PROFESSIONAL NEGLIGENCE & LIABILITY POLICY

SECTION 1 - PURPOSE AND SCOPE

1.1 Policy Objectives

1.1.1 This policy establishes employee accountability for:

(a) Professional standards of work performance and delivery

(b) Meeting project deadlines, quality standards, and client commitments

(c) Compliance with Service Level Agreements (SLAs) and contractual obligations

(d) Data security and protection obligations

(e) Consequences of professional negligence and substandard performance

(f) Financial liability for losses caused by negligence or security breaches

1.2 Professional Accountability Principle

1.2.1 Employees in professional roles are expected to:

(a) Exercise reasonable care, skill, and diligence appropriate to their position

(b) Maintain professional standards expected in software industry

(c) Honor commitments made to clients and Company

(d) Protect Company and client assets from negligence or misconduct

(e) Take ownership and responsibility for assigned work

1.2.2 Failure to meet professional standards = accountability for consequences.

1.3 Scope of Application

1.3.1 This policy applies to:

(a) All employees involved in client projects, deliverables, or services

(b) All roles with access to Company or client data and systems

(c) Technical, managerial, and support functions

(d) Employees at all levels and employment types

PART A: PROJECT DELIVERY ACCOUNTABILITY

SECTION 2 - PROFESSIONAL STANDARDS AND OBLIGATIONS

2.1 Standards of Professional Performance

2.1.1 Employees must maintain professional standards including:

(a) Quality of Work: Deliverables meet specified quality standards and acceptance criteria

(b) Timeliness: Work completed within committed deadlines and schedules

(c) Accuracy: Work is accurate, complete, and free from material errors

(d) Best Practices: Industry best practices and methodologies followed

(e) Client Satisfaction: Work meets client expectations and requirements

(f) Documentation: Adequate documentation maintained for work performed

(g) Communication: Timely communication of issues, risks, and status

2.2 Duty of Care

2.2.1 Employees have duty to:

(a) Exercise reasonable skill and competence expected of professional in their position

(b) Perform work diligently and conscientiously

(c) Apply sound professional judgment and decision-making

(d) Identify and escalate risks or issues that may affect delivery

(e) Seek guidance or assistance when facing challenges beyond capability

(f) Not undertake work beyond competence without disclosure and support

2.3 Project Commitment and Responsibility

2.3.1 When assigned to project or deliverable, employee must:

(a) Understand requirements, scope, and expectations clearly

(b) Commit realistic timelines based on capability

(c) Honor commitments and meet agreed deadlines

(d) Maintain regular communication on progress and blockers

(e) Escalate delays or issues proactively

(f) Not abandon project or deliverable without proper handover

SECTION 3 - CLIENT SERVICE LEVEL AGREEMENTS (SLAs)

3.1 SLA Compliance Obligations

3.1.1 Employees working on client projects with SLAs must:

(a) Be aware of applicable SLA terms and commitments

(b) Meet response time requirements (e.g., ticket response within 4 hours)

(c) Meet resolution time requirements (e.g., issue resolution within 24-48 hours)

