CORPORATE POLICIES MANUAL

Page 1 of 111
Revised 4.26.2013

PART 1: GENERAL PROVISIONS (REVISED 3/22/00)...................................................................................................5 1.1 PURPOSE AND SCOPE.......................................................................................................................................................5 PART 2: CODE OF BUSINESS CONDUCT (REVISED 05/02/2012)................................................................................6 2.1 DIVERSITY........................................................................................................................................................................6 2.2 EEO RESPONSIBILITY....................................................................................................................................................6 2.3 PRIVACY OF COMMUNICATIONS....................................................................................................................................6 2.4 CONFLICT OF INTEREST..................................................................................................................................................7 2.5 COMPANY FUNDS...........................................................................................................................................................10 2.6 COMPANY PROPERTY (CLARIFIED 4.26.2013)............................................................................................................10 2.7 PROPRIETARY INFORMATION.......................................................................................................................................10 2.8 FIDELITY BOND COVERAGE........................................................................................................................................11 2.9 COMPANY RECORDS....................................................................................................................................................12 2.10 ESPIONAGE AND SABOTAGE.......................................................................................................................................12 2.11 CRIMINAL CHARGES AND CONVICTIONS..................................................................................................................12 2.12 CUSTOMER RELATIONS..............................................................................................................................................13 2.13 PERSONAL CONDUCT.................................................................................................................................................13 2.14 DRUGS AND ALCOHOL...............................................................................................................................................13 2.15 WORK TIME................................................................................................................................................................14 2.16 COMPUTER SYSTEMS.................................................................................................................................................14 2.17 SAFETY........................................................................................................................................................................14 2.18 POLITICAL CONTRIBUTIONS......................................................................................................................................15 2.19 COMPLIANCE WITH THE LAW AND FAIR COMPETITION.........................................................................................15 2.20 FOREIGN CORRUPT PRACTICES ACT........................................................................................................................16 2.21 WEAPONS.....................................................................................................................................................................17 2.23 CONCLUSION................................................................................................................................................................18 3.1 PURPOSE AND SCOPE.....................................................................................................................................................19 3.2 DEFINITIONS.................................................................................................................................................................19 3.3 TRADE SECRET RESPONSIBILITY................................................................................................................................20 3.4 TRADE SECRET OVERVIEW.........................................................................................................................................20 3.5 DOCUMENT CONTROL..................................................................................................................................................23 3.6 PROPER MARKING OF DOCUMENTS............................................................................................................................24 3.7 COPIES OF COMPANY DOCUMENTS............................................................................................................................24 3.8 CONFIDENTIALITY AGREEMENTS................................................................................................................................25 3.9 REVIEW OF PUBLISHED WORKS..................................................................................................................................25 3.10 MEDIA GUIDELINES.....................................................................................................................................................26 3.11 VISITORS' ACCESS TO COMPANY FACILITIES..........................................................................................................27 3.12 USE OF CONSULTANTS...............................................................................................................................................27 3.13 ELECTRONIC MAIL.....................................................................................................................................................27 SCHEDULE A CONFIDENTIALITY AGREEMENT.............................................................................................................29 SCHEDULE B CONSULTANT CONFIDENTIALITY AGREEMENT................................................................................32 EXHIBIT A............................................................................................................................................................................35 EMPLOYEE CONFIDENTIALITY AGREEMENT...................................................................................................35 PART 4: ANTI-HARASSMENT POLICY (REVISED 03/17/2010).................................................................................36 PART 5: EQUAL EMPLOYMENT OPPORTUNITY AND AFFIRMATIVE ACTION POLICY (REVISED 04/26/2013)...............................................................................................................................................................................38 PART 6: ANTITRUST COMPLIANCE POLICY (REVISED 3/22/00)...........................................................................39 6.1 GENERAL........................................................................................................................................................................39 6.2 OVERVIEW.....................................................................................................................................................................39 6.3 APPLICATION OF THE ANTITRUST LAWS.....................................................................................................................41 6.4 EXAMPLES.....................................................................................................................................................................45 Page 2 of 111
Revised 4.26.2013

PART 7: COPYRIGHT POLICY (REVISED 3/22/00)......................................................................................................47 7.1 GENERAL .......................................................................................................................................................................47 7.2 COPYRIGHT RESPONSIBILITY.......................................................................................................................................49 7.3 FORM OF COPYRIGHT NOTICE ....................................................................................................................................49 7.4 LOCATION OF COPYRIGHT NOTICE ............................................................................................................................49 7.5 OUTSOURCING OF CREATIVE WORKS- WORK FOR HIRE DOCTRINE.......................................................................50 7.6 INTERNAL PHOTOCOPYING OF COPYRIGHTED MATERIAL........................................................................................51 PART 8: TRADEMARK AND SERVICE MARK POLICY (REVISED 3/22/00).........................................................54 8.1 INTRODUCTION..............................................................................................................................................................54 8.2 DEFINITION OF TRADEMARKS AND SERVICE MARKS.................................................................................................54 8.3 IMPORTANCE OF PROPER USE OF CINCINNATI BELL MARKS...................................................................................54 8.4 USE STANDARDS............................................................................................................................................................55 8.5 MONITORING CINCINNATI BELL MARKS....................................................................................................................56 8.6 CREATION OF NEW TRADEMARKS...............................................................................................................................57 8.7 PACKAGING, LABELS, AND ADVERTISING AND PROMOTIONAL MATERIALS............................................................57 8.8 USE OF CINCINNATI BELL MARKS ON OR IN CONNECTION WITH NON-CINCINNATI BELL PRODUCTS OR SERVICES .............................................................................................................................................................58 PART 9: INSIDER TRADING POLICY (REVISED 03/17/2010)...................................................................................60 9.1 INTRODUCTION..............................................................................................................................................................60 9.2 THE POLICY...................................................................................................................................................................60 9.3 DEFINITIONS..................................................................................................................................................................61 9.4 THE CONSEQUENCES.....................................................................................................................................................62 9.5 A WORD OF CAUTION...................................................................................................................................................63 9.6 QUESTIONS AND ANSWERS...........................................................................................................................................63 9.7 SUPPLEMENTAL TRADING RESTRICTIONS AND REPORTING REQUIREMENTS FOR BOARD OF DIRECTORS AND OFFICERS DESIGNATED AS 16(B) INSIDERS.......................................................................................................64 PART 9A: POLICY STATEMENT ON THE RELEASE OF COMPANY INFORMATION TO THE PUBLIC (REVISED 4/1/04)...................................................................................................................................................................67 PART 10: SECURITY POLICY (REVISED 3/22/00)........................................................................................................69 10.1 GENERAL.....................................................................................................................................................................69 10.2 PROVIDING EMPLOYEE ACCESS.................................................................................................................................69 10.3 PROVIDING VISITOR ACCESS......................................................................................................................................69 10.4 CLEAN DESK POLICY..................................................................................................................................................69 PART 11: CINCINNATI BELL COMPUTER & ENTERPRISE NETWORK SECURITY POLICY (REVISED 08/02/2010)...............................................................................................................................................................................70 11.1 SCOPE & OVERVIEW...................................................................................................................................................70 11.3 ELECTRONIC MAIL......................................................................................................................................................84 11.4 WIRELESS CONNECTIVITY..........................................................................................................................................87 PART 12: CPNI POLICY (REVISED 3/22/00)..................................................................................................................94 12.1 GENERAL ....................................................................................................................................................................94 12.2 DEFINITIONS................................................................................................................................................................94 12.3 POLICY REGARDING CARRIER INFORMATION..........................................................................................................94 12.4 POLICY REGARDING CPNI .......................................................................................................................................95 12.5 DISCLOSURE OF CPNI TO OTHERS ...........................................................................................................................95 12.6 EXCEPTIONS TO CPNI POLICY .................................................................................................................................95 PART 13: RECORDS RETENTION POLICY (REVISED 09/01/2010).........................................................................96 13.1 PURPOSE.......................................................................................................................................................................96 13.2 POLICY.........................................................................................................................................................................96 13.3 DEFINITIONS................................................................................................................................................................96 13.4 RETENTION PERIOD....................................................................................................................................................97 Page 3 of 111
Revised 4.26.2013

