systems, explanation of current and future
functionalities.
e. Granting access privileges, account maintenance, new account
creation, security architecture and other application infrastructure
services.
f. Attachment K represents the maximum support to be provided by each
party. If and when any one of these limits are exceeded, both Account
Managers will take action within one (1) month to reprioritize tasks
and/or projects to bring the support requirement into compliance with
Attachment K.
g. Service Level. Each party will respond by confirming the receipt of
all of the other party's questions, issues and requests within eight
(8) Service Hours after receipt. Each party may require all issues to
be communicated in a specific format that is reasonable, through a
readily accessible specific media such as an intranet application.
Each party will assign a priority to each request, and communicate an
estimate of a completion date within a reasonable time. Each party
shall assign priorities to support requests without regard to their
source.
2. Programming Services. Conexant will provide modifications (to the extent
permitted by any third party licensor) to Supported Software applications
or their extensions, including reports. Programming services shall be
provided by seven full-time equivalent personnel of Conexant dedicated to
such support services. Such services will be provided for Skywork
Locations as requested by Skyworks personnel. These services consist of
First Level and Second Level Support for the following:
a. Modifications to Supported Software applications or application
extensions to fix bugs/issues, support changes in business processes,
or to extend functionality.
b. Modifications to change reporting databases or output reports,
through addition of new data fields, changes to existing data fields,
new formats and/or views.
A-1
c. Modifications to interfaces to reflect minor database changes, and
additions or modifications to data fields.
d. Creation of new reports from existing applications or reporting
databases.
e. Conexant will be responsible for all communication with third party
programming contract resources acquired by Conexant to complete any
of Skyworks programming requests.
f. The management, direction and selection of third-party programming
resources engaged by Conexant will be the responsibility of Conexant.
g. Service Levels. Conexant will respond by confirming the receipt of
all Skyworks questions, issues and requests relating to the foregoing
programming services within eight (8) Service Hours after receipt.
If Conexant set priorities, Conexant will assign a priority to each
request, and communicate an estimate of a completion date within a
reasonable time, provided, however, that Conexant shall assign
priorities to both Skyworks and Conexant requests without regard to
their source. Conexant may require all issues to be communicated in a
specific format that is reasonable, through a readily accessible
specific media such as an intranet application. Skyworks may elect to
expedite the request through a funded (by Skyworks) acquisition of
additional programming effort as agreed as an Additional Service.
3. Remote Site Support Services. Conexant will provide reasonable support of
Supported Software and Supported Hardware located on the desktops of
Supported Washington Personnel at the Washington Locations in Europe and
Asia Pacific. First Level and Second Level Support will be provided.
a. Acquisition and installation of new printers, Supported Hardware PCs,
and desktop Supported Software purchased by Skyworks for the
Washington Business and upgrades of Supported Hardware PCs and
remote-site Supported Software purchased by Skyworks are limited to
an aggregate of six (6) installations, moves or upgrades per week in
Asia Pacific or Europe. Support outside of Service Hours or more than
an aggregate of six (6) installations, moves or upgrades per week
during Service Hours will require Skyworks to cover expenses. All
overtime and contract services must be approved in advance.
b. Reasonable virus removal as requested from supported networked
computers, in accordance with Conexant current policies. Infected
Supported Hardware PCs must be first isolated from the network and
will be put back in service only after the infection is cleaned.
Remote Locations will be a coordinated effort through a local vendor.
c. Reasonable troubleshooting of PC Supported Hardware and desktop
Supported Software, within 2 releases of current standards.
d. Creation and management of print queues for Asia Pacific and Europe.
A-2
e. Service Levels. Conexant will respond within eight (8) Service Hours
of the ticket being created. In addition, Conexant will resolve at
least 50% of the problems reported within sixteen (16) Service Hours,
according to the policies of the system used to track IT Operations
Department related problems. In the event Remote Locations are moved
or closed, the Parties shall mutually agree to adjustments in the IT
Services, Service Levels and charges as appropriate to reflect the
move or closure.
4. Infrastructure Services - Wire Line Telephony. Conexant will provide
installation of new telephones and voicemail software purchased by
Skyworks for the Washington Business, provided that no more than 600 wired
telephone lines in Newport Beach shall be required to be managed
simultaneously. Conexant will use commercially reasonable efforts to
provide such services at all Washington Locations. Conexant will provide
Second Level Support for Newbury Park and Mexicali and First and Second
Level Support for all other Washington Locations. Telecommunications
management will be provided for all Washington Locations.
a. Moves, adds and changes will be coordinated with local support
personnel for all Washington Locations for the following telephony,
voicemail, cabling and network provided services.
- Local dial-tone
- Long distance dedicated or switched access
- Toll-free service
- Seven-digit dial plan - voice private network
- Authorization codes
- Phone cards
- Voice network mgmt. - trouble tracking
- Audio - conferencing
- On-demand conferencing
- Fax messaging
- Global "voice" messaging
- Local voicemail distribution list
- System maintenance
- Call accounting
- Telco facilities
- SOHO
- Telecom lines and circuit tracking
- Telecom billing
b. Where Conexant utilizes its own personnel for moves, adds and changes
to existing services during Service Hours, services are limited to
three (3) moves, adds or changes per week on the Newport Beach
campus. Support outside of Service Hours or more than three (3)
moves, adds or changes per week during Service Hours will require
Skyworks to cover expenses. Remote locations will be limited to ten
(10) moves, adds or changes per week, supported remotely.
c. Cabling services and dedicated telephony circuits and phone lines
will be charged on a per job or per line basis as Additional
Services.
A-3
d. Service Levels. All administration related tasks (Ex: PBX and
voice-mail moves, adds, and changes) will be responded to within four
(4) Service Hours of the ticket being created. In addition, Conexant
will address at least 50% of the problems reported within sixteen
(16) Service Hours according to the policies of the system used to
track IT Operations Department related problems.
e. Conexant will inform the Skyworks Account Manager on a hourly basis
as to when any phone outage impacts more than ten (10) people or a
complete site and Conexant will use continuous efforts to resolve any
such outage.
5. Infrastructure Services - Video Telephony. Conexant will provide all video
services on a request basis. The request will be reported through the
proper channels. Supported Washington Personnel will log a ticket to
request support for the following services.
a. El Capitan Auditorium IT support will be limited to three (3)
meetings (not to exceed four (4) hours per meeting) per month. Any
excess will be billed as an Additional Service.
b. The following video telephony services are supported:
(i) on-demand streaming video;
(ii) web conferencing and on-line collaboration ;
(iii) video-conferencing bridged calls;
(iv) ISDN connectivity;
(v) media ( streaming ) player management;
(vi) global video - systems management;
(vii) WAN - video IP;
(viii) global address book; and
(ix) company video broadcast.
c. Service Levels. All requests will be responded to within four (4)
Service Hours of the ticket being created. In addition, Conexant will
address at least 50% of the problems reported within sixteen (16)
Service Hours according to the policies of the system used to track
IT Operations Department related problems.
6. Infrastructure Services - LAN Services. Conexant will provide support of
current local area networks (data networks) in place at the Washington
Locations. Conexant will provide First Level Support at all Washington
Locations, except Newbury Park, Ottawa and Mexicali. Second Level Support
will be provided at all Washington Locations, including Newbury Park,
Ottawa and Mexicali.
A-4
a. Reasonable configuration of the speed and duplex settings for
existing switches in the Skyworks network for the Washington
Business.
b. Reasonable monitoring of the network switches in the Washington
network. Identifying & correcting misbehaving devices by first
isolating them from the Skyworks production network for the
Washington Business.
c. Reasonable configuration and management of the VLANs and their
routing in the network for the Washington Business.
d. Reasonable support of internal DNS changes using the Conexant tool
during regular Service Hours. Support outside of Service Hours will
require Skyworks to cover for overtime-related expenses.
e. Reasonable support for primary & backup DHCP servers. 7x24 support
will be provided for DHCP related problems in the network for
Skyworks Locations.
f. Only Conexant will have both read and read/write (second level
access) access to the network Hardware that is being managed.
g. Service Levels. Conexant will respond within two (2) Service Hours of
the ticket being created. In addition, Conexant will address at least
50% of the problems reported within sixteen (16) Service Hours
according to the policies of the system used to track IT Operations
Department related problems
7. Infrastructure Services - Remote Access & Small Office Home Office
("SOHO") Services. Conexant will provide support of current remote access
for all Skyworks Locations. Conexant will provide First and Second Level
Support.
a. Reasonable installation, configuration, monitoring, and management of
the remote access servers for the number of access accounts set forth
opposite the services listed in Attachment B.1. These access servers
may be shared with Conexant and other companies supported by
Conexant.
b. Reasonable installation, configuration, monitoring, and management of
the Authentication, Authorization, and Accounting (AAA) servers. The
AAA servers will be shared with Conexant and other companies that are
supported by Conexant.
c. Reasonable installation, configuration, monitoring, and management of
the Ace servers for strong authentication of remote access users not
to exceed 200 additional users. The Ace server will be shared with
Conexant and other companies supported by Conexant. Skyworks will
purchase all secure ID tokens and any necessary software licenses for
new access that is needed by Skyworks personnel.
d. Reasonable installation, configuration, monitoring, and management of
the VPN servers. The VPN servers will be shared with Conexant and
other companies supported by Conexant.
e. Monitoring and management of the hardware and software VPN clients.
A-5
f. Mutually agreed to Skyworks upgrades, other than Conexant upgrades,
will be done as Additional Services.
g. Service Levels. Conexant will respond within eight (8) Service Hours
of the ticket being created. In addition, Conexant will address at
least 50% of the problems reported within sixteen (16) Service Hours
according to the policies of the system used to track IT Operations
Department related problems.
8. Infrastructure Services - Internet Services. Conexant will provide support
of Internet access for personnel at Skyworks Locations. Conexant will
provide First and Second Level Support.
a. The personnel must observe Conexant's Security and firewall policy
while participating in any Internet activity.
b. Only Skyworks client PCs with static IP addresses or an entire subnet
will be blocked from accessing the Internet.
c. Conexant will provide Internet access. This Internet access may be
shared with Conexant and other companies supported by Conexant.
d. Reasonable installation, configuration, monitoring, and management of
the firewalls. These firewalls may be shared with Conexant and other
companies supported by Conexant.
e. Requests for planned changes to the firewall policy need to be
received one week prior to the change for design validation &
verification. Urgent changes will be accommodated within eight (8)
Service Hours for an additional cost, as agreed as an Additional
Service.
f. Service Levels. Conexant will respond within 8 Service Hours of the
ticket being created. In addition, Conexant will address at least 50%
of the problems reported within sixteen (16) Service Hours according
to the policies of the system used to track IT Operations Department
related problems.
g. Conexant will inform the Skyworks Account Manager on a hourly basis
as to when any Internet outage impacts more than ten (10) people or a
complete site and Conexant will use continuous efforts to resolve the
outage.
9. Infrastructure Services - WAN Services. Conexant will provide support of
the wide area network infrastructure at all Skyworks Locations. The
network hardware may be shared with Conexant and other companies supported
by Conexant. Conexant will provide First and Second Level Support.
a. Reasonable monitoring of the WAN on a 7x24 basis.
b. Reasonable monitoring of the network routers in the network.
c. Reasonable configuration and management of the WAN circuits and their
routing in the network.
A-6
d. Reasonable configuration and management of existing network Hardware
that meet Conexant's hardware standards in place today.
e. Reasonable upgrades to the Hardware and Software in the network
Hardware.
f. WAN upgrades, WAN downgrades, WAN adds, moves and changes must be
approved by Conexant in advance.
g. WAN upgrades, WAN downgrades, WAN adds, moves and changes requested
by Skyworks may be considered as Additional Services, depending on
the scope.
h. Monthly reporting on utilization will be made available to the
Skyworks Account Manager.
i. Only Conexant will have both read and read/write (second level
access) access to the network Hardware that is being managed.
j. Dedicated leased lines & frame relay connections will be charged on a
per line basis as Additional Services.
k. Service Levels. Conexant will respond within two (2) Service Hours of
the ticket being created. In addition, Conexant will address at least
70% of the problems reported within eight (8) Service Hours according
to the policies of the system used to track IT Operations Department
related problems.
l. Conexant will inform the Skyworks Account Manager on an hourly basis
as to when any WAN outage impacts more than ten (10) people or a
complete site and Conexant will use continuous efforts to resolve the
outage.
10. Infrastructure Services - Email Services. Conexant will provide management
of the email infrastructure at the Skyworks Locations.
a. Reasonable support of email configuration until the transition from
Lotus Notes is complete.
b. Reasonable support of the data migration of email files from Lotus
Notes to Microsoft Exchange.
c. Validation of SMTP will be the responsibility of Skyworks.
A-7
11. Infrastructure Services; Groupware Services. Skyworks will provide First
Level Support, and Conexant will provide Second Level Support.
a. Conexant will reasonably support the creation of new accounts;
certification and troubleshooting of Lotus Notes Groupware for
personnel at Skyworks Locations. New account creation is not to
exceed 500 existing Skyworks employee accounts during the Term of
this Agreement. Skyworks is responsible for the purchase of the
associated account licenses.
b. Conexant will provide reasonable infrastructure support to Groupware
related applications accessed by personnel at Skyworks Locations.
c. Conexant will provide reasonable web application hosting for "web
based" Lotus Notes/Domino databases accessed by personnel at Skyworks
Locations as of the Effective Date.
d. Conexant will provide access to Lotus Notes based "Teamrooms,
discussion databases, and group mail boxes" accessed by personnel at
Skyworks Locations.
e. Service Levels. Conexant will respond within eight (8) Service Hours
of the ticket being created. In addition, Conexant will resolve at
least 50% of the problems reported within sixteen (16) Service Hours,
according to the policies of the system used to track IT Operations
Department related problems.