(d) Achieve uptime and availability targets

(e) Maintain quality and performance metrics per SLA

(f) Document all client interactions and resolutions

3.2 Consequences of SLA Breaches

3.2.1 If SLA breach occurs due to employee negligence, error, or failure:

(a) Employee may be held accountable for consequences

(b) Client penalties imposed on Company may be recovered from employee

(c) Disciplinary action including warning, fine, or termination

(d) Impact on performance evaluation and compensation

3.2.2 Liability determination considers:

(a) Whether employee had control over outcome

(b) Whether failure was within employee's responsibility

(c) Whether employee exercised reasonable care

(d) Whether employee timely escalated issues

(e) Contributing factors beyond employee's control

3.3 Proactive SLA Management

3.3.1 Employees expected to:

(a) Monitor work against SLA timelines

(b) Prioritize work to meet critical SLAs

(c) Alert management immediately if SLA at risk

(d) Seek support or resources if needed to meet SLA

(e) Not wait until SLA is breached to escalate

SECTION 4 - PROJECT FAILURES AND DELIVERY ISSUES

4.1 Accountability for Project Outcomes

4.1.1 Employee responsible for project, module, or deliverable is accountable for:

(a) Successful completion per specifications and timeline

(b) Quality and functionality of work product

(c) Identifying and mitigating project risks

(d) Escalating blockers or issues affecting delivery

(e) Proper documentation and knowledge transfer

4.2 Project Failure Scenarios

4.2.1 Project failure may occur due to:

(a) Missed Deadlines: Failure to deliver on committed timeline

(b) Quality Issues: Deliverable does not meet specifications or acceptance criteria

(c) Defects and Bugs: Critical defects in delivered software causing failures

(d) Incomplete Work: Deliverable is partial or incomplete

(e) Client Rejection: Client rejects deliverable due to quality or functionality issues

(f) Performance Issues: Application does not meet performance requirements

(g) Security Vulnerabilities: Security flaws in delivered product

4.3 Employee Liability for Project Failures

4.3.1 If project failure caused by employee negligence, misconduct, or failure to perform:

(a) Employee may be held financially liable for:

• Client penalties imposed
• Cost of rework or corrective actions
• Revenue lost from contract termination
• Cost of engaging replacement resources

(b) Disciplinary action:

• Written warning for minor failures
• Final warning or suspension for moderate failures
• Termination for serious or repeated failures

(c) Impact on compensation:

• Loss of project bonus or incentive
• No salary increment
• Demotion consideration

4.3.2 Liability proportionate to:

(a) Employee's role and responsibility in project

(b) Degree of negligence or fault

(c) Whether failure was preventable

(d) Employee's prior record and performance

4.4 Mitigation of Liability

4.4.1 Employee may reduce or avoid liability by demonstrating:

(a) Exercise of reasonable care and diligence

(b) Timely escalation of risks and issues

(c) Seeking help when needed

(d) Factors beyond employee's control (resource constraints, changing requirements)

(e) Good faith effort to deliver quality work

4.4.2 Burden on employee to provide evidence of mitigation factors.

SECTION 5 - INCOMPLETE ASSIGNMENTS AND RESIGNATION

5.1 Notice Period Obligations for Critical Projects

5.1.1 Employee on critical project who submits resignation:

(a) Must serve full notice period to ensure knowledge transfer

(b) Notice period determined by employment level (30/60/90 days)

(c) Company may refuse payment in lieu of notice if project criticality demands

(d) Employee must complete assigned tasks or ensure proper handover

5.1.2 50% Wages Rule for Incomplete Assignments:

(a) If employee resigns and abandons critical assignment without proper handover:

• Company may pay only 50% of wages for final month
• Remaining 50% withheld as liquidated damages

(b) Applies when:

• Employee on critical client project
• Resignation disrupts project delivery
• Inadequate handover or knowledge transfer
• Client penalties or losses incurred due to departure

(c) Legal basis: Liquidated damages for breach of employment obligations

5.1.3 Handover requirements:

(a) Complete pending tasks or bring to logical stopping point

(b) Document work status, pending items, and next steps

(c) Transfer knowledge to replacement or team member

(d) Provide access credentials and codebase walkthrough

(e) Be available for clarifications during notice period

5.2 Abandonment During Critical Phase

5.2.1 If employee abandons project during critical phase (deployment, go-live, crisis):

(a) Immediate termination for gross misconduct

(b) Forfeiture of full notice period payment

(c) Liability for client penalties and losses caused

(d) Recovery through salary deduction or legal action

(e) Negative reference and disclosure to prospective employers

SECTION 6 - QUALITY AND TESTING OBLIGATIONS

6.1 Quality Standards

6.1.1 All work delivered by employees must meet:

(a) Functional requirements specified

(b) Technical specifications and architecture

(c) Performance benchmarks and scalability requirements

(d) Security standards and compliance requirements

(e) Code quality standards (clean code, documentation, maintainability)