13.5 RECORDS SCREENING.................................................................................................................................................98 13.6 RECORDS STORAGE.....................................................................................................................................................98 13.7 REVIEW AND PURGING OF FILES...............................................................................................................................99 13.8 DESTRUCTION OF RECORDS.....................................................................................................................................100 13.9 COMPLIANCE.............................................................................................................................................................100 13.10 SUSPENSION OF RECORDS RETENTION POLICY....................................................................................................100 13.11 SHARING COMPANY RECORDS...............................................................................................................................100 14.1 RECEIPT AND DISPOSITION OF LEGAL DOCUMENTS .............................................................................................107 14.2 POLICY FOR PROCESSING COURT ORDERED WIRE TAP REQUESTS.....................................................................107 PART 15: PERSONALLY IDENTIFIABLE INFORMATION PROTECTION POLICY (6/11/09)........................108 15.1 PURPOSE AND SCOPE.................................................................................................................................................108 15.2 DEFINITIONS..............................................................................................................................................................108 15.6 DESTRUCTION OF DOCUMENTS AND RECORDS CONTAINING PERSONALLY IDENTIFIABLE INFORMATION.......111

Page 4 of 111
Revised 4.26.2013

PART 1: GENERAL PROVISIONS (revised 3/22/00) 1.1 Purpose and Scope

1.1.1 The purpose of this Corporate Policies Manual is to set forth in one location the various generally-applicable policies and procedures governing the conduct of all employees of Cincinnati Bell Inc. and its subsidiaries and affiliates (hereinafter referred to as Cincinnati Bell or Company unless otherwise indicated). While not meant to be totally comprehensive, this Corporate Policies Manual covers many of the policies and procedures affecting Company employees on a day-to-day basis. 1.1.2 It is the responsibility of every Cincinnati Bell employee to know and adhere to the policies and procedures set forth in this Corporate Policies Manual. Any employee who violates any of the policies or procedures contained herein is subject to disciplinary action up to and including immediate termination of employment. 1.1.3 Certain of the policies set forth in this Corporate Policies Manual (e.g. Trade Secret Policy) also impose obligations on the various consultants and vendors retained by the Company in the course of conducting its business. Any consultant or vendor who breaches any obligation imposed by the Company's policies (or any obligation imposed by a confidentiality agreement executed pursuant to the Company's policies) may be subject to immediate legal action by the Company. 1.1.4 Any suggested revisions or additions to the policies contained in the Corporate Policies Manual should be directed to the Office of the General Counsel.

Page 5 of 111

PART 2: CODE OF BUSINESS CONDUCT (revised 05/02/2012) 2.1 Diversity

The Company is committed to creating and maintaining a work environment that supports, promotes and encourages diversity. In this regard, the Company embraces diversity in all aspects of its operations and expects each employee to embrace diversity as well. In keeping with its commitment to promote a diverse work environment, Cincinnati Bell promotes respect for individual differences and views, and equal opportunity for all .

2.2

EEO Responsibility

It is the Companys policy to provide equal employment opportunity to all employees and applicants for employment. No employee or applicant will be discriminated against or be subject to discrimination on the basis of race, religion, color, creed, national origin, age, sex, or disability which can be reasonably accommodated. Equal employment opportunity applies to all personnel actions including wages, promotions, benefits, transfers and terminations. Freedom from discrimination includes freedom from sexual harassment. The Company prohibits sexual harassment of its employees. Harassment can take many forms, including spoken remarks, physical contact or visual displays of offensive or inappropriate material. No employee is required to tolerate or submit to sexual advances as a condition of employment. For a more complete discussion on the Companys EEO policies and procedure, employees should refer to the Companys written policy contained in this Corporate Policies Manual under Part 5: Equal Employment Opportunity and Affirmative Action. Employees who have complaints of discrimination or sexual harassment should report such conduct to their supervisors, any Human Resources Manager, the Director of Employee Relations or any officer of the Company. If that is not appropriate, employees are urged to seek the assistance of the Vice President of Human Resources. Additionally, supervisors and managers are required to report complaints to the appropriate Human Resources Manager or the Director of Employee Relations. Prohibited or improper conduct will result in prompt disciplinary action, up to and including dismissal.

2.3

Privacy of Communications

Federal and state laws prohibit, under severe criminal penalties, all wiretapping, eavesdropping, or interception of telephone and data communications, and prohibit divulging or using any intercepted communications, except where a communications company is authorized to do so as necessary to rendering service or protecting the rights and property of the Company. Assuring privacy of communications is a fundamental obligation of our business. Therefore, no employee of Cincinnati Bell or any of its subsidiaries or affiliates shall engage in, cause, or permit any unauthorized intrusion into the secrecy or privacy of communications, or furnish to anyone any advice, assistance, or equipment for use in connection with any eavesdropping or the interception of telephone or data communications. Any employee with knowledge concerning any such unauthorized intrusion shall report it to the Director - Security or other appropriate management official.
Page 6 of 111

No person employed by Cincinnati Bell shall listen to any conversation between customers or reveal to anyone the substance, content, or nature of any telephone or data communication or conversation, or reveal any record or information that there has been a conversation or communication, or shall tamper with or intrude upon the transmission of information, either by voice, data, or other non-voice communication unless such conduct is specifically approved in advance by a Company official legally authorized to do so. If a law enforcement authority, governmental official, or anyone else asks for information which must be kept private because of the law or Company regulations, immediately refer their request through proper channels to the Office of the General Counsel. Our obligation to protect and assure the secrecy and privacy of communications is so important that strict compliance is a condition of employment. This obligation includes the obligation to safeguard Company computer systems and the data they contain, as described in Sections 2.6 (Company Property), 2.9 (Company Records), 2.16 (Computer Systems), 3.4.6 (Destruction of Documents Containing Trade Secret and Confidential Information ), and 15.6 (Destruction of Documents and Records Containing Personally Identifiable Information .)

