Information Technology

Policy & Procedures Manual

Daily Logs

IT P&P: IT-005
SUBJECT: IT Daily Logs Policy & Procedures
EFFECTIVE DATE: November 30, 2007
VERSION: 1.0
APPROVAL: VP of Information Technology

OBJECTIVE:
To establish a policy and procedures to assure that daily logs related to IT are addressed and resolved in a timely and appropriate
manner and to ensure that management is aware of any problems affecting the production environment.

SCOPE:
This policy defines control measures that the PSC Information Systems personnel must follow to assure that inappropriate activities
or processing logs related to IT are addressed and resolved in a timely and appropriate manner. All systems and applications
relevant to operations for the company are applicable.

RESPONSIBILITY:
IT Application Owners

APPLICABILITY:
This policy applies to all internally and externally manage PSC Information Technology assets and all PSC employees, vendors, and
contractors.

POLICY:
It is understood that following structured guidelines for Daily Logs is essential to ensuring the quality of information systems and the
overall business process, and, ultimately, to the continued operation and success of the business.

The IT Application Owners is the recognized control authority over daily logs. Any issues related to systems or software developed
for or acquired by PSC, whether identified by the end user community, members of the IT department, or third party contractors,
must follow the daily log procedures outlined below.

It is the policy of the IT Application Owners to monitor the IT environment, to identify suspicious and abnormal IT activities, and
resolve all IT related issues in a timely manner as outlined in the response guidelines below. It is the responsibility of the IT
 Information Technology
Policy & Procedures Manual
Daily Logs

Application Owners to ensure that all necessary measures are undertaken to follow these guidelines to assure the consistent and
appropriate delivery of systems and applications that support the business.

PROCEDURES
A security incident response process exists to support timely response and investigation of unauthorized activities. Processing logs
document errors or problems encountered during processing. Information includes descriptions of errors encountered, dates
identified, any codes associated with errors, corrective action taken, and date and time of correction.

Inappropriate activities or processing errors alter data, impacting on reliability of financial reporting.

Processing logs document errors or problems encountered during processing, including unusual or unauthorized activity.
Information includes descriptions of errors encountered, dates identified, any codes associated with errors, corrective action taken,
and date and time of correction.

S:\SOX-Remediation-Project-IT\Problem Management\Processing Logs\Individual Daily Logs by Application

Non-compliance Situations
Risk Acceptance — Non-compliance with these and other information security requirements can result in disciplinary action up to
and including termination. In rare cases, a business case for non-compliance can be established but in all such cases must be
approved in advance by the VP of Information Technology.
Further Information — Questions about this document should be directed to VP of Information Technology.
 Information Technology
Policy & Procedures Manual
Daily Logs

IT Department Contact List

Customer Support Center 1-866-985-2588 or customersupportcenter@pscnow.com

Urgent Notification Group

Name Email Extension

Pamela Rucker prucker@pscnow.com x 7176
Beth Wilcox bwilcox@pscnow.com x 5392
Hassan Hakam hhakam@pscnow.com x 7064
Anthony Akins aakins@pscnow.com x 7042

Application System Leads

APPLICATION Contact Name

Oracle 11i Frank Duke
OMA Tony Akins
Data Warehouse Hassan Hakam
Enterprise Reporting Hassan Hakam
JDE OneWorld Frank Duke
Oracle 10.7 Frank Duke