(f) Client acceptance criteria

6.2 Testing and Quality Assurance

6.2.1 Employees must:

(a) Test work thoroughly before delivery or deployment

(b) Conduct unit testing of code modules

(c) Perform integration testing where applicable

(d) Verify functionality against requirements

(e) Not deliver untested or incomplete work

(f) Fix identified bugs and defects before delivery

6.2.2 Delivering untested or defective work:

(a) Constitutes professional negligence

(b) May result in disciplinary action

(c) Employee liable for rework costs if defects cause client penalties

6.3 Code Review and Peer Review

6.3.1 Employees must:

(a) Participate in code review processes

(b) Address feedback and comments from reviewers

(c) Not bypass code review requirements

(d) Provide constructive feedback when reviewing others' code

(e) Ensure code meets Company standards before merging

SECTION 7 - CLIENT PENALTIES AND CONTRACTUAL DAMAGES

7.1 Client Penalty Clauses

7.1.1 Many client contracts include penalty clauses for:

(a) Missed delivery deadlines

(b) SLA breaches

(c) Quality issues or defects

(d) Security breaches or data loss

(e) Downtime or service unavailability

7.1.2 Penalties may include:

(a) Fixed penalty amounts per delay day

(b) Percentage of project value deducted

(c) Service credits or refunds

(d) Contract termination without payment

7.2 Employee Liability for Client Penalties

7.2.1 If client penalty imposed due to employee's:

(a) Negligent or substandard work

(b) Failure to meet committed deadlines

(c) Delivery of defective work product

(d) Security breach caused by employee negligence

(e) Violation of client policies or procedures

7.2.2 Employee may be held liable for:

(a) Penalty amount imposed by client (partial or full depending on fault)

(b) Recovery through salary deduction (within Payment of Wages Act limits)

(c) Recovery through final settlement adjustment

(d) Legal action if amount exceeds recoverable limits

7.2.3 Liability shared proportionately if multiple employees contributed to failure.

7.3 Investigation and Determination

7.3.1 Before imposing liability:

(a) Investigation conducted to determine root cause

(b) Employee's role and contribution assessed

(c) Employee given opportunity to explain and defend

(d) Mitigating factors considered

(e) Liability assigned based on evidence and proportionate fault

PART B: DATA BREACH AND SECURITY INCIDENT LIABILITY

SECTION 8 - SECURITY INCIDENT ACCOUNTABILITY

8.1 Employee Obligations for Data Security

8.1.1 All employees must:

(a) Comply with Information Security Policy

(b) Follow security protocols and procedures

(c) Protect Company and client data from unauthorized access or disclosure

(d) Use security tools and controls (passwords, MFA, encryption)

(e) Report security incidents immediately

(f) Not engage in activities creating security risks

8.1.2 See Information Security Policy for comprehensive obligations.

8.2 Security Incidents Caused by Employee Negligence

8.2.1 Employee is liable if security incident caused by:

(a) Password Negligence: Sharing passwords, weak passwords, storing passwords insecurely

(b) Phishing Victim: Clicking phishing links or providing credentials to attackers

(c) Malware Introduction: Downloading malware, visiting malicious sites, using infected devices

(d) Unauthorized Access: Granting access to unauthorized persons

(e) Data Mishandling: Storing data insecurely, sending to wrong recipients, losing devices

(f) Policy Violations: Disabling security software, bypassing controls, violating policies

(g) Improper Disposal: Failing to securely delete data or dispose of storage media