12. Data Center Services. Conexant will provide reasonable support of all
applications, hardware platforms and backup infrastructure hosted in a
Conexant managed data center (except Newbury Park, Ottawa and Mexicali),
including 7x24x365 service where necessary. Conexant will provide First
and Second Level Support. These services consist of:
a. Supports all Supported Hardware servers under current maintenance
agreements. The system instances covered include production, training
and development.
b. Supports all Supported Hardware and Supported Software upgrades and
patches.
c. Conexant reserves the right to refuse upgrades on shared resources.
d. Supports hardware configuration changes (e.g. disk space and
printers). Configuration changes of Supported Software applications
(e.g. new instances and database refreshes.
e. System management, troubleshooting, performance tuning and capacity
planning of system related issues
f. Granting access privileges, account maintenance, and new account
creation as reasonably requested.
g. Transport application changes to production will be based on
Conexant's current established procedures.
h. Any new server installations will be treated as Additional Services.
A-8
i. Data backup conducted in a manner consistent with past practices of
Conexant.
j. Service Level. Conexant will respond within eight (8) Services Hours
of the ticket being created. Conexant may require all issues to be
communicated in a specific format that is reasonable, through a
readily accessible specific media such as an intranet application. If
Conexant set priorities, Conexant will assign a priority to each
request, and communicate an estimate of a completion date within a
reasonable time, provided, however, that Conexant shall assign
priorities to both Skyworks and Conexant requests without regard to
their source.
k. Mission Critical Support: Conexant will respond to mission critical
problems within 1 hour and make continuous effort to resolve the
problem to the extent that it is related to the data center operation
management (SAP, Adexa, DMS and PROMIS). All mission critical
problems will have a "root cause' analysis completed and sent to the
Account Managers once the problem has been resolved.
A-9
ATTACHMENT B
B.1 - APPLICATIONS AND
NUMBER OF SYSTEM ACCESS ACCOUNTS FOR THE WASHINGTON BUSINESS
The number of users set forth below may increase or decrease by up to
ten percent (10%) without affecting the Base Services Fee. Any increase in the
number of users above ten percent (10%) shall be Additional Services.
APPLICATIONS LICENSE TYPE ACCESS ACCOUNTS
- ------------ ------------ ---------------
Lotus Notes Named 1951
SAP - Production Named 258
PROMIS Concurrent 1636
Sherpa DMS Server and Concurrent 561
Viador Server 148
iPlanet LDAP Server 1315
Adexa Server 8
SERVICES ACCESS ACCOUNTS
- -------- ---------------
Remote - Modem Dial-up 620
Remote - Cox Cable 51
Remote - Private DSL 53
B-1
ATTACHMENT B
B.2 - WASHINGTON LOCATIONS
APAC (ASIA/PACIFIC REGION)
BEIJING, CHINA
Unit 2421 South Office Tower
Beijing Kerry Centre 1
Guang Hua Road
Chao Yang District
TAEGU, KOREA
13F Sambee Bldg.,
559-0 Bumeo-1 Dong
Soosung-Gu, Taegu, Korea 706-011
SEOUL, KOREA
Rm 1508 Textile Centre Building
944-31, Daechi-3 Dong
Kangnam-Ku 135-283
Seoul Korea
HONG KONG, CHINA
Rm 2501-2513 & 2532-2540
Sun Hung Kai Centre
30 Harbour Road Wanchai
Hong Kong
SHANGHAI, CHINA
Lucky Target Square Bldg. 31st flr
Suite 3102, 500 Chengdu
North Road, Shanghai 200003
P.R.C.
TAIPEI, TAIWAN
Room 2808, International Trade Bldg.
333 Keelung Road, Section 1
Taipei, 110 Taiwan R.O.C.
TOKYO, JAPAN
Shimomoto Building
1-46-3 Hatsudai, Shibuya-ku
Tokyo, 151-0061 Japan
EUROPE
CAMBRIDGE, UK
St. Johns Innovation Centre
B-2
Cowely Road, Cambridge, Cb4
0WS UK
DENMARK
Parallelvej 10 2800
Lyngby, Copenhagen
Denmark
HELSINKI, FINLAND
Ayritie 12a
01510 Vantaa
Finland
LEMANS, FRANCE
2 Ave. Pierre Piffault, 72100
Lemans, France
MUNICH, GERMANY
Paul-Gerhardt-Allee 50 A
81245 Munchen, Germany
PARIS, FRANCE
Immeuble "Le Franklin"
34 Avenue Franklin Roosevelt - BP92
92159 Suresnes Cedex
France
NICE, FRANCE
Les Taissounieres B1
1680 Route des Dolines, BP 283
06905 Sophia Antipolis Cedex
France
READING, ENGLAND
100 Longwater Avenue Green Park
Reading Berkshire RG2 6GP
England
NORTH AMERICA
CEDAR RAPIDS, IA
4840 North River Blvd, NE
Cedar Rapids, IA 52402
HILLSBORO, OR
3000 NW Stucki Place
3000 Bldg, Suite 220
Hillsboro, OR 97124
IRVING, TX
B-3
750 W. Carpenter
Suite 300
Irving, TX 75039
NEWBURY PARK, CA (includes all buildings at the Newbury Park campus)
2427 West Hillcrest Drive
Newbury Park, CA 91320
NEWPORT BEACH, CA (includes all buildings at the Newport Beach campus)
4311 Jamboree Road
Newport Beach CA 92660
RALEIGH, NC
1121 Situs Court
Suite 330
Raleigh, NC 27606
SAN DIEGO, CA (includes all buildings at the San Diego campus)
9868 Scranton Road
San Diego, CA 92121
SAN JOSE, CA
2075 Zanker Road
San Jose, CA 95037
SANTA ROSA, CA
120 Stony Point Road, Suite 105
Santa Rosa, CA 95401
MEXICALI, MEXICO
Ave. Ignacio Lopez Rayon 1699
21050 Mexicali, BC Mexico
OTTAWA, CANADA
146 Colonnade Road
S.Nepean, Ontario, Canada
K2E 7Y1
CALEXICO, CA
AF Romero Warehouse
291 Avenida Campillo Suite E
Calexico, CA 92231
B-4
ATTACHMENT B
B.3 - ALPHA LOCATIONS
NORTH AMERICA
HAVERHILL, MA
25 Computer Drive
Haverhill, MA 01832
WOBURN, MA
20 Sylvan Road
Woburn, MA 01801
SUNNYVALE, CA
1230 Bordeaux Drive
Sunnyvale, CA 94089
MUNDELEIN, IL
112 Terrace Drive
Mundelein, IL 60060
ADAMSTOWN, MD
5520 Adamstown Road
Adamstown, Maryland 21710
FREMONT, CA
43194 Christy Street
Fremont, CA 94538
APAC (ASIA/PACIFIC REGION)
HONG KONG, CHINA
39/ F., One Pacific Place
88 Queensway, Admiralty
Hong Kong
EUROPE
MILTON KEYNES, U.K.
494 Midsummer Boulevard
Central Milton Keynes
Buckinghamshire, MK9-ZEA
B-5
MAZAN, FRANCE
430 La Venue de Mormoiron
84.380 Mazan
France
CO. CLARE IRELAND
9 Woodbrok
Cratloekeel, Co. Clare
Ireland
B-6
ATTACHMENT C
C.1 - SUPPORTED APPLICATIONS
- --------------------------------------------------------------------------------
APPLICATION NAME
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - FINANCE
- --------------------------------------------------------------------------------
SAP R/3 - FI/CO/IM*
PROMIS - Costing*
Lotus Notes/Domino - EPRS/FAA*
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - GENERAL COUNSEL
- --------------------------------------------------------------------------------
Lotus Notes/Domino - IDS/NDA*
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - PAYROLL
- --------------------------------------------------------------------------------
ProBusiness - Payroll
Kronos
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - STOCK PROCESSING
- --------------------------------------------------------------------------------
Chase Mellon
Fidelity
Exercise Excel System
Deferred Compensation System
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - HUMAN RESOURCES
- --------------------------------------------------------------------------------
SAP HR Modules*
Employ!
ESS
Employment Verification System
Travel Arrangement System
HR Datamart
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - BENEFITS PROCESSING
- --------------------------------------------------------------------------------
FSA
Sageo
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - ERP APPLICATIONS
- --------------------------------------------------------------------------------
SAP R/3*
SAP ITS (Internet Transaction System)*
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - WEB APPLICATIONS
- --------------------------------------------------------------------------------
Lotus Notes/Domino*
Web development
Custom developed Lotus Notes/Domino Workflow and Web applications*
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - WORLD WIDE SALES
- --------------------------------------------------------------------------------
SAP Sales & Distribution Module*
SAP Incentive & Commissions Planning Module*
SAP Foreign Trade Module*
Design Tracking System (DTS)
Field Sales Forecast (FSF)
POS
E-Biz (Order Status, Shipment Status, Account Status, Incentive Report and
Order Entry)
- --------------------------------------------------------------------------------
C-1
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - WORLD WIDE QUALITY
- --------------------------------------------------------------------------------
SAP - Quality Management Module*
QSI ISO Tracking System
RMA Tracking System
e-RMA System
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - SUPPLY CHAIN MANAGEMENT
- --------------------------------------------------------------------------------
Adexa Supply Chain Planning*
SAP Sales and Distribution Module*
SAP Materials Management Module*
Supply Demand Data Mart
Excess Inventory System
Merlin forecasting system (Mimi) (or replacement)
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - OPERATIONS
- --------------------------------------------------------------------------------
PROMIS WIP Tracking*
DMS - Product Data Management System*
Lotus Notes Databases
Extricity (or replacement)
RS1
Ops Web Pages
OEE Database
DDR Reporting
- --------------------------------------------------------------------------------
MAJOR APPLICATIONS - INFRASTRUCTURE
- --------------------------------------------------------------------------------
Data Warehouse
Tibco Middleware
Accounts Security Database
Oblix Single Sign-On Environment/LDAP Directories
BMQ
Multinet
Oracle
Replic Action
Viador
Informatica
- --------------------------------------------------------------------------------
*Indicates that the application is a Core Application for purposes of Section
5.1(a) of the Agreement.
C-2
ATTACHMENT C
SUPPORTED SOFTWARE
C.2 - DESKTOP
SITE LICENSED SOFTWARE
Netscape
Netswitcher
McAfee
WinZip
Adobe Acrobat Reader
Ghost
NON-SITE LICENSED SOFTWARE
Lotus Notes R5
Windows 95 and subsequent versions of Windows
MS Office Suites
MS Access
MS Project
MS SMS
Reflections Suite for X
Exceed
AutoCAD, Auto CAD Lite
Visio
Kea Term
Adobe Acrobat Write
C-3
ATTACHMENT C
SUPPORTED SOFTWARE
C.3 - APPLICATIONS NOT SUPPORTED
This list should not be considered comprehensive. The exclusion of
these applications from Supported Software does not affect Conexant's
obligations to backup data pursuant to Section 12.i. of Attachment A.
- ------------------------------------------------------
MAJOR APPLICATIONS - FINANCE
- ------------------------------------------------------
Hyperion
- ------------------------------------------------------
MAJOR APPLICATIONS - GENERAL COUNSEL
- ------------------------------------------------------
CPI Intellectual Property Management System
Case Track - Legal Matter Management System
- ------------------------------------------------------
MAJOR APPLICATIONS - HUMAN RESOURCES
- ------------------------------------------------------
Kadiri
- ------------------------------------------------------
MAJOR APPLICATIONS - BENEFITS PROCESSING
- ------------------------------------------------------
ProBusiness - Benesphere
- ------------------------------------------------------
MAJOR APPLICATIONS - OPERATIONS
- ------------------------------------------------------
RTD Dispatching
Data Power
- ------------------------------------------------------
C-4
ATTACHMENT D
SUPPORTED HARDWARE
D.1 - INFRASTRUCTURE
This list includes all infrastructure standards currently used by Conexant
irrespective of its use by Skyworks.