2.4

Conflict of Interest

All Cincinnati Bell employees have a duty to the company, co-workers, shareholders, and the public to place the responsibilities of their position, and adherence to principles of ethical conduct, above personal gain. This duty includes avoiding situations in business relationships and in personal/community activities that create or may create a conflict of interest. Additionally, this duty includes avoiding situations that may create the mere appearance of a conflict of interest. A conflict of interest may take many forms. It exists where: an employees ability to exercise independent judgment and/or make objective decisions is compromised or presents the appearance of being compromised; an employees relationship to an outside organization conflicts with the independent performance of his/her duties, or with the mission, goals and objectives of Cincinnati Bell; an employees influence in awarding business to a third party could lead directly or indirectlyto financial gain for the employee or for a member of his/her family; an employees decisions and/or influence give improper advantage to certain parties, to the possible detriment of the Company; and/or an employees acceptance of gifts or other gratuity impairs his/her ability to make decisions that are impartial, objective, and in the best interests of Cincinnati Bell and its subsidiaries.

Page 7 of 111

With this in mind, Cincinnati Bell has established the following guidelines regarding employee conduct and conflict of interest. Suppliers/Vendors Our policy concerning Cincinnati Bell suppliers is to award business solely on the basis of merit. To that end, employees shall act in an impartial, objective manner, mindful of the best interests of the Company, in any decisions involving the awarding of business to third parties and in all transactions with third parties. No employee shall have a financial, business, personal or familial relationship with any entity (including suppliers, vendors or contractors) that may impair, or even appear to impair, his/her independence of judgment in awarding business on behalf of the Company. Similarly, no employee shall have a financial, business, personal or familial relationship with any such entity that leads, or could lead, to financial gain for the employee or for a member of his/her family. Employees must exercise due diligence in the vendor selection process and in the implementation of any resulting contract. Documentation of contractual terms and conditions shall be documented and easily accessible. Contracts shall receive appropriate management/executive review prior to approval, and shall be executed at the appropriate authority level, taking into account the duration and dollar value of the contract. Employees shall exercise care in all negotiations so that they do not knowingly make unauthorized commitments or promises that may bind the Company. Gifts/Gratuities Employees must not solicit or accept from any outside entity any gifts, loans, other compensation, or unusual hospitality that could either influence or compromise their independent judgment on behalf of Cincinnati Bell. Neither must employees solicit or accept from any outside entity any gifts, compensation or unusual hospitality that could lead an outside entity to reasonably believe that the gift is intended to incur favorable treatment. It is generally permissible to accept a business meal or nominal item that is customary in business relationships, as long as the item does not exceed $100 in value and would not place into question the independent judgment of the employee, as outlined above. Outside Employment/Competitors Employees shall not engage in outside employment or activities that conflict or appear to conflict with the duties and responsibilities of their positions at Cincinnati Bell. This would generally include working for a competitor, vendor, contractor or supplier. Similarly, employees shall not engage in outside employment or activities where such employment or activities may place them in a position of direct competition with the products and services of the Company.
Page 8 of 111

Customers Our relationships with customers must reflect Cincinnati Bells standards of service excellence and integrity. For this reason, employees shall not solicit the Companys customers for any purpose not associated with the official duties and responsibilities of their positions. Examples of Potential Conflict of Interest: 1. Joe has received competitive bids for office supplies from three companies. Before a vendor is selected, one of the companies offers Joe a gifta weekend getaway for two to a resort in another state. Joe accepts the offer. 2. Sue needs to replace the current contract housekeeping service at her company. Her sisters boyfriend, Stan, owns his own commercial building cleaning firm. Stan offers the company a really good discount if Sue selects his cleaning firm to do the work. Sue accepts. 3. Tim works full-time as a marketing manager at ABC Company, a manufacturer of personal computers. Recently, Tim accepted a part-time night job, answering customer calls for technical assistance with their personal computers, manufactured by XYZ Company. 4. In an effort to save money, Cathy asks several companies for bids on the companys temporary help contract. Although Acme Temporaries does not submit the least expensive bid, Cathy decides to hire Acme because her husband, who is a manager there, says, its the best. 5. Jacks manager asks him to hire a team of contract Accountants for an important 90-day project. Jack contacts APlus and asks them for some contract accountant candidates. Among the five APlus accountants whom Jack chooses for the project are his sister and brother. These are only a few examples of situations in which there may be a potential conflict of interest, or, at a minimum, the appearance of a conflict of interest. While this policy cannot anticipate nor include every potential situation in which a conflict of interest may exist, the examples above provide some guidelines for employees. Using good judgment and common sense can effectively eliminate a potential conflict of interest in most situations. Additionally, if an employee is uncertain about a particular situation, it may be helpful for him/her to consider it in light of the following question: How would these circumstances be viewed from the perspective of a reasonable person who is not involved in the situation? If an employee is in doubt about a conflict of interest situation, or observes what he/she believes may be a potential conflict of interest, the employee should immediately contact the General Counsel or a Human Resources Manager. These staff members will assist in gathering and evaluating facts, so that a determination may be made as to whether
Page 9 of 111

a conflict of interest exists, the extent of the conflict of interest, and how best to eliminate it. Employees may also anonymously report a potential conflict of interest by calling 1-866ETHICSP (384-4277) or through the EthicsPoint website at www.ethicspoint.com.

2.5

Company Funds

Each employee is personally accountable for Company funds over which he or she has control. Anyone spending Company money, or personal money that will be reimbursed, should always be sure the Company receives good value in return. Anyone approving or certifying the correctness of a voucher or bill should have reasonably certain knowledge that the purchases and amounts are proper. Anyone responsible for the handling of Company revenues, as well as associated records and materials, is accountable for their safekeeping. In addition to cash, these include, but are not limited to, checks and money orders and items such as credit cards, and data stored on any medium, whether it be electronic, magnetic, or photographic. These matters are covered in detail by Company policies and procedures, which must be followed strictly. If you have any questions about the appropriate use of Company funds, talk with your supervisor or a Company official with authority regarding the use of funds.

2.6

Company Property (clarified 4.26.2013)

Protection of Company property and services is vital to our business. How well we prevent theft and intentional, fraudulent or negligent misuse of Company property, affects the rates our customers pay for service and our Company's earnings. Each employee has a duty to the Company, customers and coworkers to protect Company property from theft, loss, destruction and misuse. Company property, including, but not limited to, tools, equipment, supplies and electronic devices such as laptops, wireless telephones, PDAs, or portable electronic storage devices such as USB drives, shall not be used for personal benefit or any other improper purpose. It shall not be sold, loaned, given away, or otherwise disposed of, regardless of condition or value, except with proper authorization. This means that you are expected to treat such Company tools and equipment as you would treat your wallet, purse and other personal valuables. In other words, employ reasonable safeguards to protect such tools and equipment whenever they are in your possession or control. For example, always store them in a locked location when not in use, never leave them visible in a parked vehicle, never leave them in an unlocked and unattended vehicle (even when parked in your driveway or garage) and never leave them unattended at a customer or any other location.

