Policy: Information and System Use for NonEmployee System Users LAST REVISED: OCTOBER 15, 2021 To the extent persons who are not Travelers employees (“Non-Employees”) are granted access to or use of Travelersprovided technology resources, including, without limitation, computing equipment and network resources, software, handheld devices, telephones, e-mail, voice mail, Internet access, instant messaging and other related equipment and systems (“Information Resources”) in connection with their provision of services to Travelers, this Information and System Use for Non-Employee System Users policy (“Policy”) sets forth the responsibilities and obligations pertaining thereto. Travelers expects Non-Employees to exercise good judgment in their use of Information Resources and Travelers business-related information. Additionally, Travelers expects Non-Employees to use extreme caution when opening emails, links or attachments that may be part of an actual or simulated phishing attack or that could otherwise expose Travelers to viruses and other attacks from cybercriminals seeking to defraud Travelers or its employees, customers or partners. Both Information Resources and Travelers business-related information accessible through any Information Resources and other means are valuable Travelers assets and must be used only as specifically authorized by Travelers. Please read this Policy carefully. Scope; Compliance Obligations This Policy applies to Non-Employees providing services to The Travelers Indemnity Company, and/or any of its subsidiaries, affiliates, and group companies in the U.S. and internationally (collectively, for purposes of this Policy, “Travelers”). Subject to applicable law, this Policy applies to all use of Travelers Information Resources and information, regardless of the time of use (during or outside business hours) or location. This Policy is in addition to and does not replace any other policy or agreement involving Non-Employees’ provision of services to Travelers. Failure to comply with the requirements of this Policy may result in immediate termination of the Non-Employee’s access to Information Resources, and/or appropriate legal action. Use of Information Resources Non-Employees should have no expectation of privacy in any Information Resources; to the contrary, Non-Employees should expect that their activity is being monitored. All activity when using Information Resources, whether businessrelated or personal, is subject to monitoring and inspection by Travelers, including but not limited to the following: emails sent and received, as well as links or attachments clicked or opened within emails (including internal and external emails); instant messages sent and received; Internet usage (including web sites visited and time spent online); files stored on a device, transferred to removable media or sent to a printer; software installed on a device; and applications and data accessed. Travelers reserves the right to monitor or filter Non-Employees’ use of Information Resources at any time, in its discretion. Information Resources are intended for business use for the benefit of Travelers, and any information, including personal information, contained in, created on or transmitted through company systems or Information Resources may be subject to such monitoring, inspection or filtering. If Travelers requests access to any Information Resources in possession of Non-Employees (including but not limited to company-provided mobile devices or laptops), Non-Employees may be required by Travelers to disclose the device passcode necessary for Travelers to access and inspect the device. No Travelers information may be transferred to, processed by, copied to, or stored on any computer systems, storage devices, flash drives, mobile applications, hardware, email boxes, public site or other service, except as expressly approved by Travelers. Unauthorized use or disclosure of Travelers information is prohibited. Proprietary & Confidential: For Internal Use Only Page 1 of 3 Electronic records pertaining to the use of Information Resources are maintained and may be accessed or reviewed by Travelers in the course of system maintenance or investigation of possible misuse, or for other business reasons. Such records may be provided to appropriate members of Travelers management and their agents. Travelers may also provide such records to outside parties in its discretion, or in response to a governmental inquiry or when legally required to do so (e.g., in response to a subpoena or court order). By using Travelers Information Resources, Non-Employees are consenting to the collection, use, processing and disclosure of personal information for the purposes set forth and as described in this section. Copyright and Intellectual Property Rights Compliance: The Internet provides ready access to copyrighted material and other protected intellectual property. No unauthorized use may be made of any such material in connection with provision of services to Travelers. Travelers is committed to compliance with the licensing requirements for software used on Travelers computers and other equipment. In order to comply with contractual obligations and intellectual property laws and to ensure the security and supportability of Travelers computing environment, only Travelers-authorized software and hardware peripherals may be used on Travelers- provided equipment. All software used in conjunction with any Information Resources must be approved by Information Technology and licensed to Travelers and used for legitimate business purposes only. The unauthorized use, downloading, installation, copying or distribution of material is prohibited. Travelers prohibits the use of software that attempts to bypass security controls and policies on Travelers systems. Travelers has the right to remove and/or uninstall any software from Travelers equipment without notice. Internet Services terms and conditions: Most websites have terms and conditions that govern the use of that website and the information the site contains. Other websites specifically ask users to confirm agreement with the terms and conditions, often as part of a registration process. No action may be taken that may appear to bind Travelers, such as clicking to accept any third party’s online terms and conditions or registering for any on-line service on behalf of Travelers. User IDs/Passwords/Security Unique User IDs are assigned for Travelers network and systems access. Access is granted when the correct user ID and corresponding password are entered. Passwords must not be shared or used in an unauthorized manner. NonEmployees are responsible for safeguarding passwords and for all activity executed under their Travelers assigned accounts. Passwords do not confer any expectation of privacy with respect to use of password-protected Information Resources. Upon the termination of assignments for or provision or services to Travelers, Non-Employees may be required to inform Travelers of the passwords used to access Information Resources. Authorized Use of Information Resources Travelers Information Resources and information may be used only for Travelers-authorized purposes. The fact that Information Resources or Travelers information stored on Information Resources are accessible does not necessarily mean that access to them is authorized. Access is limited to those Information Resources and Travelers information that are needed in connection with a Non-Employee’s provision of services to Travelers and that the Non-Employee is authorized to access. For example, Non-Employees should not attempt to view a document if there is not a need to do so in connection with a Non-Employee’s provision of services to Travelers, even if the Non-Employee has the ability to locate and view the document. Travelers will endeavor to apply mechanisms to grant only appropriate access to users. Such technology does not replace the responsibility to abide by this Policy and exercise good judgment. Protecting Information Resources Non-Employees are responsible for protecting all Travelers Information Resources and information to which they have access, including safeguarding Travelers-issued devices from loss or theft. Travelers-issued equipment must be kept in a safe location at all times – do not store it in an automobile or other places where it may be subject to theft. Antivirus protection or other required security controls on any Travelers devices may not be disabled or bypassed. When a Non-Employee’s provision of services to Travelers ends, or at any time at Travelers request, such Non- Employee will be required to return all Travelers-provided equipment and Information Resources to Travelers. Proprietary & Confidential: For Internal Use Only Page 2 of 3 Protecting Connections to Travelers Networks Only Travelers-authorized services, devices and facilities may be used to access Travelers networks, except as expressly otherwise authorized by Travelers. Accessing Travelers networks in any other way or providing access to Travelers networks for any unauthorized user, is a serious breach of security and is strictly prohibited. Reporting Security Problems All information security related concerns, security weaknesses and security incidents must be reported immediately, including but not limited to any loss or theft of laptops, electronic devices, or storage media containing Travelers data. If an incident is suspected, has taken place or is currently taking place, the Travelers Technology Service Center must be notified immediately at 1-888-878-2411. Proprietary & Confidential: For Internal Use Only Page 3 of 3