SERVICE STANDARD
- ------- --------
DATA NETWORKS
LAN-DHCP CISCO NETWORK REGISTRAR
LAN-DNS CISCO NETWORK REGISTRAR & OSI BIND
LAN-AUDIT CISCO NETSONAR
LAN-LAYER3 SWITCHING CISCO CAT 6500 MSFC
LAN-GB BACKBONE CISCO CAT 6500
WAN-FRAME RELAY SPRINT
WAN-PRIVATE LINE (DS3,T1, F/T1) SPRINT
WAN-ISDN BACK UP SPRINT/PAC BELL
WAN-SWITCHING CISCO 8420 IGX
WAN-DSL/CABLE LOCAL PROVIDERS
WAN-OUT-OF-BAND MGMT ANALOG LINES (PACBELL/LOCAL PROVIDERS)
WAN-NTP SERVICES CONEXAT STRATUM 2 NTP SERVER, CISCO
ROUTER RELAY
WAN-VOIP CISCO
RAS-SERVERS CISCO AS5300 CISCO 3640
RAS-AAA SERVICES CISCO SECURE SERVER (AUTHENTICATION,
AUTHORIZATION, AND ACCOUNTING
SERVICES)
RAS-STRONG AUTHENTICATION SECURED TOKENS
RAS-SERVICE PROVIDERS SPRINT TOLL FREE NUMBER &
INTERNATIONAL EQUANT
INTERNET-ISP MULTI-HOMING SPRINT (DS3-45MB)
COX(10MB) AT&T(4MB)
INTERNET-ROUTING BGP
INTERNET-ASN ASN 2646 OWN INTERNET IP
INTERNET-CACHING CISCO CACHE ENGINES
INTERNET-SECURITY PIX FIREWALLS
INTERNET-VPN NETSCREEN & NORTEL CONTIVITY
INTERNET-DNS OSI BIND/UNIX
INTERNET-IDS CISCO NETRANGERS
INTERNET-URL MANAGEMENT WEBSENSE/SUPERSCOUT
INTERNET-WEB TRAFFIC LOAD LOCAL DIRECTOR
BALANCING
SOHO-ISP COX COMMUNICATION & COVAD DSL &
LOCAL DSL PROVIDERS
SOHO-MANAGEMENT OUTSOURCE TO AXCELERANT
NETMGMT-TRENDING CONCORD
D-1
SERVICE STANDARD
- ------- --------
NETMGMT-MONITORING HP OPENVIEW, CUSTOM SCRIPTS
NETMGMT-LOGGING UNIX LOG SERVER
NETMGMT-CONFIGURATION UNIX TFTP SERVER
NETMGMT-ALERTING ATTENTION
NETMGMT-TROUBLE TRACKING REMEDY
NETMGMT-TRACING DISTRIBUTED SNIFFER (LAN, WAN, ATM, GB,
RMON)
VOICE NETWORK
LOCAL DIAL-TONE XO COMMS, SBC, QWEST, VARIOUS LOCAL
EXCHANGES
LONG DISTANCE DEDICATED OR
SWITCHED ACCESS
SPRINT
TOLL-FREE SERVICE SPRINT
SEVEN-DIGIT DIAL PLAN -VOICE SPRINT
PRIVATE NETWORK
AUTHORIZATION CODES SPRINT
PHONECARDS SPRINT
VOICE NETWORK MGMT. - TROUBLE REMEDY
TRACKING
AUDIO -CONFERENCING BRIDGED CONFERENCE AMERICA
CALLS
ON-DEMAND CONFERENCING CONFERENCE AMERICA
LAN - VOIP AVAYA 4624 PHONES
WAN - VOIP AVAYA DEFINITY IP600'S
FAX MESSAGING RIGHTFAX, AVAYA INTUITY AUDIX
GLOBAL "VOICE" MESSAGING AVAYA INTERCHANGE HUB
GLOBAL DISTRIBUTION LIST AVAYA INTERCHANGE HUB
(VOICEMAIL )
VOICEMAIL VIA WEBMESSAGING AVAYA WEBMESSAGING PROTOCOL
MOVES, ADDS, AND CHANGES AVAYA DEFINITY NETWORK
ADMINISTRATION, IMPACT -MAC-EZ
SYSTEM MAINTENANCE AVAYA, INTEGRATED TECHNOLOGIES
CALL ACCOUNTING TELEMATE
TELCO FACILITIES DS1'S, PRI'S, 1MB'S, TIE LINES BRI'S, CO/DID
TRUNKS,
SOHO 1MB LINES, ISDN BRI LINES TRACKING LOTUS NOTES DATABASE
TELECOM LINES AND CIRCUIT
CELL PHONES VERIZON WIRELESS
PAGERS SKYTEL
TELECOM BILLING PROFITLINE
D-2
SERVICE STANDARD
- ------- --------
VIDEO NETWORK
ON - DEMAND STEAMING VIDEO REAL NETWORKS WEB - CONFERENCING AND
ON-LINE COLLABORATION
WEB-EX
VIDEO - CONFERENCING BRIDGED GLOBAL CROSSING
CALLS
ISDN CONNECTIVITY LOCAL EXCHANGE, SPRINT
CONTENT DEVELOPMENT AVID, REAL NETWORKS
MEDIA PLAYER MGMT. REAL NETWORKS / PLAYER
GLOBAL VIDEO - SYSTEMS MGMT POLYCOM GMS SOLUTION
WAN - VIDEO IP POLYCOM VIEWTSATION
GLOBAL ADDRESS BOOK POLYCOM GMS
COMPANY VIDEO BROADCAST WEBEX, REAL NETWORKS
E-MAIL SERVICES
E-MAIL IBM/LOTUS
GROUPWARE APPLICATION SUPPORT IBM/LOTUS
WEB APPLICATION HOSTING IBM/LOTUS
INSTANT MESSAGING IBM/LOTUS
TEAMROOMS, DISCUSSIONS & GROUP IBM/LOTUS
MAILBOXES
D-3
ATTACHMENT D
SUPPORTED HARDWARE
D.2 - DATA CENTER
This list is supported hardware that is located in the Newport Beach data
center and may not be used exclusively for/by Skyworks and will be owned by
Conexant.
SERVER MANUFACTURER HARDWARE MODEL OPERATING SYSTEM APPLICATION
- ------ ------------ -------------- ---------------- -----------
corona HP HP9000 735 / 125 HPUX DMS
laguna HP HP9000 K410 HPUX DMS
malibu HP HP9000 H60 HPUX DMS
mozart SUN E4500 Solaris
newport HP HP9000 K410 HPUX DMS
sunset SUN Ultra 60 Solaris
venice SUN Sparc 10 Solaris
EUROPA Compaq GS 140 VMS PROMIS
NBNSOPS1 Compaq Proliant 5000 Windows NT
NBOPS2 Compaq Proliant DL380 Windows NT
TRITON Compaq GS 140 VMS PROMIS
COZI Compaq 2100 VMS PROMIS
EXCEL Compaq GS 140 VMS PROMIS
chewbaca SUN E3000 Solaris RTD
hershel SUN E3500 Solaris RTD
pollux Compaq 8200 Tru64
pine SUN E450 Solaris RTD
NBCBSAPPS1 Compaq Proliant 1850R Windows NT Viador
NBCBSAPPS2 Compaq Proliant 1850R Windows NT Viador
NBCBSAPPS3 Compaq Proliant 1850R Windows NT Viador
ravel SUN E250 Solaris
stellar HP HP9000 E45 HPUX
azuma Compaq DS10L Tru64
NBNSDEPT1 Compaq Proliant 5000 Windows NT
NBNSDEPT2 Compaq Proliant DL380 Windows NT
NBNSDEPT3 Compaq Proliant 5000 Windows NT
NBNSDEPT4 Compaq Proliant 5000 Windows NT
NBMCAFEE Compaq Proliant 1850R Windows 2000
NBMCAFEE2 Compaq Proliant 1850R Windows 2000
NBNSDNS01 Compaq Proliant 1600R Windows NT
NBNSDNS02 Compaq Proliant 1600R Windows NT
NBNSHOME1 Compaq Proliant 2500 Windows NT
NBNSHOME2 Compaq Proliant 2500 Windows NT
NBNSPDC Compaq Proliant 1600R Windows NT
NBNSPRNT1 Compaq Proliant DL380 Windows 2000
NBNSWSDC2 Compaq Professional WS Windows NT
6000
NBVERITAS1 Compaq Proliant ML530 Windows NT
REMEDY1 Compaq Proliant 1850R Windows NT
NBNSSQL1 Compaq Proliant 1850R Windows NT
NBSQL2 Compaq Proliant DL380 Windows NT
D-4
SERVER MANUFACTURER HARDWARE MODEL OPERATING SYSTEM APPLICATION
- ------ ------------ -------------- ---------------- -----------
NBSQL3 Compaq Proliant 6400R Windows 2000
NBSQL4 Compaq Proliant 6400R Windows 2000
NBNSDATA2 Compaq Proliant 4500 Windows NT
NBTERMSRV3 Compaq Storage System Windows NT
(former Appsrv1)
NBCISCO1 Compaq Proliant 4500 Windows 2000
NBGNSDHCP2 Compaq Proliant 2500 Windows 2000
SENSOR03 Compaq Proliant 5000 Windows NT
gateway HP9000 G50 HPUX
regis18 Compaq DS20 Tru64 SAP
regis30 Compaq 8200 Tru64 SAP
regis4 Compaq DS20 Tru64 SAP
regis5 Compaq 8200 Tru64 SAP
regis6 Compaq ES40 Tru64 SAP
regis81 Compaq DS20E Tru64 SAP
regis82 Compaq DS20E Tru64 SAP
regis83 Compaq DS20E Tru64 SAP
regis88 Compaq 8200 Tru64 SAP
NBKRONOS1 Compaq Proliant DL380 Windows NT Kronos
NBKRONOS2 Compaq Proliant DL380 Windows NT Kronos
NBKRONOS3 Windows NT Kronos
juniper SUN E3500 Solaris Kronos
BREEZE Compaq Proliant 5000
DRAGONFLY Compaq WS AP200 Windows NT Lotus Notes
NBLIBRARY2 Compaq Proliant 1850R Windows NT Lotus Notes
NBLNADM1 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNAPPS1 Compaq Proliant 1850R Windows NT Lotus Notes
NBLNAPPS2 Compaq Proliant 6500 Windows NT Lotus Notes
NBLNAPPS3 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNAPPS4 Compaq Proliant 2500 Windows NT Lotus Notes
NBLNAPPS5 Compaq Proliant 3000 Windows NT Lotus Notes
NBLNBKUP1 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNDEVL1 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNEXT1 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNFAX1 Compaq Proliant 3000 Windows NT Lotus Notes
NBLNHUB1 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNHUB2 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNHUB3 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNISO1 Compaq Proliant 1850R Windows NT Lotus Notes
NBLNISO1B Compaq Proliant DL380 Windows NT Lotus Notes
NBLNMAIL1A Compaq Proliant 6400R Windows NT Lotus Notes
NBLNMAIL1B Compaq Proliant 6500 Windows NT Lotus Notes
NBLNMAIL1C Compaq Proliant DL580 Windows NT Lotus Notes
NBLNMAIL2 Compaq Proliant 5000 Windows 2000 Lotus Notes
NBLNMAIL3 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNMAIL4 Compaq Proliant 6400R Windows NT Lotus Notes
NBLNMAIL5 Compaq Proliant 5000 Windows NT Lotus Notes
NBLNMAIL6 Compaq Proliant 1850R Windows NT Lotus Notes
NBLNMON1 Compaq Proliant 2500 Windows NT Lotus Notes
D-5
SERVER MANUFACTURER HARDWARE MODEL OPERATING SYSTEM APPLICATION
- ------ ------------ -------------- ---------------- -----------
NBLNSMTP1 Compaq Proliant DL380 Windows NT Lotus Notes
NBLNSMTP2 Compaq Proliant DL380 Windows NT Lotus Notes
NBLNTRNG Compaq PC Clone Windows NT Lotus Notes
NPBDOM1 Compaq Proliant 5000 Windows NT Lotus Notes
NPBSMTP1 Compaq Proliant 5000 Windows NT Lotus Notes
SAMETIME Compaq Proliant DL380 Windows 2000 Lotus Notes
SAMETIME2 Compaq Proliant 5000 Windows NT Lotus Notes
NBNSD815 Compaq Proliant 5500 Windows NT
ATHENA Compaq Proliant 6400R
NBNSTRAIN1 Compaq Proliant 6500 Windows NT
NBCOMP Compaq Proliant DL380 Windows NT
NBNSRESUMIX Compaq Proliant 3000 Windows NT
NBTAX1 Compaq Proliant 1600R Windows NT
CNXTDDS Compaq Deskpro PC Windows NT
HORBIA Compaq Deskpro PC Windows NT
NBEXODUS Compaq Proliant 1850R Windows NT
NBMETROLOGY Compaq Proliant DL380 Windows NT
D-6
ATTACHMENT E
BUSINESS PROCEDURES/PROCESSES
1. ADDITIONAL SERVICES GENERALLY.
a. Additional Services may be requested by either Party to cover
changes to the Base Services, requested Projects, or other
Additional Services as well as changes to the current planning
parameters and assumptions, or the operating business
environment. The Parties agree to use commercially reasonable
efforts to agree upon and provide the requested Additional
Services.
b. If the Parties agree that Conexant will provide Additional
Services, then they will document their agreement in an
Additional Services order ("Additional Services Order") signed
by both Parties. Each Additional Services Order will include
(a) the effective date and term, (b) obligations of Conexant
and a description of the Additional Services, (c) obligations
of Skyworks, including facilities and additional hardware and
software to be provided, (d) fees and/or rates for the
Additional Service, and (e) any other agreed upon terms. When
the Account Managers of each Party have executed an Additional
Services Order, it will become effective and will become
subject to the terms and conditions of this Agreement. In the
event of any conflict, ambiguity, or inconsistency between the
terms of the Additional Services Order and the terms of this
Agreement, the terms of the Additional Services Order will
control, but only with respect to such Additional Services
Order.
2. PROJECT SERVICES. If the Account Managers mutually agree that an
Additional Service will be performed as a discrete Project, the
following terms apply:
a. The Project objectives and scope must be documented and
accepted by Skyworks and Conexant in an Additional Services
Order before commencement of the Project. The Additional
Services Order shall also include a detailed list of
deliverables for the Project, a detailed Project schedule and
a Project budget.
b. The Project will have a Project Manager or Co-Project Manager
from Conexant and a customer contact from Skyworks. These
positions must be established, and accepted, prior to the
commencement of the Project.
c. Conexant will follow its current project methodology (trinITy)
for conducting its Projects. This methodology will be clearly
stated and documented, and will be accepted by Skyworks and
Conexant, prior to the commencement of the Project.
d. In order to enable Conexant to successfully complete the
Project, Skyworks may be required to complete certain tasks
and/or provide Conexant with cooperation and assistance, as
may be reasonable under the scope of the Project. Skyworks
acknowledges that its failure to perform its obligations under
the scope of the Project could result in delays on the part of
Conexant in completing the Project on schedule and under
budget. Accordingly, Conexant shall be excused from performing
its obligations to the extent Conexant's performance is
prevented or hindered by Skyworks' nonperformance, and
Skyworks agrees that Conexant shall be entitled to
E-1
extension of time to complete the affected services and, if
applicable, an adjustment of the applicable fee.
e. Conexant and Skyworks will hold periodic management reviews to
track the progress of the Project. The duration and frequency
of these reviews will be established prior to the commencement
of each Project.
f. Conexant will invoice Skyworks according to the payment terms
established in Section 7 of the Agreement
g. The Parties shall set forth and allocate responsibility for
all other expenses that are reasonably likely to be incurred
in connection with any Additional Services, including Taxes,
in the Additional Service Order.
3. ADJUSTMENTS TO BASE SERVICES. If any Additional Services affect the
scope of the Base Services, the Account Managers shall mutually agree
to revise the Base Services as they deem appropriate to reflect such
change. If the Base Services are revised, the Account Managers may also
mutually agree to corresponding adjustments of the Service Levels and
charges to reflect such revisions, subject to the approval of each
Party's Chief Information Officer.