2.7

Proprietary Information

Much information developed by Cincinnati Bell or received from other organizations is proprietary and is to be disclosed and used solely for the purposes for which it was developed or received. Disclosure of such information to unauthorized persons is forbidden, not only because such information is a valuable business asset that must be protected, but
Page 10 of 111

also because unauthorized disclosure, even within the Company, could give an unfair advantage to us or to our competitors or could cause the Company to incur severe penalties. As our Company enters into new contractual relationships, specific restrictions will be imposed on our use and dissemination of information both internally and externally. Specifically, employees must obtain proper approvals prior to releasing any information of a confidential or proprietary nature internally to fellow employees as well as to others outside of the Company. Safeguarding Cincinnati Bells proprietary and confidential information is one of the most important obligations each of us has as an employee of Cincinnati Bell. Proprietary information includes, but is not restricted to, trade secrets, Customer Proprietary Network Information (CPNI) (see Corporate Policies Manual Section 12 for specific CPNI policies) and various kinds of confidential or private technical, financial, and business information. It includes records, practices, letters, plans, drawings, manuals, and computer programs, including software and all related materials. Information concerning, but not limited to, equipment, new development projects, marketing plans, rate and cost data, circuit layouts, service restoration plans, non-published telephone numbers, daily agenda, personnel data, etc., is also considered proprietary information. Access to proprietary information is limited to those having a "need to know" and a "right to use". Any disclosure to others, or the receipt of the proprietary information from others, must be in accordance with Company policies. An employee's first duty of loyalty in business matters is to Cincinnati Bell. Disclosures, whether they are intentional or inadvertent, may harm the Company if they are made to unauthorized persons within or outside of the Company. This includes an immediate family member who is working for a competitor, supplier, or engaging in self-employment which is competitive with Cincinnati Bell. At the end of your employment with Cincinnati Bell, you must return to the Company all documents and records containing proprietary and confidential information. Even after you leave, you have a continuing obligation to safeguard such information. Questions concerning the use or disclosure of proprietary information or classified national security information must be promptly referred through proper channels to the Office of the General Counsel.

2.8

Fidelity Bond Coverage

All employees of Cincinnati Bell are covered by a fidelity bond which protects the Company against losses of money or property resulting from dishonest employee acts. It does not relieve an employee from personal liability, criminal prosecution, or discharge. Discovery of a fraudulent act related to a persons employment or job responsibilities on or off the job - may result in coverage of the employee being canceled. The bonding company requires that it be promptly notified of all known or suspected fraudulent or dishonest acts - whether committed prior to or during employment with the Company - even when no loss is involved or claim made.
Page 11 of 111

2.9

Company Records

Company business records must always be prepared accurately and reliably. They are of critical importance in meeting our financial, legal, and business obligations. All reports, vouchers, bills, employment and payroll records, service records, measurement and performance records, and other essential data must be prepared with care and honesty. Service and cost performance measurements, for example, are key to the successful management of the business. Upon them are based the allocation of resources, assignment of personnel and implementation of special action programs. A false or misleading report or record of measurement data is considered as serious as falsifying vouchers, financial data or records pertaining to Company funds or property. Records containing personal data or credit information about customers and employees are confidential. They must be carefully safeguarded and kept current, relevant, and accurate. They should be disclosed only to authorized personnel or in accordance with lawful process. For the Companys policy on records retention, please refer to Part 13: Records Retention Policy of this Corporate Policies Manual. Certain Company accounts are maintained for specified periods of time according to the rules of governmental agencies. Other records and documents may have to be retained in connection with court and regulatory proceedings, or for other business purposes. Therefore, records are to be destroyed only in accordance with authorized Company procedures.

2.10 Espionage and Sabotage

It is essential to prevent disclosure of any Company information that could be of value to saboteurs and espionage agents. Such information includes, but is not limited to, security procedures, location of physical plant facilities, circuit layout information, emergency rerouting and service restoration procedures, and classified national security information. As mentioned in the section on Proprietary Information, access to classified national security information is restricted to those having proper government clearance and a "need to know." Any attempt by an unauthorized person to obtain sensitive information or gain access to secured Company locations must be reported at once through proper channels to the Director-Security or other appropriate management official.

2.11 Criminal Charges and Convictions

Personnel actions involving employees accused of crimes will be treated on an individual basis, taking into account the nature and seriousness of the crime and other factors. Employees incarcerated or whose activities otherwise are restricted following arrest continue to be subject to the applicable attendance policy. Depending on the circumstances an employee who has been arrested or charged with a crime may be suspended pending resolution of the criminal proceedings or may be dismissed based on the Companys investigation. When an employee commits an offense that is related to employment duties, or is convicted of a crime of such a nature that the conviction adversely affects the employment
Page 12 of 111

relationship, the employee may be subject to disciplinary action up to and including dismissal. The Employees is required to immediately notify Human Resources or his/her immediate supervisor when he/she is arrested or becomes the subject of an arrest warrant or indictment/information. Failure to comply with this notice requirement subjects the Employee to disciplinary action up to and including dismissal.

2.12 Customer Relations

Each employee is a personal representative of the Company and each employee's conduct in contacts with customers will affect the customer's opinion of the Company. Thus, in all customer contacts (in person or by telephone) an employee's conduct must be the same as the employee would expect and desire were he or she in the customer's situation. Whenever an employee of our Company is on a customer's premises performing Company business, care of the highest degree must be exercised to avoid any act which could discredit the employee, fellow employees, or the Company in the eyes of the customer or the general public we serve. In addition, any proprietary information which an employee may receive, whether in verbal or written form from a customer or potential customer, should be safeguarded as we would safeguard our own Company information.

2.13 Personal Conduct

Employees are expected to be suitably dressed and groomed in good taste as indicated by their particular work situations and in a manner the Company considers to be acceptable for our business organization. In addition, employees are expected to conduct themselves in a professional manner. If an employees course of personal conduct reflects negatively upon the Companys reputation in the community, or impairs the work performance of the employee or the employee's co-workers, the employee may be subject to disciplinary action up to and including dismissal.

2.14 Drugs and Alcohol

It is everyones responsibility to maintain a safe, productive and healthy work environment and to be fully aware of the Company's position on drug and alcohol abuse. Employees must not engage in any of the following conduct: Illegal possession, manufacture, distribution, transportation, use, sale, purchase or transfer of controlled substances or illegal drugs. Driving a company vehicle while under the influence of drugs or alcohol. Being at work under the influence of alcohol, drugs or controlled substances. Employees who engage in such conduct will be subject to disciplinary action up to and including dismissal and to criminal prosecution, where applicable.
Page 13 of 111

Certain drug or alcohol-related behavior by employees may also result in discipline even if it occurs off Company premises and/or off Company time. Employees who have medical/behavioral problems related to controlled-substances, illegal-drug and/or alcohol abuse are encouraged to avail themselves of the Employee Assistance Program (EAP). Employees are referred to the Company's policy on drug and alcohol abuse. For further information please contact the Medical Office on 513-397-1000 or Anthem EAP at 1800-864-1044 or on-line at www.AnthemEAP.com.

2.15 Work Time

Personal responsibility isn't only a matter of honesty with Company funds and property; it is a matter of being honest with minutes and hours, as well as property. It means doing a conscientious day's work for a day's pay, which includes keeping absences to a minimum, coming in on time, recording time accurately, and restricting personal telephone calls, conversations and time-wasting, during working time. Our Company and our customers both suffer unless we accept the personal responsibility for the proper use of work time.