8.3 Willful Security Breaches

8.3.1 Intentional or willful security breaches include:

(a) Deliberately disclosing confidential information

(b) Stealing or misappropriating data

(c) Hacking or unauthorized access to systems

(d) Installing backdoors or malicious code

(e) Sabotaging security controls

8.3.2 Willful breaches result in:

(a) Immediate termination

(b) Full liability for all costs and damages

(c) Criminal prosecution under IT Act, 2000

(d) Civil suit for damages and injunctive relief

SECTION 9 - DATA BREACH COSTS AND LIABILITY

9.1 Types of Data Breach Costs

9.1.1 Data breach costs include:

(a) Forensic Investigation: Hiring cybersecurity experts to investigate breach

(b) Legal Fees: Attorneys to handle legal response and compliance

(c) Notification Costs: Notifying affected parties, regulators, and public

(d) Credit Monitoring: Offering credit monitoring to affected individuals

(e) Regulatory Fines: Penalties from data protection authorities

(f) Client Penalties: Penalties imposed by clients for breach

(g) Client Compensation: Compensating clients for damages

(h) Remediation Costs: Fixing vulnerabilities and improving security

(i) Reputational Damage: Loss of business and revenue due to reputation impact

(j) Litigation Costs: Defending lawsuits from affected parties

9.2 Employee Financial Liability

9.2.1 If data breach caused by employee negligence:

(a) Employee liable for reasonable portion of breach costs

(b) Liability amount determined based on:

• Severity of breach (number of records, sensitivity of data)
• Degree of employee negligence or fault
• Actual costs incurred by Company
• Employee's financial capacity

(c) Recovery through:

• Salary deduction (within legal limits)
• Final settlement adjustment
• Legal action for remaining amounts

9.2.2 For willful or intentional breaches:

(a) Liquidated damages: ₹1,00,000 to ₹50,00,000 (One Lakh to Fifty Lakhs)

(b) In addition to actual breach costs incurred

(c) Amount based on breach severity:

• Minor breach (limited data): ₹1-5 lakhs
• Moderate breach (significant data): ₹5-20 lakhs
• Major breach (massive data or client data): ₹20-50 lakhs

(d) Employee acknowledges difficulty in quantifying breach damages justifies liquidated damages