E-2
ATTACHMENT F
REIMBURSABLE EXPENSES
The following expenses, including any related Taxes, duties or customs,
if incurred by Conexant for Supported Washington Personnel in connection with
providing the IT Services, will be reimbursed by Skyworks. Conexant will not
incur any new costs with respect to the following items except upon Skyworks'
approval, except that the Parties agree that if any service charges detailed in
(#3 - #7) below are incurred from devices or Skyworks personnel previously
approved by WCD management will not require additional approvals. Any access
service charges and other expenses incurred prior to the Merger and which have
been incurred in the ordinary course of business with respect to the IT Services
shall be deemed to have been approved.
1. Cost of desktop, laptop computers (PCs), printers and
peripherals.
2. Cost of Software.
3. Cost of cell phones and monthly service cost from third
parties.
4. Cost of pagers and monthly service cost from third parties.
5. Access charges for remote access/SOHO and monthly service cost
from third parties.
6. Access and airtime for audio and video conferences.
7. Cost of long distance phone services.
8. Travel and travel related expenses when travel is incurred at
Skywork's request, as long as the travel is within Conexant's
then current travel policies.
9. Shipping and handling related expenses in the event such
expenses exceed $100 with respect to any shipment.
10. Minor purchases of tools, equipment or services by Conexant as
long as such tools, equipment or services are reasonably
required to perform the IT Services.
F-1
ATTACHMENT G
CONEXANT POLICIES
CONEXANT INFORMATION TECHNOLOGY SECURITY POLICY
RESPONSIBILITY
Conexant Information Technology organization (IT) has the ultimate
responsibility for the development and implementation of the Conexant
Information Technology Architecture. IT is responsible for providing leadership
and coordination for IT Architecture development and related initiatives.
ACCOUNTABILITY
IT is responsible for ensuring that adequate controls are established and
observed for all information resources of their respective businesses. Conexant
shall appoint an Information Security Officer who shall act under the direction
of the functional IT executive and the corporate Chief Information Security
Officer to coordinate and oversee security issues at the business. Each business
shall review its system and information security on at least an annual basis to
determine the adequacy of the location's internal controls and compliance with
this policy.
Additional baseline controls may be established as needed at individual
businesses through local attachments to the Conexant Information Security
Baseline. Local attachments to this baseline may not detract from original
baseline content, but may expand upon specific areas of concern. All
information: security baselines, including local business attachments, must be
approved by the Computer Security Committee. An effective segregation of
responsibility shall be implemented to ensure that no individual has conflicting
duties that would jeopardize their ability to protect computing resources.
CONEXANT SHALL TAKE ADEQUATE MEASURES TO ENSURE AWARENESS AND COMPLIANCE TO THIS
POLICY AND ITS SUPPORTING BASELINES BY EMPLOYEES AT EVERY LEVEL OF THE
ORGANIZATION. VIOLATIONS OF THIS POLICY CAN RESULT IN DISCIPLINARY ACTION BY THE
COMPANY UP TO AND INCLUDING EMPLOYEE TERMINATION.
G-1
DEFINITIONS
PURPOSE
The purpose of this section is to define specific terms and concepts as they
relate to this Conexant Corporate Computer Security Policy.
LOCATIONS AFFECTED
All locations of the Corporation, including subsidiaries.
ACQUISITION OF PROTECTED COMPUTER SOFTWARE - The obtaining of a copy and a
limited right to use protected computer software from a supplier or another
party under a purchase, lease, license, gift, bailment, or proprietary
agreement. The right to use may be for internal use by the Corporation,
incorporation in products sold to a customer, or delivery to a customer.
AUTHENTICATION TOKEN DEVICE - Portable device that employs one-time password
technology to authenticate a user. Authentication tokens operate by time-based
code sequences (synchronous), challenge-response (asynchronous) or other
techniques. Authentication token devices are assigned to authorized users and
are used as one of two factors in strong authentication. When used in
conjunction with a Personal Identification Number or password, authentication
token devices provide strong authentication.
AUTHORIZING AGREEMENT - A written agreement which contains conditions governing
the copying, disclosure, and use of protected computer software. The authorizing
agreement may either be expressly negotiated with an owner or authorized
licensor of protected computer software or a form agreement that accompanies
packaged software.
BUSINESS CRITICAL COMPUTING RESOURCES - Those Conexant computing resources that
are vital to the ongoing operation of Conexant business, and maintaining its
competitive position within the industry. Those computing resources required to
run business critical systems.
BUSINESS CRITICAL SYSTEMS - Those systems that are vital to the ongoing
operation of Conexant business, and maintaining its competitive position within
the industry.
CHANGE CONTROL - A process whereby all organizations directly affected by a
proposed change to systems or software, collectively collaborate and assess the
readiness of the change and the timing of its implementation.
COMPANY PROPRIETARY INFORMATION - Information applicable to the business,
personnel, financial and legal affairs, including intellectual property of the
Corporation which is generated by, or on behalf of, the Corporation and which
is, by reason of its sensitivity, to have limited dissemination. As well as
information applicable to research, development, and production technology which
is generated by, or on behalf of, the Corporation and which is useful to the
Corporation and would adversely affect the Corporation's interest if not
properly protected. It may or may not be in documentary form and includes
computer software programs, program descriptions and supporting materials and
databases.
COMPUTER PROGRAM - A set of instructions capable, when incorporated in a
machine-readable form, of causing a machine having information-processing
capabilities to indicate, perform or achieve a particular function, task or
result.
COMPUTER SECURITY COMMITTEE
CONEXANT COMPUTING RESOURCES - Computer hardware, software, networks, and other
assets related to any of the following: computer-based information technology,
computer installations, and related communications systems.
CONFIGURATION CONTROL - The process which documents how related hardware,
system, or software components are changed.
G-2
DATA SECURITY The protection of data against loss, modification, or unauthorized
disclosure during its input, storage, transmission, or processing by an
information technology- based system,
DERIVATIVE SOFTWARE - A change, modification, or enhancement to protected
computer software.
DYNAMIC PASSWORD - A one-time password mechanism where the password is
automatically changed by the system. It is generally used in conjunction with
authentication token devices that generate random passwords than can be matched
by the host verification system.
EXECUTIVE COUNCIL (EC): Team consisting of the CEO and the company's senior vice
presidents (and or other members) as approved by the Board of Directors.
EXTERNAL ROUTER - A router that filters network traffic to the perimeter
networks from the Internet or other untrusted network. Also referred to as a
screening router.
EXTRANET - Dedicated network connections between Conexant and non Conexant
locations or Conexant partners. The Conexant network may, with due diligence, be
extended into non- Conexant facilities, but may not be connected to that
facilities network unless firewalls are utilized.
FIREWALL - An integrated configuration of filtering, encrypting and logging
devices, and/or secure application gateways, and proxies that are positioned
between networks.
GATEWAY - A dedicated server that interconnects two different services or
applications (e.g., a gateway for internal and external e-mail service
connections).
GUEST USER ACCOUNT - A LogonID and password which is not issued to a person, but
rather established for casual or convenient access to a systems. Establishing
such accounts shall be prohibited.
INFORMATION SECURITY ADMINISTRATION OF SENSITIVE TASKS - The administration of
those tasks which oversee access of external, un-trusted systems or networks to
internal, trusted Conexant systems or networks. This would include but not be
limited to the principal information security officer of a business, firewall
administrators, hosts systems security administrators, router administrators,
authentication server administrators, and so forth.
INFORMATION TECHNOLOGY ARCHITECTURE - A "blueprint" for the deployment of IT
Resources that establishes standards and guidelines and defines the minimum
criteria and infrastructure required for interoperability between locations on
the Conexant network.
INFORMATION TECHNOLOGY RESOURCE - Refers to any resource that contributes to the
provision of digital electronic and telecommunication services to Company
locations. This includes all Company-owned or leased computer hardware,
including workstations and personal computers, software, networks, and other
assets related to any of the following: computer-based information technology,
computer installations, and related communications systems. For the purpose of
this policy, Information Technology Resource also refers to the staff and
intellectual property associated with the support and operation of these
systems.
LOGON-ID: Unique user identification for log on.
NON-CONEXANT USERS - People (i.e., contractors, business partners, and
suppliers) who are not employees of Conexant, yet are authorized to use Conexant
computing resources.
ONE-TIME PASSWORD - A password that can be used only one time with an associated
LogonID. One-time passwords are changed immediately after they have been used to
gain access to the system.
PERIMETER NETWORKS -Subnets that are established on Conexant networks that use
internal screening routers and firewalls are configured to permit traffic
between networks.
PHYSICAL SECURITY - The protection of hardware, facilities, and utilities used
in data processing operations against damage, destruction, or misuse. It also
encompasses the protection of information in hard copy form against loss or
unauthorized disclosure during its production, distribution, and use.
PRODUCTIONS DATA FILES - All data files used by Production Programs.
G-3
PRODUCTION PROGRAMS - All software programs, including operating systems,
utilities and application programs which are either (I) executed on a routine
basis, or (ii) provide information to comply with contract requirements, manage
corporate assets, or support business or operational decision making.
PROGRAM DESCRIPTION - A complete procedural representation in verbal, schematic,
or other form, in sufficient detail to define a set of instructions making up a
computer program.
PROTECTED COMPUTER SOFTWARE - The materials, whether in human or
machine-readable forms, referred to in the definitions of Computer Program,
Program Description, and Supporting Material, which are identified to be the
proprietary or copyrighted information of a party other than the Corporation.
SECURED FAX MACHINES - Those fax machines, which encrypt the faxes that are sent
through them.
SENSITIVE INFORMATION - Information existing in any electronic form (i.e.,
stored file, email message, data transmission, fax, etc.) that Conexant would
not want to be made generally available to the public due to propriety,
confidentially or competitive reasons.
SOHO - Small Office/Home Office (high-speed connection, i.e. DSL; cable modem).
STATIC PASSWORD - A password that can be used repeatedly with an associated
LogonID. Static passwords generally expire after pre-established timeframes
(e.g., 30, 60, 90 days).
STRONG AUTHENTICATION - Generally referred to as a two-factor verification
process used to positively authenticate the identity of a user attempting to
gain access to a system. The first factor is something you possess (i.e.,
authentication token, finger print, retinal vascular pattern, encryption keys)
and the second factor is something only you would know (i.e., Personal
Identification Number (PIN) or password). These two factors used together
constitute strong authentication.
TRUSTED NETWORK - is a network that is owned or controlled by Conexant that is
protected from non-authorized entry or use by non-Conexant personnel. Sometimes
referred to as an internal network'.
UNAUTHORIZED ACCESS - Use of a company computing resource by people who have not
been given legal access by Conexant management or administrators in accordance
with established security procedures, baselines, and policies.
UNSECURED FAX MACHINES - Those fax machines, which do not encrypt the faxes that
are sent through them.
UN-TRUSTED NETWORK - is any network that is not administered or overseen by
Conexant personnel. This would include the Internet, Conexant's supplier
networks, customers' networks, and Conexant's partners' networks. Even a
Conexant private network is deemed "un-trusted" if unauthorized access is
allowed through dialup, IPX, DECNET, AppleTalk, etc. on any nonisolated segment
of the divisional network. Obviously, not all un-trusted networks are equally
dangerous. The Internet is the least trusted of all networks, and requires the
most stringent security precautions.
VIRTUAL PRIVATE NETWORK (VPN) - required when a Conexant office or employee is
utilizing the Internet to communicate with the Conexant Intranet. A VPN will
encrypt the data as it traverses the Internet to provide security.
Authentication is required when using client VPN's for SOHO and Remote Access.
IP Security Protocol (IPSEC) is the preferred solution for deploying client
VPN's and the required solution when deploying LAN to LAN VPN's.
G-4
ACQUISITION, DISSEMINATION, AND USE OF COMPUTER SOFTWARE OWNED BY ANOTHER
PURPOSE
The Corporation respects the copyright and proprietary information rights of
others in protected computer software. To protect the Corporation from claims of
infringement based upon those rights, the acquisition by the Corporation of
rights in protected computer software and the copying, disclosure, or use of
protected computer software by the Corporation will be in accordance with this
Policy.
GENERAL
1. The EC shall be responsible for authorizing the acquisition of protected
computer software and shall be responsible for ensuring that it is
acquired, safeguarded, and used in accordance with the applicable
software agreement.
2. Protected computer software acquired pursuant to, or accompanied by, an
authorizing agreement may only be copied, disclosed, or used as
permitted by the authorizing agreement.
3. Protected computer software marked only with a copyright notice and not
acquired pursuant to, or accompanied by, an authorizing agreement may
only be copied for backup purposes, but the acquired copy may be used
for any Corporation business purpose which does not involve making other
than the backup copy.
4. Protected computer software marked with both proprietary and copyright
markings or only proprietary markings may only be copied, disclosed, or
used as permitted by the authorizing agreement and must have the written
approval of the material owner before being allowed on Company computing
resources.
5. Copying of protected computer software in, or its use as an integral
part of, the products sold by the Corporation, or delivery of copies to
a customer or another party must be expressly licensed by the
authorizing agreement. Procedures required in this regard by the
authorizing agreement must be followed.
6. A legend identifying protected computer software as proprietary to, or
copyrighted by, another shall not be changed, removed or obliterated
except with the prior written advice of the cognizant Patent Counsel.
7. An authorized copy, or portion thereof, of protected computer software
shall be reproduced with the proprietary or copyright notice displayed
in the same manner as the original or as otherwise required by the
authorizing agreement.
8. Removal in any manner from Corporation premises of protected computer
software may only be with the approval of the EC.
9. The generation of derivative software is not permitted unless authorized
pursuant to the authorizing agreement. Where so authorized and unless
otherwise provided by the authorizing agreement, that portion of the
derivative software, which is unmodified, shall continue to be treated
as protected computer software. The derivative software shall be treated
as Corporation sensitive information under section Safeguarding Company
Sensitive Information, or as otherwise required by the authorizing
agreement.
G-5
10. The supervisor of a terminating or transferring employee having access
to protected computer software shall require the employee to promptly
turn over to the supervisor any protected computer software and copies
thereof that he or she has in his or her possession or control and
certify in writing that it has been done.