2.16 Computer Systems

Computer systems are essential for the daily operations of Cincinnati Bell. They help provide communications services to customers, maintain records of Company activities, assets and revenues, and process information necessary for internal operations. Accordingly, it is imperative that the hardware, software, and data processed by computers and stored in them and elsewhere be adequately safeguarded against damage, alteration, theft, improper use and fraudulent manipulation, and that unauthorized access to, and disclosure of, Company and customer information be prevented. Though information processed and stored in a computer may appear to be intangible, this does not lessen the need for all employees to protect such information. Each employee, therefore, must adhere strictly to the specific security measures and internal controls that have been established for safeguarding the integrity and validity of computer systems, whether that of the Company or its customers. These may vary, however, depending on the characteristics of a particular system, the sensitivity of its data files, and its importance to the Company's business. Violations or suspected violations of computer security measures or controls should be reported at once to the Director- Security or other appropriate management official.

2.17 Safety
The Company has a responsibility to provide a work environment in which safe operations can be achieved in accomplishing all phases of work. Employees have a responsibility to exercise care and to perform work operations in accordance with the Company's safety rules and regulations. Employees who do not exercise care or who violate safety practices pose a threat not only to themselves, but also to other employees and the public.
Page 14 of 111

Employees whose driver's licenses have been suspended may not operate any vehicle for Company business, whether or not work driving privileges have been granted outside of the Company by state or local government authorities, unless approved in writing by a case review committee ordinarily consisting of representatives from Health Services and Employee Relations... This committee may impose additional conditions before granting Company driving privileges. In using Company vehicles or vehicles rented or used for Company purposes, safe driving practices and all traffic laws are to be observed. Under no circumstances is such a vehicle to be operated while the driver is under the influence of alcohol, drugs, or controlled substances. Also, in our work on customer premises or on streets, alleys and highways, we are to show respect for the rights and safety of the public.

2.18 Political Contributions

The Company encourages you to actively participate personally in the political process. Except in certain limited situations, however, federal law and the laws of most states prohibit corporate contributions to political parties or candidates. In this regard, the Company has adopted three basic tenets to our Company's policy regarding political contributions: The use of corporate funds for the support of political parties or political candidates is absolutely forbidden, except where specifically allowed by state or federal law. Any pressure, expressed, or implied, which infringes upon the right of any employee to decide whether, to whom, or in what amount he or she will make a political contribution, is equally forbidden. The Company seeks the resolution of regulatory and political issues affecting its interest solely on the basis of the merits involved. The Company seeks only the opportunity to state its views openly and frankly.

2.19 Compliance with the Law and Fair Competition

It is the Company's policy to comply fully with the law, including the antitrust laws as they apply to us. We should avoid even the appearance of wrongdoing and, at all times, should conduct our business according to the highest ethical standards. We should compete solely on the merits of our products and services, as well as our ability to service what we offer, and not engage in any form of unfair competition. Under no circumstances should an employee agree with a competitor to restrict competition by fixing prices, allocating markets or other means. Employees should not arbitrarily refuse to deal with others, nor should they decline to purchase goods or service from others simply because they are competitors in other respects (see Part 9 for the Companys Antitrust Policy). Furthermore, we will not condone the use of competitors' or other third parties' confidential information obtained during past employment or which has been obtained, directly or indirectly, by improper means such as misappropriating confidential information,
Page 15 of 111

bribing, contacting a competitor's employees, or misrepresenting the fact that you are an employee of a competitor. If consultants are retained by the Company to gather competitive information, the same rules would apply. Some additional guidelines for employees are: Do not disparage a competitor's products or services. Be accurate and truthful in all dealings with customers and be careful not to misrepresent the quality, features, or availability of our products or services. Do not interfere with a contract made between a prospective customer and a supplier competing with us. Never engage in industrial espionage or commercial bribery.

Besides being responsible for their actions toward others, employees are obliged to retain certain documents that they create or receive. Each employee must strictly observe Record Retention Guidelines. The application of the laws of fair competition is complex and sometimes ambiguous. When questions arise, consult the Office of the General Counsel. In record retention matters, resolve any doubts by conferring with the Records Retention Manager designated by the Vice President for your Business or Resource Unit or the Office of the General Counsel.

2.20 Foreign Corrupt Practices Act

Although this law makes it illegal to obtain or retain business through payments to improperly influence foreign officials and governments, it is not limited to businesses operating abroad, or to the making of illegal foreign payments. It contains, in fact, significant internal accounting control and record-keeping requirements that apply to all of our operations. Specifically, the law requires that the Company's books and records accurately and fairly reflect transactions in reasonable detail, and that the Company's internal accounting controls provide reasonable assurances that: Transactions are carried out in an authorized manner. Transactions have been reported and recorded to permit correct preparation of financial statements, and to maintain accurate records of assets. Access to assets is in accordance with management's authorization. Inventories of assets are taken periodically, and appropriate action taken to correct discrepancies.
Page 16 of 111

As a result, all employees are responsible for following Company procedures for carrying out and reporting business transactions, including appropriate schedules of authorization controls. Violations of this law can result in fines and imprisonment, or both, for individual employees, and penalties against the Company. Any questions on interpreting this law, or on the adequacy of the Company's internal accounting controls, should be referred to the Accounting Department or the Office of the General Counsel.

2.21 Weapons
All firearms and/or weapons of any kind are prohibited in the workplace including, but not limited to Company premises, customer premises, and Company vehicles. Employees also are prohibited from possessing a firearm or a weapon of any kind while on Company business. Employees who violate this policy are subject to disciplinary action up to and including dismissal. Questions regarding this policy may be directed to the Director Employee/Labor Relations and Recruiting.

2.22 Fraud
The Company is committed to creating and maintaining a work environment that supports, promotes and encourages professionalism and integrity. Fraudulent behavior is inconsistent with these principles and in some cases, may be a criminal offense. Consequently, fraud and attempted fraud are strictly prohibited. Fraud involves (i) deceit, (ii) theft by deception, or (iii) the intentional perversion or misrepresentation of the truth to induce another to part with something of value, to obtain some benefit, for oneself or another or to cause some detriment to another. Attempted fraud is any attempt to engage in any of the above-described behaviors or to produce a fraudulent result. Examples of conduct the Company regards as fraudulent include but are not limited to (a) theft or attempted theft; (b) any falsification of sales or customer information; (c) the misuse or attempted misuse of any Company equipment, system, computer, computer system or computer network; (d) abuse or misuse of leave time including but not limited to (i) seeking or using STD, FML or sick time for purposes unrelated to illness and/or based upon false, incomplete or other misleading information, (ii) seeking or continuing STD leave when able to perform some or all of the duties of the employees regular position or a restricted duty assignment without first obtaining a determination from Health Services or Employee Relations that suitable work is not available, or (iii) engaging in conduct inconsistent with an inability to perform regular or restricted duty. assignment during any period covered by an approved STD leave or an application for STD leave (e.g. working, attending school, classes, sporting, entertainment or recreational events, participating in recreational or sporting activities, visiting night clubs or bars, engaging in physical altercations; engaging in criminal conduct); (e) misrepresenting residence of or relationship to another to enable him/her to obtain medical or other benefit coverage through or from the Company; and (f) adjusting personal Cincinnati Bell accounts or those of relatives or friends. Though not an exhaustive list, these examples describe types of
Page 17 of 111

conduct to be avoided. An employee who violates this policy is subject to disciplinary action up to and including immediate dismissal.