9.3 Client Data Breaches

9.3.1 If breach involves client data:

(a) Client may impose penalties per contract terms

(b) Client may terminate contract and demand compensation

(c) Company liable to client

(d) Company may recover from employee if caused by employee's fault

9.3.2 Client data breaches treated with heightened severity due to:

(a) Contractual obligations to protect client data

(b) Reputational damage affecting client relationships

(c) Potential loss of future business

SECTION 10 - SECURITY INCIDENT REPORTING

10.1 Mandatory Reporting Obligation

10.1.1 Employees must immediately report to IT Security:

(a) Suspected Breaches: Any suspected unauthorized access or disclosure

(b) Lost or Stolen Devices: Laptops, phones, USB drives containing Company data

(c) Compromised Credentials: Password theft, phishing victim, account compromise

(d) Malware Infections: Virus, ransomware, or suspicious software

(e) Accidental Disclosure: Sending data to wrong recipient, public exposure

(f) Security Violations: Witnessing others violate security policies

10.1.2 Reporting timeline:

(a) Immediately: Within 1 hour of discovery

(b) No delays to assess impact or attempt self-remediation

(c) Report even if uncertain whether incident is serious

10.2 Failure to Report

10.2.1 Failure to promptly report security incident:

(a) Aggravates employee's liability

(b) May convert negligent breach to willful breach

(c) Subjects employee to additional penalties

(d) May result in termination

10.2.2 Delayed reporting increases:

(a) Damage and exposure from breach

(b) Cost of remediation

(c) Regulatory penalties

(d) Employee's liability for enhanced damages

10.3 Cooperation with Investigation

10.3.1 During security incident investigation, employee must:

(a) Cooperate fully with IT Security and investigators

(b) Provide complete and truthful information

(c) Turn over devices and access for examination

(d) Not destroy evidence or obstruct investigation

(e) Follow containment instructions from IT Security

10.3.2 Obstruction of investigation = serious misconduct subject to termination.

SECTION 11 - RISK ESCALATION AND COMMUNICATION

11.1 Duty to Escalate Risks

11.1.1 Employees must proactively escalate to management:

(a) Project Risks: Risks threatening project delivery or quality

(b) Resource Constraints: Insufficient time, team, or tools to deliver

(c) Technical Challenges: Technical blockers beyond capability

(d) Client Issues: Client unreasonable demands or changing requirements

(e) Security Concerns: Vulnerabilities or security weaknesses identified

(f) Timeline Slippage: Inability to meet committed deadlines

11.1.2 Timely escalation:

(a) Escalate as soon as risk identified, not when problem materializes

(b) Provide specific details and potential impact

(c) Suggest mitigation options if possible

(d) Follow up until risk is addressed

11.2 Consequences of Failure to Escalate

11.2.1 If employee fails to escalate risks and problems occur:

(a) Employee bears greater liability for outcome

(b) Failure to escalate considered negligence

(c) Company unable to take corrective action due to lack of notice

(d) Employee cannot claim lack of resources as defense if not escalated

SECTION 12 - REMEDIES AND ENFORCEMENT

12.1 Disciplinary Actions

12.1.1 Professional negligence or failure to meet standards may result in:

(a) Performance Improvement Plan (PIP): For correctable performance issues

(b) Written Warning: For moderate negligence or failures

(c) Final Warning: For serious or repeated negligence

(d) Suspension: Pending investigation of serious incidents

(e) Termination: For gross negligence, repeated failures, or willful misconduct

12.1.2 Termination for professional negligence:

(a) Notice period may apply (per employment level)

(b) Payment in lieu may be withheld if misconduct severe

(c) Final settlement adjusted for liabilities and damages

12.2 Financial Recovery

12.2.1 Company may recover costs and damages through:

(a) Salary deduction (within Payment of Wages Act limits - max 50% per month)

(b) Final settlement adjustment

(c) Promissory note for amounts exceeding salary deduction limits

(d) Legal action for recovery after separation

(e) Interest on unpaid amounts

12.2.2 See Financial Accountability & Asset Management Policy for recovery mechanisms.

12.3 Legal Action

12.3.1 Company may pursue legal action for:

(a) Civil suit for damages and breach of contract

(b) Injunctive relief to prevent further harm

(c) Criminal prosecution for willful breaches under IT Act, 2000

(d) Recovery of legal fees and court costs

SECTION 13 - MITIGATION AND DEFENSES

13.1 Factors Reducing Liability

13.1.1 Employee liability may be reduced or eliminated by showing:

(a) Exercise of Reasonable Care: Demonstrated diligence and professionalism

(b) Timely Escalation: Proactively raised risks and issues

(c) Factors Beyond Control: Circumstances outside employee's responsibility or control

(d) Adequate Resources Not Provided: Despite escalation, resources not provided

(e) Management Decisions: Failure due to management direction or decisions

(f) Good Faith Effort: Genuine effort to deliver quality work

13.1.2 Burden on employee to provide evidence of mitigation factors.

13.2 Shared Responsibility

13.2.1 If multiple employees contributed to failure:

(a) Liability apportioned based on each employee's role and fault

(b) Each employee liable only for proportionate share

(c) Joint and several liability not imposed unless all acted in concert

SECTION 14 - EMPLOYEE ACKNOWLEDGMENT

14.1 Acknowledgment of Professional Standards

14.1.1 By accepting employment, employee acknowledges:

(a) Understanding of professional standards expected

(b) Obligation to exercise reasonable care and skill

(c) Accountability for quality of work and meeting commitments

(d) Liability for losses caused by negligence or failure to perform

(e) Duty to escalate risks and issues proactively

(f) Obligation to comply with security policies and procedures

14.2 Consent to Liability

14.2.1 Employee consents to:

(a) Financial liability for client penalties and breach costs within limits of law

(b) Recovery through salary deduction and final settlement adjustment

(c) Disciplinary action including termination for professional negligence

(d) Liquidated damages for willful security breaches

SECTION 15 - CONTACT INFORMATION

15.1 Project Delivery Issues

Project Management Office:
Email: pmo@webreinvent.com
For questions about project accountability

15.2 Security Incidents

IT Security Team:
Email: security@webreinvent.com
Emergency Hotline: To be specified
For immediate security incident reporting

15.3 Policy Questions

Human Resources:
Email: hrd@webreinvent.com