11. Computer software which is generated within, or on behalf of, the
Corporation, or to which all rights have been acquired by the
Corporation, may be subject to the requirements of section Safeguarding
Company Sensitive Information.
G-6
- - GENERAL
Protection adequate to ensure confidentiality, integrity and
availability of information contained in information technology-based systems
will be provided through management focus and action. Access will be restricted
to those individuals having appropriate authorization.
The following fundamental controls will be established:
- There will be no unrestricted access to production programs and
production data files.
- There will be access controls to ensure against unauthorized use of
production programs.
- There will be physical procedural controls to ensure against
unauthorized access to computing facilities.
Physical and data security is the responsibility of the senior line executive of
each operating location, who will designate one or more individuals as
Information Systems Security Officers (ISSOs) to assume the responsibility for
implementing and monitoring compliance with Corporate and location information
security procedures and guidelines.
The Vice President & General Manager - Conexant Information Systems will:
- Provide Corporate - wide management direction and integration of
information of information security as the focal point for planning,
organizing, coordinating, directing and controlling this function for
the benefit of all using organizations.
- Review the development of major information technology-based systems
undertaken by the Corporation to assure adherence to appropriate
systems security considerations.
- Operate a company wide program for maintaining information security.
- Coordinate with company user organizations in the development of
detailed procedures and guidelines for the achievement and maintenance
of information security.
G-7
TO BE REVIEWED BY HR/LEGAL DEPTS
SAFEGUARDING COMPANY SENSITIVE INFORMATION
PURPOSE
Company Sensitive Information is a valuable asset of the Corporation and will be
protected and used only to promote Corporation interests. The courts have
generally provided protection for Company Sensitive Information, such as
formulas, patterns, devices, or compilations of scientific, technical or
commercial information (including computer programs and databases), provided the
owner has taken reasonable precautions to maintain it as confidential and such
information gives the owner a competitive advantage over others who do not know
it.
GENERAL
The identification, availability and dissemination of Company Sensitive
Information shall be governed by the following principles:
a. Proprietary Information shall be prominently marked with the legend
"Conexant Proprietary Information." Company Official Information shall
be prominently marked with the legend "Company Official (Not to be
disclosed to unauthorized persons)." Exceptions to these requirements
are specified in paragraph c., below.
b. The employee who originates Company Sensitive Information and the
employee's supervisor are responsible for ensuring that such
information is properly marked upon its origination and is safeguarded
in accordance with this Policy.
c. Company Sensitive Information otherwise requiring markings in
accordance with this Policy need not be so marked when the EC (or a
direct report to whom such authority has been expressly delegated)
determines that it is not practicable or necessary to mark it, that it
is for internal use only, and that all the following precautions are in
effect and are reasonable to protect unmarked Company Sensitive
Information:
1. Access thereto is restricted to a limited number of employees
having a "need to know" in order to carry out their duties;
2. Those employees allowed access thereto are made aware of its
sensitive nature; and
3. Procedures have been established to prevent the release
thereof outside the Corporation unless it is appropriately
marked before release.
d. The release, either written or oral, of Company Sensitive Information
to persons, firms or organizations outside the Corporation is
authorized only:
1. If it is appropriately marked and a confidentiality agreement
has been entered into between the recipient and the
Corporation;
2. If required by a final order, no longer subject of stay or
appeal, of a court of law of competent jurisdiction.
3. If furnished to the United States Government as material
exempt from disclosure under the Freedom of Information Act.
4. Upon approval of the EC (or a direct report to whom such
authority has been expressly delegated).
G-8
e. Company Sensitive Information shall always be kept from "open view" by
unauthorized persons and shall be handled, transmitted and stored in a
manner consistent with its importance.
f. Employees having access to Company Sensitive Information who are
terminating or transferring shall be interviewed as to their
responsibilities with respect to Company Sensitive Information.
Interview guidelines or procedures shall be established in business
units, with the advice and assistance of the Office of the General
Counsel. The terminating or transferring employee shall be alerted to
the legal consequences of (i) using or disclosing Company Sensitive
Information for any purpose not expressly authorized by the Company,
with the advice and assistance of the Office of the General Counsel,
and (ii) retaining or using any correspondence, notes, depictions,
models, data, experimental results or any other manifestation of
Company Sensitive Information.
g. The supervisor of a terminating or transferring employee having access
to Company Sensitive Information shall require the employee to deliver
promptly to the supervisor all materials, including documents and
software which may contain Company Sensitive Information, and to
acknowledge in writing that all such materials so required to be
delivered have been delivered.
UNAUTHORIZED RELEASE
Any employee having knowledge of any unauthorized disclosure or removal of
Company Sensitive Information will promptly inform his or her immediate
supervisor and the Office of the General Counsel.
G-9
USE AND MONITORING OF COMPUTING RESOURCES
PURPOSE
This policy provides guidance to employees on the proper use of the Company's
Computing Resources, including use of the Internet and electronic mail. It is
not intended to cover every imaginable situation that could arise concerning the
use of such resources. When in doubt as to the proper use of Computing
Resources, employees should ask their managers or, if appropriate, Human
Resources.
CONTENTS:
- - POLICY
A. PERSONAL USE
B. SECURITY
C. INTERNET
D. ELECTRONIC MAIL
E. MONITORING
F. OWNERSHIP OF DATA
G. RESPONSIBILITIES
POLICY
Computing Resources will continue to play an important part in the Company's
ongoing success. While this policy directs Company managers to use their
discretion in making responsible decisions concerning appropriate use of the
resources they manage, it is grounded in the fundamental trust that all
employees behave responsibly and use good judgment when using these resources.
Although the Company intends that these resources be used for business purposes,
occasional personal use may occur without adversely affecting the Company's
interests.
Employees are expected to exercise good judgment in using Computing Resources.
Managers are responsible for the Computing Resources assigned to their
respective organizations and are empowered to resolve issues concerning their
proper use under the guidance of local information technology personnel. Use of
Computing Resources for non-Company purposes is appropriate only when consistent
with this Policy. Any personal use of Computing Resources must not result in
significant added costs, disruption of business processes, or any other
disadvantage to the Company.
Employees can unknowingly compromise the security and integrity of Company
information and Computing Resources through the improper use of such resources.
Employees are accountable for their use of Computing Resources and must ensure
that they are familiar with and abide by relevant security restrictions and
information technology policies of the Company.
A. PERSONAL USE
Computing Resources are provided for the conduct of Company business. However,
personal use by employees, including use of the Internet and electronic mail,
may occur within the following guidelines:
- It is of reasonable duration and frequency;
- It does not interfere with Company business, an employee's or
co-worker's performance or assigned duties, or the performance of the
employee's organization;
- It does not cause the Company to incur additional costs;
- It is not related to any illegal activity or the conduct of an outside
business;
- It would not cause embarrassment to the Company.
G-10
Issues concerning appropriate personal use of Computing Resources within a
particular business or work group are to be resolved by the management of that
organization in conjunction with Human Resources
B. SECURITY
All employees are responsible for ensuring that:
- Computing Resources remain on Company property, unless use in another
location has been authorized by local management;
- Measures are taken to protect Company sensitive and/or proprietary
information resident on Computing Resources from unauthorized access,
use or removal.
- Personal use of Computing Resources, including the downloading of
software or other use of the Internet, does not compromise the security
or integrity of Company information or software.
C. INTERNET
1. Transmitting Data
The Internet is a public network; users cannot expect that data
transmitted over the Internet will be kept private. Company sensitive
and/or proprietary information must not be transmitted over the
Internet unless it is first encrypted. Employees should keep in mind
that all messages transmitted over the Internet from Computing
Resources bear a Company address and may be attributed to the Company.
2. Downloading Software
Use of software obtained from the Internet or other on-line sources may
expose the Company to significant legal liability, unless the user
takes measures to ensure that the vendor has good title, and pertinent
licensing provisions permit the user's intended use. Downloading of
such software may also compromise the security and integrity of
Computing Resources. For these reasons, employees may download or use
software derived from the Internet or other on-line sources only in
accordance with guidelines established by management and approved by
Information Technology. If there is any question as to the propriety of
such downloading or use, employees should seek prior approval of
management. In no event, may such software be incorporated, either
directly or in derivative form, in a product of or provision of service
by the Company, unless the Company has first entered into a written
license agreement with the software vendor pursuant to Corporate
Policy.
D. ELECTRONIC MAIL
E-mail messages are stored on the sender's and recipient's local hard drives
and/or mail servers and may be recorded on back-up tapes by the Company. In
order to reduce the unnecessary proliferation of e-mail, employees should limit
their dissemination of e-mail to those persons who have a need to know and
should delete e-mail messages as soon as practicable after receipt.
Local information systems personnel shall ensure that back-up tapes made by the
Company of e-mail system repositories on Company networks are retained for no
more than seven days.
E. MONITORING
The Company reserves the right to monitor any use of Computing Resources,
whether business or personal, and to inspect, copy or delete any message or file
transmitted, received or stored
G-11
on Computing Resources, at any time with or without notice to users. Computer
Security shall coordinate and approve all such monitoring requests.
F. OWNERSHIP OF DATA
All data, which is generated by means of Computing Resources for business
purposes, is the property of the Company and may be used by the Company without
limitation. Data may not be copyrighted, patented, leased or sold by individuals
or otherwise used for personal gain.
G-12
INFORMATION AND COMMUNICATIONS SECURITY
PURPOSE
The purpose of this policy is to ensure that the Corporation's computing
resources and associated information are adequately protected by establishing
mandatory internal controls.
CONTENTS
A. SCOPE
B. PHYSICAL SECURITY
C. INFORMATION SECURITY
D. NETWORK SECURITY
E. DISASTER RECOVERY AND BUSINESS RESUMPTION AND PROBLEM ESCALATION
POLICY
It is the policy of the Corporation that adequate protection be provided to
ensure confidentiality, integrity, and availability of the company's computing
resources and related information.
A. SCOPE
Controls specified in this policy are applicable to all computing resources
owned or operated in behalf of all locations and subsidiaries of Conexant to
process, store, and/or transmit information, wherein:
- There is a risk that Company assets could be misappropriated;
- There is a risk that privacy legislation could be violated;
- The loss of such a system or related data could impair the ongoing
operations of the company.
All persons employed by the company are required to adhere to the principles set
forth in this section. Company computing resources shall be implemented so as to
safeguard Company Sensitive and/or proprietary Information.
B. PHYSICAL SECURITY
In order to limit accidental or intentional damage to company computing
resources and information, physical access to computing resources shall be
controlled and environmental precautions provided. In the least, password
protected screen savers will be utilized in the period of no more than ten (10)
minutes. System components; such as file servers, gateways, bridges, system
consoles, concentrators, wiring cabinets, etc. shall be located in secured
areas. Uninterruptible power sources and surge suppressers shall be provided for
critical systems to provide for their protection and for the protection of the
information they contain. Use of diagnostic probe equipment (software and
hardware) such as protocol analyzers and sniffers is restricted to authorized
personnel only.
C. INFORMATION SECURITY
User identification and authentication access controls are required by each
person using company resources to ensure that only authorized persons can use
appropriate company computer resources. Access shall be controlled by unique
log-on ID's to identify users to the system, and user authentication mechanisms
(minimum of a password), which verify that users are who they say they are.
Management of authentication and password strength shall be adequate to protect
information resources of the systems being accessed. All system installations
and subsequent changes to multi-user or critical (non-personal) computing
systems or files may be performed only by authorized personnel. Changes to such
equipment, data, and software shall be processed through established change
control procedures.
G-13
Computing resources accessible from non-company locations shall provide for logs
and audit trails to detect and report unauthorized access attempts. Such logs
and reports shall be preserved for an appropriate time period (minimum of
fourteen (14) days) during which they shall be protected from unauthorized
access. Logs of systems that are particularly critical or sensitive (such as
firewall systems) shall be reviewed on a regular basis.
Portable computers used outside of company facilities shall be equipped with
access protection mechanism in the form of bios password to prevent access to
the system's data or software by unauthorized persons in the event that it is
lost or stolen.
Conexant shall take adequate measures to protect against the introduction and
use of harmful or malicious software on there computing resources.
All implementations of encryption within the company shall utilize encryption
key recovery schemes to ensure company access to data resident on the system in
the event that the holders of the encryption keys become unavailable.
D. NETWORK SECURITY
All company locations shall take adequate measures to prevent unauthorized
network and dial-in access to company computing resources. Internal, trusted
company network resources shall be segregated and protected from intrusion from
external, untrusted networks. Access of internal, trusted computing resources
from non-company, untrusted computing resources must be strongly authenticated.
No system information shall be provided before users authenticate (e.g., supply
a password). While logging into a company network, users shall receive a warning
notice that the system is available only to authorized users and that the
company reserves the right to monitor activities of all users who log on.
E.DISASTER RECOVERY, BUSINESS RESUMPTION AND PROBLEM ESCALATION
All company locations shall establish a disaster recovery and business
resumption plan for their computing resources and they shall test those plans on
a regular basis. The plans shall provide for the timely recovery of
business-critical data generated on company computing resources. The plan shall
provide for equipping the business with alternate or backup critical computing
resources in the event that existing equipment becomes unavailable or unusable.
Each business shall establish problem escalation plans to be executed in the
event of security incidents. Serious incidents which compromise company
sensitive information or the security of internal trusted networks should be
reported to the business unit Corporate Chief Security Information Director.
G-14
CONEXANT INFORMATION SECURITY BASELINE
TABLE OF CONTENTS
- PURPOSE
- SCOPE
- AUTHORIZATIONS, AGREEMENTS AND CONTRACTS
- AUDITS, REVIEWS AND RISK ASSESSMENTS
- SECURITY ADMINISTRATION
- PHYSICAL SECURITY
- NETWORK/COMMUNICATIONS SECURITY
- USER IDENTIFICATION AND AUTHORIZATION
- COMPUTER AND NETWORK SYSTEM SECURITY
- ENGINEERING LABS
- SECURITY AUDIT LOGS AND MONITORING
- PROTECTION FROM MALICIOUS SOFTWARE
- BUSINESS SYSTEMS DEVELOPMENT AND ACQUISITION
- OPERATIONS
- DISASTER RECOVERY AND BUSINESS CONTINUITY
For comments and information contact Milena Hlavaty (VPN 483-6209).