2.23 Conclusion
This policy reaffirms the importance of high standards of business conduct. Adherence to these standards by everyone is the only sure way the Company can continue to merit the confidence and support of the public. As a summary of basic principles, this policy does not include all the rules and regulations that apply to every situation. Its contents have to be viewed within the framework of Company policies, practices, and instructions, and the requirements of the law. Employees should report violations or suspected violations of this policy to their supervisor, or to the Office of the General Counsel. Also, no one can justify an illegal act by saying it was directed by someone in higher management, and no one is ever authorized by the Company to commit such an act or to direct an employee to commit such an act. Each employee, alone, is accountable for his or her actions. For each, integrity is a personal responsibility. Breaches of the principles contained in this policy are grounds for disciplinary action up to and including dismissal, and may carry penalties under federal and state laws. Any reprisal against an employee because the employee in good faith reported a violation or suspected violation is strictly forbidden.

Page 18 of 111

PART 3: TRADE SECRET POLICY (revised 3/22/00) 3.1 Purpose and Scope

3.1.1 Cincinnati Bell has made a large investment in the development of Trade Secrets and other valuable Confidential Information. The continued success of Cincinnati Bell is dependent upon the successful commercial development of its Trade Secrets and Confidential Information. The Purpose of this Trade Secret Policy is to ensure that these valuable assets are protected and preserved. 3.1.2 The objective of the Trade Secret Policy is to describe Cincinnati Bells standards and procedures regarding the classification and protection of its Trade Secrets and Confidential Information. It is Cincinnati Bells policy that its Trade Secrets and Confidential Information be defined, described, identified, designated, marked and protected in accordance with the criteria and procedures set forth herein. 3.1.3 This Trade Secret policy applies to all Trade Secrets and Confidential Information developed by Cincinnati Bell and by contractors when produced under development contract for Cincinnati Bell where, as a result of the development contract, Cincinnati Bell obtains ownership rights in or exclusive distribution rights to information. This Trade Secret Policy applies to all processes, employees, vendors, and consultants having access to Trade Secret information. This Trade Secret Policy also applies to the use or disclosure of Customer Proprietary Network Information (CPNI), and/or the proprietary information of other telecommunications carriers. See Part 12 of the Corporate Policies Manual for specific policies relative to CPNI.

3.2

Definitions

3.2.1 Confidential Information means any nonpublic information of a confidential nature which is not included under the definition of Trade Secret and which Cincinnati Bell desires or is required by law or agreement to treat as confidential. For example, certain information Cincinnati Bell receives from other carriers in the course of conducting its business is highly confidential and proprietary to those other carriers. While such information is not Cincinnati Bell Trade Secret information, Cincinnati Bell is still often required by law or agreement to protect it from public disclosure. Other examples of Confidential Information include customer data and Cincinnati Bell employees health information. 3.2.2 Published Works are works distributed to the public by sale, or other transfer of ownership. This also includes works distributed to the public by rental, lease or lending, but does not include works licensed under any Cincinnati Bell license agreements, or other Cincinnati Bell agreements which contain retention of ownership and confidentiality provisions. 3.2.3 Trade Secret is any formula, pattern, device or compilation of information developed by or on behalf of Cincinnati Bell which is used in Cincinnati Bells business, and which gives Cincinnati Bell an opportunity to obtain an advantage over competitors who do not know or use it. The term Trade Secret includes, but is not limited to: (i) computer
Page 19 of 111

software developed by or on behalf of Cincinnati Bell; (ii) customer lists, prospect lists, employee lists or like information; (iii) all business plans, working papers, marketing plans, pro formas and analyses pertaining to Cincinnati Bells operations, past, present and future; (iv) all financial data and related reports; (v) all information designated as Trade Secret information in accordance with the criteria and procedures set forth herein. 3.2.4 Unpublished Works are works distributed to third parties under Cincinnati Bell license agreements, or other Cincinnati Bell agreements which contain retention of ownership and confidentiality provisions.

3.3

Trade Secret Responsibility

3.3.1 The General Counsel shall have final responsibility and authority for determining which information shall be considered Trade Secrets and/or Confidential Information in accordance with the procedures set forth herein. 3.3.2 In the event of a breach or threatened breach of a confidentiality agreement or the disclosure or threatened disclosure of Trade Secret or Confidential Information, the Office of the General Counsel should be notified immediately.

3.4

Trade Secret Overview

3.4.1 Basic List of Cincinnati Bell Trade Secrets:

The following types and categories of information, although certainly not all inclusive, shall be considered at all times to be confidential and proprietary business information of Cincinnati Bell, and shall be maintained as confidential: a) Current Sales Information:

Sales figures are collected, catalogued, analyzed and circulated routinely to a certain number of Cincinnati Bell personnel on a "need to know" basis. This information if widely distributed would cause great harm to Cincinnati Bell b) Advertising and Marketing Information:

Cincinnati Bell must develop its advertising and marketing programs significantly in advance of the time they are released to the public. Premature disclosure of a marketing campaign (including the results/effectiveness of ongoing marketing campaigns) could diminish the effectiveness of that information. Further, Cincinnati Bells marketing personnel are constantly gathering extensive data on Cincinnati Bells current sales broken down by geographical areas, test marketing programs, and other marketing facts and information. Again, disclosure of any of this information could be detrimental to Cincinnati Bell. c) Customer Information:

Page 20 of 111

Cincinnati Bell possesses special knowledge regarding its customers such as names, purchasing habits, the individual contact(s) with a particular customer, business strategies and other information. This customer information is extremely confidential to both the customer and to Cincinnati Bell. d) General Financial, Pricing and Profit Information: Cincinnati Bell financial information, including without limitation its profit and loss statements, forecasts, and budget information, is highly confidential. Further, the manner and method of pricing Cincinnati Bells services plays an important part in determining its competitive success. Cincinnati Bells profit margins, pricing models and formulas are among its most important and highly confidential assets. e) Information Systems: The source and object codes for software modules, units, specifications, manuals and other released documentation Cincinnati Bell uses to coordinate its information systems are highly confidential. f) Personnel Information: Each personnel file contains a great deal of information regarding each employee, employment and education records, salary history and other material. This information shall not be publicized to anyone within Cincinnati Bell who does not have a need to know the information or to any third party, except as required by law. 3.4.2 Form of Trade Secret and Other Confidential Information: In order to permit our employees to perform their duties, Trade Secrets and Confidential Information will be circulated within Cincinnati Bell in many forms. Trade Secrets and Confidential Information may be found in formalized documents, such as financial policies and procedures notebooks which are labeled, or a personnel file on a specific employee, or in less standardized documents. Descriptions of types of services and systems support for those services may have to be set forth in letters, or facts of a marketing program may have to be broken down, analyzed separately from the overall marketing program, and sent to outside agencies on a confidential basis, sales data may be set forth on financial documents and in memoranda. The key distinguishing factor of Trade Secrets and Confidential Information is not the form the material takes, it is the fact that the material is confidential. The fact that a formula is contained in a letter does not make the formula any less confidential. 3.4.3 Transmittal of Trade Secrets and Confidential Information : The following procedures are to be followed when transmitting Cincinnati Bell Trade Secrets and other Confidential Information internally through Cincinnati Bell mail channels, or externally through the United State Postal Service or express mail:
Page 21 of 111

a)