PURPOSE
The purpose of this security baseline is to establish specific guidance to
protect Conexant's networks, computers, workstations, file servers, and the
information stored on them from unauthorized access, malicious action or
inadvertent disclosures. This baseline establishes the fundamental mandatory
controls and procedural considerations that are necessary to achieve compliance
with Computer Security IT policy.
SCOPE
This Information Security Baseline addresses all configurations of one or more
networked microcomputers and/or workstations. It includes the utilization of
remote and local desktop, laptop, or notebook computers, host computers,
communication servers, remote network switches, file application servers,
routers, network communication lines, remote access devices, interconnected
local area networks (LANs) or wide area networks (WANs) which are used to
transmit, store or process information that is sensitive or critical to
Conexant. At the same time, this baseline is not intended to be an exhaustive
list of Information security imperatives and recommendations, but rather a
minimum requirement.
In those instances when exceptions to this baseline arise, they shall be
documented and approved in a deviation process to be reviewed annually by the
Corporate Chief Security
G-15
Information Director. Records of the exceptions/deviations from this baseline
shall be stored appropriately during the period of the deviation for one year.
The security measures documented in this baseline shall be applied in a manner
that is consistent with the level of sensitivity of the information to Conexant.
The degree to which internal controls are established will vary according to
management's assessment of Conexant's potential exposure to theft, destruction,
alteration, or misuse of Conexant computing resources. In that regard, the
directives specified in this baseline are in the form of:
1. "shall" statements - which are "control" requirements that must be
adhered to by every Conexant location.
AUTHORIZATIONS, AGREEMENTS AND CONTRACTS
To best assure that the key hardware, software and service elements that make up
Conexant's information security infrastructure are compatible with the
guidelines identified in this baseline, contractual provisions need to be
included in the selection and acquisition of these elements. Likewise, all
services provided by contract laborers shall be governed by contract language
that specifies the appropriate use of Conexant's computing resources and the
consequences of misuse.
1. Contractual provisions and compliance procedures with vendors shall be
established regarding the security aspects of their products and
services as applicable.
2. Service agreements shall include ownership, confidentiality, and
nondisclosure statements.
3. Formal contractual provisions with contractors shall be established to
ensure compliance with enterprise security policies and standards.
4. All information technology users shall be required to read and
acknowledge the information security policies and responsibilities.
5. The appropriate hiring organization shall be responsible for enforcing
the above statements.
G-16
AUDITS, REVIEWS AND RISK ASSESSMENTS
In order for security measures to be effective, periodic reviews need to be
performed to: a) identify deficiencies of any implemented security measures, b)
identify discrepancies between documented directives and implemented security
measures, c) assess potential risks of exposure to the business and the
corporation, and d) develop corrective actions.
1. Conexant shall perform annual (minimum period) self-assessments of
information security practices and mechanisms employing qualitative and
quantitative measurements.
2. Conexant shall develop a plan of corrective actions to address
discrepancies and deficiencies discovered by security reviews and
audits.
3. Reports of security discrepancies, deficiencies and corrective actions
shall be submitted to Conexant's CIO and the Corporate Chief Security
Information Director.
4. Conexant shall retain records of all IT audit reports and associated
documentation for a period of five years.
SECURITY ADMINISTRATION
In order for information security measures to be applied effectively across
Conexant, each organization with system administration responsibilities shall
establish accountability for the administration of appropriate security
mechanisms. They shall also establish communication channels the Corporate Chief
Security Information Director
1. Information Security efforts for each Conexant location shall be
overseen and coordinated by the business unit's primary information
security officer, who will act under the direction of the business's IT
Executive and the corporate Chief Information Security Officer.
2. A problem escalation procedure shall be established and maintained that
addresses attacks on Conexant's business critical computing resources
(e.g. network attacks or intrusions, virus infestations, malicious
behavior and natural disaster).
3. In the event encryption keys get lost or become otherwise unavailable,
businesses shall establish "Key" recovery procedures to aid in the
recovery of encrypted sensitive or critical Conexant data.
PHYSICAL SECURITY
In order to limit accidental or intentional damage resulting from unauthorized
use or access, or prevent damage resulting from a natural disaster - physical
access to critical computing resources will be controlled, and effective
environmental precautions established.
1. Critical computing resources, such as file servers, remote access
hardware, gateways, bridges, routers, switches, and their consoles,
etc. shall be secured using physical security devices, and/or placement
in controlled access areas.
2. Critical networked systems shall be documented to include the inventory
and logical location of network components, the LAN operating system
including version, release, and maintenance levels.
3. All wiring cabinets shall be physically secured to prevent access by
unauthorized individuals.
G-17
4. Guidelines for the use and control of backup media shall be developed
for those occasions when that media is outside company facilities or
the company's direct control.
5. Removable media containing sensitive or critical information shall be
secured when not in use (e.g., using locked containers or cabinets).
6. Surge suppressers or voltage regulators and uninterruptible power
sources shall be used to protect business critical computing resources
(hardware components) against power fluctuations and against the loss
of data due to power interruptions.
7. Shutdown and recovery procedures shall be established for business
critical computing resources.
8. Business critical computing resources shall be located in facilities
equipped with heat/smoke/water detection and fire
protection/suppression mechanisms.
9. Business critical computing resources shall be adequately protected
from moisture, falling debris and toppling over, in those areas
susceptible to natural disturbances such as earthquakes, tornadoes,
hurricanes, floods and blizzards.
NETWORK/COMMUNICATIONS SECURITY
1. The use of system attack, probing, or sniffing tools such as (but not
limited to) port scanning software, network sniffers, password
sniffers, etc. is prohibited except where authorized individuals are
allowed by the Corporate Chief Security Information Director to use
them in the performance of their job responsibilities.
2. Access to critical network components shall be limited to specifically
designated personnel in accordance with their job responsibilities.
3. Logon to Conexant systems and networks from non-Conexant computing
locations shall be required to use strong authentication.
4. Administration of network devices via remote access shall require
strong authentication where feasible or modem enforcing log on ID and
password.
5. Warning banners with proprietary and monitoring notices shall be
displayed at login time for a reasonable amount of time of no less than
eight seconds or until acknowledged by the user.
6. Firewalls, segmentation, and routing controls shall be used to protect
against connections to untrusted networks.
7. A system of formal approval and record keeping shall be used for the
assignment of communication lines for modems and fax machines.
8. Authorized communication servers and/or modem pools shall be used to
enable remote user dial-in connections. In bound dial in on modem
connections are not allowed on individual user PC or workstations.
9. Sensitive information shall be encrypted prior to transmission over
external or untrusted networks.
G-18
10. Network operating systems that support business critical systems shall
be kept current (vendor supported) to the extent that it is
operationally feasible.
11. E-mail delivered to systems within Conexant's trusted networks may not
be automatically forwarded across untrusted networks or to systems
residing on untrusted networks.
12. Unauthorized connection of an operating system to the network that
allows admin/root privileges to the network shall be denied access.
USER IDENTIFICATION AND AUTHENTICATION
System access controls are required in order to ensure that only authorized
individuals use the system resources necessary to perform their job duties.
Access is controlled by a secure LogonID.
1. Unique user identifications (LogonIDs) shall be established for each
individual user and for automated processes (such as a time-scheduled
job or daemon acting on behalf of users) that utilize Conexant
computing resources.
2. The shared use of LogonIDs to systems and applications is prohibited
except in cases which are specifically approved by the principal
business information security officer.
3. Users of Conexant computing resources shall be registered and assigned
a unique LogonID and an obscure, temporary password that is a minimum
of six characters. Network and/or Operating System security mechanisms
shall be implemented which require users of new LogonIDs to change
their password when logging on to Conexant computing resources for the
first time where technically feasible.
4. Each user's identity shall be authenticated by the system in a manner
consistent with the protection requirements set forth in this baseline.
For remote access, this means that users shall use strong
authentication. For Local access, users may use static passwords.
5. Static passwords, when used, are for local authentication and shall be
a minimum of 6 characters in length
6. Guest user accounts shall not be permitted.
7. Password files shall be protected with appropriate access controls and
stored only in encrypted format.
8. A network session shall be terminated and a new network session will be
initiated after a specified number of unsuccessful logon attempts (not
to exceed 10). After a maximum of 10 unsuccessful logon attempts within
a 60 minute period, the system shall force an automatic session
termination, whereby the LogonID will be suspended. A log file of
unsuccessful logon attempts will be maintained and reviewed daily.
9. Information regarding limits and actions taken on unsuccessful log-on
attempts shall not be provided to users attempting to log on to
Conexant computing resources.
10. An authentication token device shall only be assigned to and used by a
single user. Authentication token devices shall not be shared.
G-19
11. The assignment of authentication token devices shall be recorded and
maintained in a secure inventory system.
12. All users of authentication token devices shall return the devices upon
a) termination of employment, or b) reassignment to functions not
requiring token usage.
13. All LogonIDs of personnel who leave the employ of the company shall be
disabled within 48 hours of termination.
14. Default system passwords, supplied by the vendors, shall be changed
immediately after system installation. Default system user accounts,
supplied by the vendors, shall be eliminated or disabled.
15. The use of LogonIDs by non-Conexant users shall be re-affirmed upon
contract expiration.
16. LogonIDs shall be removed from all systems after 180 days of non-use.
17. Passwords shall not be echoed during the login process.
18. Passwords shall not be written down.
19. Access privileges for system and security administrators shall be
reviewed at least annually to ensure the access is required and
necessary.
COMPUTER AND NETWORK SYSTEM SECURITY
1. The Information Security organization shall have oversight authority
for how security and passwords are managed in privileged (admin/root)
accounts on multi-user computing resources.
2. All installations and subsequent changes to critical or multi-user
systems or network devices shall be performed only by authorized
individuals.
3. Access and procedural controls shall be implemented to limit the use of
network/computer utility software and diagnostic tools to trained
support personnel, in accordance with their job responsibilities.
4. Change control procedures shall be established and implemented which
govern all changes to Network and system configurations.
5. A warning banner shall be displayed prior to network login. The wording
of the banner shall comply with the wording recommended by Corporate
Legal Counsel, as follows: "This computer system is the property of
Conexant. Unauthorized access and improper use is prohibited. Any
activity on the system is subject to monitoring by the Company at any
time. Anyone who uses the system consents to such monitoring and agrees
that the Company may use the results of such monitoring without
limitation."
6. Personal computers or desktops with modems shall not be connected to
phone lines for inbound calls.
7. Sensitive information shall not be sent over unsecured fax machines.
Communication servers or modem pools shall be used in lieu of
individual workstation dial-up access ports.
G-20
8. Dial-up access telephone numbers, authorization codes, LogonIDs,
passwords, shall be protected from unauthorized disclosure.
9. Systems that are not physically secured and that are left logged in
unattended in excess of ten minutes require workstation lockdown
utilities or screen savers that incorporate passwords. Lock down
utilities and secure screen savers shall be approved by local
information security officers.
10. The Information Security organization shall directly oversee all
systems that reside on the perimeter networks.
ENGINEERING LABS
1. Labs with connections to untrusted networks or dial inbound remote
access capability shall be protected by a firewall.
SECURITY AUDIT LOGS AND MONITORING
1. Multi-user systems shall be equipped with security audit log features.
2. All significant security-relevant events, such as unsuccessful access
attempts, shall be recorded on security audit logs.
3. Audit trails, obtained from a security audit log records, shall
identify source/location of unauthorized attempts, LogonID, date/time
of event, and target system or requested service where feasible.
4. Security audit log file information (especially violation reports)
shall be reviewed on a daily basis.
5. Security audit log records shall be retained for at least 7 days.
6. Monitoring of systems, networks or applications may be performed only
by personnel that have been duly authorized by the company.
PROTECTION FROM MALICIOUS SOFTWARE
1. Virus-checking software shall be installed on all desktop and notebook
PCs, as well as all file servers, network drives, and email servers
where technically feasible. The anti-virus files used by virus-checking
software shall be updated frequently.
2. Conexant shall establish well defined and publicized mechanisms for
distributing, installing and maintaining virus-checking software across
all the locations.
3. System administrators, vendors, service technicians, and users shall
use virus-checking software to scan all software media and files prior
to loading them onto Conexant computing resources where technically
feasible.
4. Original application and operating system software media shall be
write-protected (whenever possible) and stored in a secure manner.
5. Emergency response procedures, including setting up an emergency
response team, shall be established for dealing with malicious software
incidents.
G-21
SYSTEMS DEVELOPMENT AND ACQUISITION
1. Software libraries shall be established for storing and securing all
files associated with a business unit's application, systems and
utility software.
2. Separate software libraries shall be established in support of the
business unit's development, test and production environments.
3. Access controls, including activity logging, shall be established for
the business unit's development, test and production software
libraries, to ensure that only authorized personnel have access to the
libraries and that they only have access to those components necessary
to perform their job assignments.
4. Procedures shall be established to ensure that software changes are
made in accordance with business requirements, and are satisfactorily
tested prior to promoting them into production from development/test.
5. Procedures shall be established to ensure that all business system
software configurations (how the technical components fit together) are
adequately documented, and that software versions as well as
source-code to executable-code continuity can be verified.
6. Change control procedures shall be established and implemented which
govern all hardware, software and services changes to ensure they are
properly authorized and documented, and that appropriate security
controls are not compromised.
7. Security controls and mechanisms which are utilized by all applications
and systems software shall be documented and maintained.
OPERATIONS
1. Procedures shall be established to control the disposition of printed
output that contains sensitive information.
2. Printed output containing sensitive information shall be marked with
appropriate classification and proprietary notices.
3. Conexant data shall be backed up on a regular basis, depending upon the
criticality of the data, the frequency of change, the utilization of
raid and disk mirroring techniques and the probability of data loss or
damage.