Internal Transmittal:

i. Trade Secret and Confidential Information disseminated within Cincinnati Bell is to be placed inside an envelope marked "Confidential". It is to be: a. Addressed; b. Marked "To Be Opened By Addressee Only", if appropriate; and c. Sealed. ii. If the sender desires to avoid earmarking the information "Confidential", the sender should use a pre-printed envelope placed in an outer envelope bearing normal marking. That action, of course, would preclude special handling by mailroom personnel. iii. At the end of each working day, "Confidential" envelopes should be stored in a secured area, and should not be left overnight in individual mail slots. b) Internal Transmittal by Facsimile or E-Mail:

Sending and receiving Trade Secret and Confidential Information to other Cincinnati Bell employees by facsimile or e-mail requires diligence on the part of all Cincinnati Bell employees in order to ensure that such information is adequately protected. As a matter of practice, confidential and proprietary legends should appear on all documents containing Trade Secret and Confidential Information when transmitting such information internally by facsimile or e-mail. c) External Transmittal:

Documents containing Trade Secret or Confidential Information sent via postal channels are to be placed in an internal envelope marked in accordance with the internal transmittal procedure listed under 3.4.3(a) of this policy. The internal envelope shall then be placed into a second envelope, addressed and sealed, but not marked as Confidential. In certain instances, the nature of the information may warrant additional safeguards, in which case the information should be sent express mail or Registered or Certified Mail, Return Receipt Requested. d) External Transmittal by Facsimile or E-Mail:

The transmittal of documents containing Trade Secret or Confidential Information to external destinations via facsimile or e-mail is generally prohibited. Exceptions to this general prohibition may be granted by the Office of the General Counsel on a case-by-case basis if adequate security for such transmittal can be ensured.

Page 22 of 111

3.4.4 Storage of Company Trade Secrets and Confidential Information: a) Trade Secret and Confidential Information should be secured at all times so as to prevent unauthorized disclosure of its contents. b) During non-working hours, Trade Secret and Confidential Information should be stored in a suitable locked file cabinet or desk drawer. c) Computers should always be logged off at the end of the day and/or whenever the employee leaves his/her office areas for a significant period of time, regardless of how long the employee anticipates he/she will be gone. Computer access shall be restricted through use of user-specific computer passwords and computer passwords should never be shared with another user. Employees also should utilize password-protected screensavers to avoid unauthorized access to Trade Secrets and Confidential Information. For questions regarding this policy, please contact the Client Services Manager. 3.4.5 Physical Security: The physical premises of all buildings used by Cincinnati Bell shall be secured by appropriate and reasonable means. Points of access for employees, visitors and freight shall be monitored and restricted through the use of employee identification badges, self-locking doors and other reasonable and appropriate means including, if necessary, closed circuit surveillance television or security guards. Interior doors providing access to areas containing Trade Secret information materials shall be locked at all times. Within those areas, appropriate storage, including locked filing cabinets, shall be provided for Trade Secret and Confidential Information. For guidelines on security issues, please refer Part 10: Security Policy of the Corporate Policies Manual. 3.4.6 Destruction of Documents containing Trade Secret and Confidential Information: a) All Trade Secret and Confidential Information must be destroyed by shredding. Trade Secret and Confidential Information is not to be thrown away in the waste containers as normal trash or left in designated shredding cans overnight. b) Electronic media containing Trade Secret or confidential information, such as tapes and diskettes, must be erased and/or reformatted before discarding or reusing them. Simply deleting a file containing Trade Secret or Confidential Information is not the same as erasing it. Additional discussion of appropriate disposal of information is described in Sections 13.8 (Destruction of Records), and 15.6 (Destruction of Documents and Records Containing Personally Identifiable Information ).

3.5

Document Control

The internal auditor should conduct a periodic review and audit of all Trade Secrets in order to determine the integrity of the retention of Cincinnati Bell Trade Secrets, including
Page 23 of 111

review of potential theft of proprietary information, destruction or redundant copies of information, retrieval of information from those who no longer need to know or have possession of it, and declassification of information that is no longer to be considered a Trade Secret.

3.6

Proper Marking of Documents

3.6.1 All Trade Secrets and Confidential Information shall contain one of the proprietary notices set forth below or be stamped "CONFIDENTIAL," as the case may be. Marking Trade Secret and Confidential Information with the appropriate legend is the responsibility of the originator and/or the holder of the information. This marking must be applied before the information is shared within the Company. Generally, letters and memoranda need only be stamped on the first page or front cover. Trade Secrets that are widely disseminated within Cincinnati Bell should contain a full copyright and proprietary notice on every page unless impractical. a) For general use: This document contains unpublished, confidential and proprietary information of __________________(appropriate entity). No disclosure, duplication or use of any portion of the contents of these materials for any purpose may be made without the prior express written consent of the Office of the General Counsel. b) For more limited distribution: PRIVATE AND CONFIDENTIAL DO NOT COPY The information contained herein should not be disclosed to unauthorized persons. It is meant solely for use by authorized ____________________ (appropriate entity) employees. c) For proposals and other Trade Secret information given to the U.S. Government or any agency: This document is exempt from disclosure under the Freedom of Information Act pursuant to 5 U.S.C. Section 552(b)(4) as privileged and confidential trade secret and commercial information. 3.6.2 Even though a Trade Secret may inadvertently fail to contain the appropriate notices, all consultants and employees are expected to treat such information as confidential by virtue of their signed confidentiality agreements and/or confidential relationship with Cincinnati Bell.

3.7

Copies of Company Documents

3.7.1 Whenever a document containing Trade Secret or other Confidential Information is to be copied, the individual creating that document shall make only the minimum number of copies of the document necessary to distribute the document to those individuals who have a need to know and use the information contained therein. Accordingly, the number of copies should be strictly limited to the addressee(s) and those people who are identified as being carbon copied or blind carbon copied on the document or computer file,
Page 24 of 111

plus a file copy. Further, copies are to be filed promptly. If there is any question about whether a particular document contains Trade Secret or other confidential material, the individual creating the document should consult his or her supervisor or the Office of the General Counsel. 3.7.2 Paper shredders or other secure means of disposal shall be placed near the copying area.