4. Critical system configuration and data files (those required to recover
the operating system) shall be backed up - at least weekly. The
frequency of backups will be affected by the frequency of systems
changes and the availability of systems installation software on
high-speed storage media (i.e., CDs or hard disks).
5. At least two generations of backup files for all critical business
systems data shall be maintained at a secure storage location that is
significantly removed from the data's primary location.
6. Email backup files, stored both on and off site, shall be retained for
no more than 7 days.
G-22
7. Sensitive data stored on workstation or file server hard drive(s) shall
be erased or purged using complete erasure techniques prior to the
transfer of ownership of the workstation or server, scrapping, or
off-site maintenance.
DISASTER RECOVERY AND BUSINESS CONTINUITY
1. Conexant shall develop disaster recovery and business continuation
plans in accordance with corporate guidelines.
2. Disaster recovery and business continuation plans shall be documented
and submitted to the EC.
3. Conexant shall test disaster recovery and business continuation plans
on an annual basis.
MERGERS AND ACQUISITIONS:
- - Compliance with Conexant's IT Security Policy and IT Security Baseline
shall be completed within a reasonable amount of time, not to exceed 90
days from the finalization of the acquisition. Acquired domain names shall
remain active for the purposes of receiving email and web site access for a
period not to exceed one year from the finalization of the acquisition.
G-23
CONNECTIONS FROM/TO UNTRUSTED NETWORKS BASELINE
TABLE OF CONTENTS
1.0 INTRODUCTION
2.0 PURPOSE
3.0 SCOPE
4.0 RELEVANT POLICIES, BASELINES AND REFERENCES
5.0 ACCOUNTABILITIES
6.0 FIREWALL ARCHITECTURE
6.1 FILTERING ROUTERS
6.2 PERIMETER NETWORKS
7.0 PROTOCOL CONTROLS
7.1 BGP
7.2 DNS
7.3 FINGER
7.4 FTP COMMAND
7.5 FTP DATA
7.6 HTTP
7.7 ICMP
7.8 LP
7.9 MICROSOFT SQL
7.10 MICROSOFT NETMEETING
7.11 NFS
7.12 NNTP
7.13 NTP
7.14 OPENWINDOWS
7.15 REALAUDIO
7.16 REXEC
7.17 RLOGIN
7.18 RSH
7.19 SMTP
7.20 SQL*NET
7.21 SSL FOR ENCRYPTED HTTP
7.22 TALK
7.23 TELNET
7.24 UNSPECIFIED IP PACKETS
7.25 UNSPECIFIED UDP PACKETS
7.26 X11
8.0 AUTHENTICATION
9.0 VIRTUAL PRIVATE NETWORK
10.0 INTERNET INFORMATION SERVERS
10.1 INFORMATION SERVER GUIDELINES
11.0 SCREENING OF MALICIOUS SOFTWARE
12.0 EXTERNAL SERVICE PROVIDERS
13.0 REQUESTS FOR WAIVERS AND BASELINE CHANGES
For comments and information contact Milena Hlavaty (VPN 483-6209).
G-24
1.0 INTRODUCTION
The Internet is a global untrusted network that uses a common protocol, which
connects devices and users around the world. The Internet is a public place and
unprotected communications are not private, nor can their integrity and
confidentiality be guaranteed. Conexant shall take all requisite steps to
safeguard their trusted networks and adhere to the rules and guidelines set
forth in this baseline.
2.0 PURPOSE
The purpose of this baseline is to reduce to acceptable levels the risk entailed
in connecting a trusted Conexant network to the Internet or other untrusted
networks. This baseline sets the standards for securing connections between
Conexant's internal trusted TCP/IP networks and external, untrusted networks,
such as the Internet. This baseline prescribes specific security measures and
requirements for network and system administration, and the configuration,
operation and service use restrictions between untrusted networks and Conexant's
trusted networks. All persons are responsible and accountable for complying with
the network security safeguards established herein.
3.0 SCOPE
The standards and guidelines set forth in this document apply to all connections
that are made to the Internet or any other untrusted network from any Conexant
location.
4.0 RELEVANT POLICIES, BASELINES, AND REFERENCES
Information and Communications Security
Conexant Information Security Baseline
Safeguarding Company Sensitive Information
Acquisition, Dissemination, and Use of Computer Software Owned by Another
Use and Monitoring of Computing Resources
5.0 ACCOUNTABILITIES
The safety and security of Conexant connection to untrusted networks is the
responsibility of Conexant's CIO. Corporate Chief Security Information Director
has oversight responsibilities for all information security activities at the
business, including connections to untrusted networks. Network security
violations of the safeguards described within this baseline must be brought to
the immediate attention of the Corporate Chief Security Information Director.
Requests for firewall changes must be reviewed and approved by corporate
firewall administration to ensure compliance to this baseline. Probing,
scanning, and other activities that may be considered hostile or event
generating shall be performed only with the concurrence of corporate network
security administration
Breaches of Conexant network defenses from untrusted networks must be brought
to the immediate attention of the Corporate Chief Security Information Director
and the CIO. Unauthorized intrusions into Conexant's trusted networks shall be
reviewed by the security incident review board who will inform the CIO.
6.0 FIREWALL ARCHITECTURE
All Conexant connections to untrusted networks shall be secured with a firewall.
Conexant firewalls shall be secured by utilizing industry best practices. Strict
change control, implementation of strong authentication for remote
administration, regular internal audits, adequate physical security,
implementation testing, regular backups, and security incident response
procedures are illustrative of industry best practices for firewall
administration. To the extent feasible, firewall administrators shall maintain
the most current version of firewall devices/software in order to take advantage
of product and security enhancements. Internal, trusted subnets may only contain
devices that utilize IP addresses assigned by the Global Support Group in IT.
Conexant corporate shall act as the coordination point for documenting the RFC
private addresses in use across the company.
G-25
6.1 FILTERING ROUTERS
An important component of the firewall is the filtering router placed between
untrusted networks and the perimeter network. This router shields the perimeter
network against dangerous or unwanted untrusted network traffic (see Figure 1
below). Such routers will be referred to hereafter in this document as
'external routers'. External routers shall be configured to only permit
administrative telnet access from a specific, limited number of administrative
hosts. Remote access by administrators to external routers shall require strong
authentication. In those cases where external routers employ fixed or static
password technology, that password file must be encrypted.
6.2 PERIMETER NETWORKS
Perimeter networks logically reside between the company's external routers and
firewalls. They are to be used to host computing resources that must directly
interface with public (untrusted, non-Conexant) systems. Computing resources
resident on perimeter networks must be "security hardened" by removal of all
non-essential programs and services and by conscientious application of
security patches and fixes on a regular basis. Access to trusted Conexant
networks from a perimeter network may only be permitted via a firewall. There
shall be a perimeter network at virtually every interface between Conexant's
trusted networks and an untrusted network.
7.0 PROTOCOL CONTROLS
Conexant businesses shall implement the controls presented in this section into
their firewalls. Applicable gateway and external router controls for each
protocol are presented. All services in the direction of from less secured
networks to more secured networks which are not specifically permitted in the
controls set forth below shall be denied at company firewalls. Documentation of
a specific protocol in section 7 below (whether specifically denied or allowed)
signifies that it has undergone scrutiny and has been dispositioned as stated.
All traffic from the internal interface of the firewall shall be allowed to
pass through the external router.
7.1 BGP
Guidelines:
From Internet to perimeter network: Allow through external router
From perimeter network to Internet: Allow through external router
From perimeter network to Internal: Secure at firewall
From internal to perimeter network: Secure at firewall
7.2 DNS
Protocol: UDP - TCP
Server Port: 53
Client Port: >=1023
Guidelines:
From Internet to perimeter network: Allow through external router
Secure at firewall
From perimeter network to Internet: Allow from external DNS servers
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
G-26
Implementation guidelines:
Zone transfers request will be permitted from known hosts. It is secured at the
DNS servers. Conexant networks shall employ an external and internal DNS
implementation. All Conexant entities with an Internet connection shall
establish an external DNS on their perimeter network, and only those hosts and
devices on Conexant's perimeter networks shall be visible outside the Conexant
domain. The public shall not be directly given address information for
Conexant's internal, trusted network resources. Internal DNS's shall be
maintained that contain all of the hosts and devices on Conexant's internal
trusted networks and information on how to access the external DNS.
7.3 FINGER
Protocol: TCP
Server Port: 79
Client Port: >=1023
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Block at external router
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
7.4 FTP COMMAND
Protocol: TCP
Server Port: 21
Client Port: >= 1023
Guidelines:
From Internet to perimeter network: Allow at external router
Secure at firewall
From perimeter network to Internet: Allow at external router
and firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
7.5 FTP DATA
Protocol: TCP
Server Port: 20
Client Port: >=1023
Guidelines:
From Internet to perimeter network: Secure at firewall
From perimeter network to Internet: Allow through firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
G-27
7.6 HTTP
Protocol: TCP
Server Port: 80
Client Port: >=1023
Guidelines:
From Internet to perimeter network: Allow at external router
Secure at firewall
From perimeter network to Internet: Allow at external router and
firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
7.7 ICMP
Protocol: ICMP
Guidelines:
Allow the following types through external router: 0 - Echo-reply
8 - Echo-request
11 - Time-xceeded
12 - Parameter-problem
Secure at firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Secure at firewall
7.8 LP
Protocol: TCP
Server Port: 515
Guidelines:
From Internet to perimeter network: Allow at external router
Secure at firewall
From perimeter network to Internet: Allow at external router
and firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
7.9 MICROSOFT SQL
Protocol: Tcp
Server Port: 1612
Client Port: >=1023
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Allow at external router and
firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
G-28
7.10 MICROSOFT NETMEETING
Protocol: TCP and UDP
Ports: 389, 522, 1503, 1720,
1731, and various dynamic
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Block at external router
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
7.11 NFS
Protocol: TCP
Server Port: 2049
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Block at external router
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
7.12 NNTP
Protocol: TCP
Server Port: 119
Guidelines:
From Internet to perimeter network: Allow through external router
Secure at firewall
From perimeter network to Internet: Allow through external router
and firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
Implementation guideline: The nntp server must be
placed on the perimeter
network and adequately
security 'hardened'. Internal
newsgroups should utilize
Lotus Notes servers.
7.13 NTP
Protocol: UDP
Client Port: 123
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Block at external router
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Secure at firewall
Implementation guideline: Network time shall be
obtained from internal, trusted
G-29
ntp servers.
7.14 OPEN WINDOWS
Protocol: TCP
Server Port: 2000 - 2FFF
Guidelines:
Same as X11
7.15 REAL AUDIO
Guidelines:
From Internet to perimeter network: Allow through external router
Secure at firewall
From perimeter network to Internet: Allow through external router
and firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
Implementation guidelines: Allow port 7070 only
7.16 REXEC
Protocol: TCP
Server Port: 512
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Allow at external router
Secure at firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
7.17 RLOGIN
Protocol: TCP
Server Port: 513
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Allow at external router
Secure at firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
7.18 RSH
Protocol: TCP
Server Port: 514
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Allow at external router
Secure at firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
G-30
7.19 SMTP
Protocol: TCP
Server Port: 25
Client Port: >=1023
Guidelines:
From Internet to perimeter network: Allow at external router. E-
mail only forwarded to firewall
From perimeter network to Internet: Allow at external router
Secure at firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allowed through firewall.
7.20 SQL*NET
Protocol: TCP
Server Port: 1525
Client Port: >=1023
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Allow through external router
Secure at firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
Implementation guidelinek: The SQL*Net application
proxy can be used to allow
internal Oracle clients to
access external database
servers. The proxy can
also be used to allow a
perimeter web server
running Oracle's Web
Request Broker to send
SQL*Net transactions to
a backend Oracle
database server on the
internal network.
7.21 SSL FOR ENCRYPTED HTTP
Protocol: TCP
Server Port: 443
Guidelines:
From Internet to perimeter network: Allow through external router
Secure at firewall
From perimeter network to Internet: Allow through external router
Secure at firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
Implementation guideline: Although SSL is not limited to
G-31
the HTTP protocol, only HTTP
is allowed to pass in SSL.
7.22 TALK
Protocol: UDP
Server Port: 517,518
Client Port: >=1023
Guidelines:
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Block at external router
From perimeter network to Internal: Secure at firewall
From internal to perimeter network: Secure at firewall
7.23 TELNET
Protocol: TCP
Server Port: 23
Client Port: >=1023
Guidelines:
From Internet to perimeter network: Allow to application gateway
at external router
Secure at firewall
From perimeter network to Internet:
Allow through firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
7.24 UNSPECIFIED IP PACKETS
Protocol: IP
Ports: All TCP and UDP
Guidelines:
From Internet to perimeter network: Allow established TCP at
external router
Secure at firewall
From perimeter network to Internet: Allow at external router
and firewall
From perimeter network to internal: Secure at firewall
Additional guidelines: Incoming and outgoing
spoofing rules for the
Conexant and RFC 1918
private addresses shall be
applied. Packets having the
source or destination of
broadcast shall be blocked.
7.25 UNSPECIFIED UDP PACKETS
Protocol: UDP
Guidelines:
G-32
From Internet to perimeter network: Block at external router
From perimeter network to Internet: Will fail due to blocked inbound
From perimeter network to internal: Secure at firewall
7.26 X11
Protocol: TCP
Server Port: 6000 - 6063
Guidelines:
From Internet to perimeter network: Secure at firewall
From perimeter network to Internet: Allow through firewall
From perimeter network to internal: Secure at firewall
From internal to perimeter network: Allow through firewall
Implementation Guidelines: Internal X servers: Allow only
with xforward or other proxy.
The window manager must be
an internal client.
External X servers: Allow
running internal X clients;
access to machine that has X
client via telnet only.
8.0 AUTHENTICATION
Router administrators shall ensure that default privileged command passwords and
console and virtual terminal line access passwords are changed or assigned
immediately upon installation, and changed thereafter at 90 day intervals. These
passwords shall also be changed within 24 hours whenever router administrators
are terminated or transferred.
Dial-in access by administrators to routers and other sensitive network devices
shall require strong authentication.
Systems that are connected to Conexant's internal trusted networks and which
can be accessed from external networks (including dial-in) must implement
strong authentication mechanisms and comply with applicable Conexant host
security baselines.
9.0 VIRTUAL PRIVATE NETWORK
A VPN shall be required for connectivity between Conexant trusted networks or
Conexant SOHO users when traversing an untrusted network.
10.0 INTERNET INFORMATION SERVERS
Servers such as ftp and World Wide Web have been established throughout Conexant
for rapid dissemination and central updating of public and private information.
These information servers provide fast and convenient information to employees,
customers, suppliers and the general public.
Those who establish such servers must safeguard their security in order to
protect against unauthorized disclosure of sensitive and competitive
information, as well as ensure the integrity of information which they contain
10.1 INFORMATION SERVER GUIDELINES
1. Information available to an untrusted network shall be hosted on the
perimeter networks. Access to company sensitive information from an
UNTRUSTED network to a perimeter network shall require authentication
technologies. Connectivity from the perimeter network to information
within the TRUSTED network shall require strong authentication.
G-33
2. Servers on the perimeter networks shall run with as little privilege as
necessary. If at all possible, server software must not run as "root,"
or "administrator" thus limiting possible damage if an intruder
discovers vulnerability.
3. System administrators shall closely monitor the integrity of the system
and the information to be distributed. Whenever feasible, system
administrators shall run the most secured version of the information
server software which is free of known bugs or vulnerabilities.
11.0 SCREENING OF MALICIOUS SOFTWARE (PENDING ACTION ITEMS)
Executable programs embedded within HTML entering Conexant trusted networks via
HTTP or other protocols will vary across time based upon the state of the
technology. Until security shortcomings are resolved, to the extent possible
Microsoft ActiveX (and follow-on products of like content but different
marketing names) are not allowed into trusted Conexant networks from untrusted,
foreign networks. Java applets may be allowed into Conexant trusted networks
from foreign, untrusted network domains.
12.0 EXTERNAL SERVICE PROVIDERS
Dedicated network connection between to Conexant network security administration
shall be responsible for ensuring the security of all computing services and
connections. When business needs dictate, Conexant networks may, with due
diligence, be extended into non-Conexant facilities, but may not be connected to
that facility's untrusted networks unless firewalls are put into place. Under
conditions where there is no direct Conexant control or supervision of the
non-Conexant users who log on to trusted Conexant networks, logins require
strong authentication. The management of authentication devices remains at all
times the responsibility of the Conexant business unit issuing them. Clearly
defined agreements must be established with third party service providers who
issue Conexant authentication devices to their employees. Those agreements must
spell out the third party's responsibilities in the management and protection of
Conexant's security devices, computing resources, and private data.
13.0 REQUESTS FOR WAIVERS AND BASELINE CHANGES
Requests for waivers and deviations to this IT security baseline shall be sent
to the Corporate Chief Security Information Director.
Each request for waiver and deviation will be considered on an individual basis
and for a specific duration. Any change to the requirement, technical approach,
or other pertinent circumstances on which the request is granted, must be
reported to the Corporate Chief Security Information Director for
reconsideration of the waiver or deviation.
In order to consider the request, as a minimum the following information must
be specified in each written request:
1. Reference to the baseline requirement and technical description of the
requested waiver or deviation.
2. Business justification or contractual requirement.
3. Specific duration of requested waiver or deviation, not to exceed 26
weeks. If the duration is expected to exceed 26 weeks, the request must
be resubmitted for reconsideration prior to expiration of the granted
waiver/deviation duration.
4. Alternative technical approaches and solutions considered/rejected.
5. Requested technical approach and technical point of contact.
G-34
6. Concurrence from the business unit's IT executive that the deviation is
warranted.
Requests to change the Internet Security baseline should be forwarded to the
Corporate Chief Security Information Director, who is the custodian of the
document.
G-35
ATTACHMENT H
TERMINATION FOR CONVENIENCE
ATTACHMENT H
EXAMPLE OF SECTION 12.2
TERMINATION FOR CONVENIENCE
[GRAPHIC]
H-1
ATTACHMENT I
SERVICE LEVEL MATRIX
ATTACHMENT I
SERVICE LEVEL MATRIX
CATEGORY OF SERVICE SERVICE HOURS RESPONSE CLOSURE TIME MISSION CRITICAL MISSION CRITICAL SUPPORT LEVEL
TIME SYSTEMS RESPONSE TIME
- -----------------------------------------------------------------------------------------------------------------------------------
Application Support 8-5 Local Time of 8 Service Mutually Agreed See Attachment K
Service Request Hours
- -----------------------------------------------------------------------------------------------------------------------------------
Programming Services 8-5 Local Time of 8 Service Mutually Agreed 1st and 2nd Level
Service Request Hours Support
- -----------------------------------------------------------------------------------------------------------------------------------
Remote Site Support 8-5 Local Time of 8 Service 50% within 16 1st and 2nd Level
(Asia Pacific and Service Request, 6 Hours Service Hours Support
Europe) installations and/or
upgrades/week between
the regions.
- -----------------------------------------------------------------------------------------------------------------------------------
Infrastructure Services - 8-5 Local Time of 4 Service 50% within 16 Phone Outages Account Manager 2nd Level Support
Wire Line Telephony Service Request Hours Service Hours will be given informed on a for Newbury Park
highest priority hourly basis to and Mexicali, 1st
problem is Level support for
solved all other
Washington
Locations
- -----------------------------------------------------------------------------------------------------------------------------------
Infrastructure Services - 8-5 Local Time of 4 Service 50% within 16 1st and
Video Telephony Service Request Hours Service Hours 2nd Level Support
- -----------------------------------------------------------------------------------------------------------------------------------
Infrastructure Services - 7x24 Monitoring 2 Service 50% within 16 1st Level support
LAN Services Hours Service Hours at all Washington
locations except
Newbury Park,
Mexicali, and
Ottawa. 2nd Level
support at all
Washington
Locations
- -----------------------------------------------------------------------------------------------------------------------------------
I-1
CATEGORY OF SERVICE SERVICE HOURS RESPONSE CLOSURE TIME MISSION CRITICAL MISSION CRITICAL SUPPORT LEVEL
TIME SYSTEMS RESPONSE TIME
- ------------------------------------------------------------------------------------------------------------------------------------
Infrastructure Services - 8-5 Local Time of 8 Service 50% within 16 1st and 2nd
Remote Access and Service Request Hours Service Hours Level
SOHO Support
- ------------------------------------------------------------------------------------------------------------------------------------
Infrastructure Services - 8-5 Local Time of 8 Service 50% within 16 All Internet Account Manager 1st and 2nd
Internet Services Service Request Hours Service Hours Outages will informed on a Level
be given highest hourly basis Support
priority until problem is
solved when an
entire site is
affected
- ------------------------------------------------------------------------------------------------------------------------------------
Infrastructure Services - 7x24 Monitoring 2 Service 70% within 8 All WAN Outages Account Manager 1st and 2nd
Wan Services Hours Service Hours will be given informed on a Level
highest priority hourly basis Support
until problem is
solved when an
entire site is
affected
- ------------------------------------------------------------------------------------------------------------------------------------
Infrastructure Services - 8-5 Local Time of 8 Service 50% within 16 2nd Level
Groupware Services Service Request Hours Service Hours Support
- ------------------------------------------------------------------------------------------------------------------------------------
Data Center Services 7x24x365 8 Service 50% within 16 SAP, Adexa, 1 hour response 1st and 2nd
Hours Service Hours Promis, DMS and continuous Level
effort Support
until resolved
- ------------------------------------------------------------------------------------------------------------------------------------
I-2
ATTACHMENT J
J.1 - HARDWARE
THE FOLLOWING ASSETS WILL HAVE THE OWNERSHIP TRANSFERRED TO SKYWORKS WHEN THE
INFRASTRUCTURE TOWER OF SERVICE IS TERMINATED AND PAYMENT IS RECEIVED FOR
CONSIDERATION OF SUCH HARDWARE.
ASSET TAG # LOCATION DESCRIPTION
- --------------------------------------------------------------------------------
1079146 NP MODULE ETHERNET SMARTSWITCH
- --------------------------------------------------------------------------------
1079147 NP MODULE ETHERNET SMARTSWITCH
- --------------------------------------------------------------------------------
1079148 NP MODULE ETHERNET SMARTSWITCH
- --------------------------------------------------------------------------------
1082033 NP SERVER
- --------------------------------------------------------------------------------
1082034 NP SERVER
- --------------------------------------------------------------------------------
1082035 NP SERVER
- --------------------------------------------------------------------------------
1083012 NP TAPE LIBRARY, AUTOMATED
- --------------------------------------------------------------------------------
1079605 NP SERVER, COMPAQ PROLIANT
- --------------------------------------------------------------------------------
1079606 NP SERVER, COMPAQ PROLIANT
- --------------------------------------------------------------------------------
1079607 NP SERVER, COMPAQ PROLIANT
- --------------------------------------------------------------------------------
1079608 NP SERVER, COMPAQ PROLIANT
- --------------------------------------------------------------------------------
1079609 NP SERVER, COMPAQ PROLIANT
- --------------------------------------------------------------------------------
1082325 NP LAPTOP COMPUTER
- --------------------------------------------------------------------------------
1082326 NP LAPTOP COMPUTER
- --------------------------------------------------------------------------------
1079777 NP CHASSIS, WIRING CLOSET BUNDLE
- --------------------------------------------------------------------------------
1079778 NP CHASSIS, WIRING CLOSET BUNDLE
- --------------------------------------------------------------------------------
1083653 NP DATA/TELEPHONE EQUIPMENT
- --------------------------------------------------------------------------------
1078530 NP NETWORK SERVER
- --------------------------------------------------------------------------------
1079072 MEXICALI CHASSIS, CATALYST 5500 BUNDLE
- --------------------------------------------------------------------------------
1079072 MEXICALI CHASSIS, CATALYST 5500 BUNDLE
- --------------------------------------------------------------------------------
1079074 MEXICALI CHASSIS, CATALYST 5500 BUNDLE
- --------------------------------------------------------------------------------
1079285 MEXICALI CHASSIS, CATALYST 5500 BUNDLE
- --------------------------------------------------------------------------------
1079151 MEXICALI CHASSIS, RACK-MOUNT
- --------------------------------------------------------------------------------
1083651 MEXICALI DNS/SMS SERVER
- --------------------------------------------------------------------------------
1085700 MEXICALI ROUTER, CISCO 3660
- --------------------------------------------------------------------------------
1083564 MEXICALI SAP PRINTERS (2) FOR MEXICALI
- --------------------------------------------------------------------------------
40007 MEXICALI VIDEO CONFERENCING SYSTEM
- --------------------------------------------------------------------------------
1084337 NEPEAN, CANADA BRIDIAL BUNDLE
- --------------------------------------------------------------------------------
1084338 NEPEAN, CANADA CATALYST CHASSIS 5500
- --------------------------------------------------------------------------------
1084345 NEPEAN, CANADA NETWORK PROBE DAS PRO 2 PORT 10/100
- --------------------------------------------------------------------------------
1084340 NEPEAN, CANADA SERVER, PRINTER/FILER/LOTUS NOTES
- --------------------------------------------------------------------------------
1084341 NEPEAN, CANADA SERVER, PRINTER/FILER/LOTUS NOTES
- --------------------------------------------------------------------------------
1084331 NEPEAN, CANADA VIDEO CONFERENCING EQUIPMENT
- --------------------------------------------------------------------------------
1082375 CEDAR RAPIDS MICROWAVE UNIT
- --------------------------------------------------------------------------------
1082376 CEDAR RAPIDS MICROWAVE UNIT
- --------------------------------------------------------------------------------
1085582 IRVING, TX AUTOMATED TAPE LIBRARY
- --------------------------------------------------------------------------------
CIP NP COMPUTER SYSTEM BACKUP
- --------------------------------------------------------------------------------
CIP NP DLT EXPANSION
- --------------------------------------------------------------------------------
CIP NP UPGRADE OF PBX
- --------------------------------------------------------------------------------
CIP NP POKLYCOM FOR NP SALES
- --------------------------------------------------------------------------------
J-1
ATTACHMENT J
J.2 - SOFTWARE
APPLICATIONS LICENSE TYPE LICENSES SUBJECT TO CONSIDERATION
- ------------ ------------ ------------------- -------------
TRANSFER (IDENTIFIED
--------------------
LICENSES)
---------
Lotus Notes Named 1951 $ 59,000
SAP - Production Named 250 $ 795,000
PROMIS Concurrent 256 $ 845,000
Sherpa DMS Server and 1 and 25 $ 53,000
Concurrent
iPlanet LDAP Server 1 0
Adexa Server 1 $ 748,000
Total $2,500,000
J-2
ATTACHMENT K
APPLICATION SUPPORT MATRIX
CONEXANT TO SKYWORKS
APPLICATION GROUP MONTHLY FTE SUPPORT LEVEL
- -----------------------------------------------------------------------
Architecture & technology 1 2nd
- -----------------------------------------------------------------------
Computer security 1 1/2 1st and 2nd
- -----------------------------------------------------------------------
SAP 2 2nd
- -----------------------------------------------------------------------
PROMIS 1 2nd
- -----------------------------------------------------------------------
Quality Systems Inc. 1/4 1st
- -----------------------------------------------------------------------
Extricity (or its replacement) 1/4 1st and 2nd
- -----------------------------------------------------------------------
Sherpa DMS 1/4 1st and 2nd
- -----------------------------------------------------------------------
SKYWORKS TO CONEXANT
APPLICATION GROUP MONTHLY FTE SUPPORT LEVEL
- -----------------------------------------------------------------------
Adexa 1 1st and 2nd
- -----------------------------------------------------------------------
Lotus Notes 1/4 2nd
- -----------------------------------------------------------------------
J-2