3.8

Confidentiality Agreements

3.8.1 In order to protect and maintain Trade Secret and Confidential Information, the following agreements shall be utilized as set forth below: a) Confidentiality Agreement. The agreement set forth in Schedule A shall be executed by Cincinnati Bell and any person or entity with whom Cincinnati Bell intends to exchange or otherwise disclose confidential information (either in writing, verbally or through visual presentation), prior to the disclosure of any confidential information by Cincinnati Bell. b) Consultant Confidentiality Agreement. The agreement set forth in Schedule B shall be executed by Cincinnati Bell and any consultant retained by Cincinnati Bell. The Consultant Confidentiality Agreement differs from the general Confidentiality Agreement set forth in Schedule A in that the Consultant Confidentiality Agreement covers situations where Cincinnati Bell is the only party disclosing confidential information. The general Confidentiality Agreement is used when both parties will be disclosing confidential information. Any questions regarding the proper agreement to be used in a given situation should be directed to the Office of the General Counsel. 3.8.2 From time to time, additional confidentiality agreements may be approved and the agreements attached as Schedules may be reviewed and revised. 3.8.3 For any questions regarding Confidentiality Agreements, please contact the Office of the General Counsel.

3.9

Review of Published Works

3.9.1 All Published Works, including without limitation advertisements, web sites, promotional material and articles for publication (Published Works) must be screened by the Office of the General Counsel prior to publication to determine if Trade Secret or Confidential Information is being disclosed. 3.9.2 Procedure: a) All Published Works shall be submitted to the Office of the General Counsel for review and approval at least 5 days prior to the expected use of the same (This procedure also applies to drafts/mock-ups sent to outsiders long before actual "use."). b) The Office of the General Counsel will review and comment on the advertisement.
Page 25 of 111

c) If the Office of the General Counsel discovers Trade Secret or Confidential Information in a Published Work, the Trade Secret or Confidential Information shall either be removed or other arrangements made to protect the confidentiality of the information. d) The Office of the General Counsel shall retain a copy of all reviewed Published Works, marking thereon, "Approved for Release [date]" and reviewer's initials. e) If any employee believes he/she accidentally may have revealed Trade Secret or Confidential Information by publication of a document, he/she should consult with his/her immediate supervisor who shall report the same to the Office of the General Counsel.

3.10 Media Guidelines

3.10.1 The public perception of Cincinnati Bell is critical to the creation and sustainment of our brand. The following communications areas are key to creating, maintaining and changing public perception: 3.10.2 External Communications Corporate Communications is primarily responsible for external communications through the media. This includes print vehicles, electronic vehicles, and industry and financial analysts. To ensure consistency and quality of messages, all contact and response to media inquiries is to be handled by Cincinnati Bell Corporate Communications. Any unsolicited media requests or inquiries should be referred to Cincinnati Bell Corporate Communications who will work with the appropriate subject matter experts and obtain appropriate clearance to respond and leverage the Cincinnati Bell story. 3.10.3 Internal Communications In addition, maintaining and sustaining our brand with Cincinnati Bell employees is just as critical, as they, too, are part of the public. Communications with the Cincinnati Bell employee base through broadly disseminated vehicles such as "Cincinnati Bell Connections" are managed by Cincinnati Bell Corporate Communications who ensure timely dissemination of important business and corporate information. 3.10.4 Crisis Communications Both internal and external communications are clearly delineated under the corporate Incident Command Team structure. Corporate communications, through its membership in the incident command team, initiates and maintains all communications with all publics during a crisis situation. If you have any questions with regard to this policy, please contact the Incident Command Team Public Information Officers in Corporate Communications.

Page 26 of 111

3.11 Visitors' Access to Company Facilities

3.11.1 A log book should be completed by all visitors and off-hours employees including name, address, affiliation, reason for visit, person visited and time and dates of entering and leaving. All visitors shall be escorted by an employee at all times during the visitor's visit. All visitors shall be issued a badge or other means of identification. All areas which are off-limits to visitors shall be clearly marked. Certain remote locations may be exempted from these requirements by the Office of General Counsel after consultation with Cincinnati Bells Security Department.

3.12 Use of Consultants

3.12.1 The Company routinely uses consultants to perform various functions in the course of conducting its business. These consultants are often provided with or are otherwise exposed to Cincinnati Bell Trade Secret and Confidential Information. It is Cincinnati Bells policy to require all consultants retained by the Company for any period of time to sign a Consultant Confidentiality Agreement as set forth in Schedule B prior to disclosure of any Trade Secret or Confidential Information. Any variations from the Consultant Confidentiality Agreement set forth in Schedule B must be approved by the Office of the General Counsel.

3.13 Electronic Mail

3.13.1 Cincinnati Bell electronic mail (e-mail) systems, such as Microsoft Outlook, Lotus Notes and the like, are not public electronic communications services as defined by 18 USC Section 2510. They are property of Cincinnati Bell, are restricted to use solely by authorized users for business purposes, and the contents of electronic mail are subject to random or periodic monitoring and disclosure by management without notification to users. 3.13.2 Employees using any Cincinnati Bell e-mail system should be aware of the following non-exclusive guidelines relating to e-mail and its use: a) Transmission of Trade Secret and Confidential Information by e-mail is subject to the restrictions set forth in Section 3.4.3 (b) and (d) of this Trade Secret Policy. b) The purpose of e-mail is to facilitate intracompany transmittal of business-related information, and should be used exclusively for matters of concern to Cincinnati Bell operations. Cincinnati Bell's e-mail and other information systems may not be used in a way that may be considered by management to be disruptive, offensive to others, or harmful to morale. With the exception of Company authorized electronic bulletin boards specifically established for non-business related communications among Company employees, email may not be used to solicit for commercial ventures, religious or political causes, outside organizations, or other non-job related solicitations.
Page 27 of 111

c)

d)

e)

All e-mail is subject to monitoring and review by company management and/or its agents without notification.

3.13.3 All electronic mail and Company databases including Trade Secret and other Confidential Information sent internally by electronic mail shall include the appropriate confidential and proprietary legends. Transmission of Trade Secret and Confidential Information to external destinations by facsimile or e-mail is generally prohibited. See Section 3.4.3 (b) and (d) of this Trade Secret Policy for more detailed guidelines on the proper transmission of Trade Secret and Confidential Information. By using the Company's e-mail, all employees knowingly and voluntarily consent to their usage of these systems being monitored, and acknowledge the Company's right to conduct such monitoring. Employees should not expect that e-mail is confidential or private, and therefore, should have no expectation of privacy whatsoever related to its usage. Additional discussions of the acceptable uses of Company email facilities are contained in Sections 11.2.2 (Network Usage and Management), 11.2.5 (PC & Laptop Security Issues), and 11.3 (Electronic Mail).

3.14 Use of Wireless Telephones

3.14.1 The use of cellular and other wireless telephones to send and receive business-related information has become commonplace. However, the use of wireless telephones requires all Cincinnati Bell employees to exercise diligence to ensure that the Companys Trade Secret and Confidential Information is not inadvertently disclosed. 3.14.2 Wireless telephones should generally not be considered a secure means of transmitting Trade Secret or other Confidential Information. As a matter of practice, Cincinnati Bell employees, to the extent possible given the circumstances should not disclose Trade Secret or Confidential Information when using a wireless telephone.

Page 28 of 111

Schedule A CONFIDENTIALITY AGREEMENT

THIS CONFIDENTIALITY AGREEMENT ("Agreement") is made and entered into in ____________, ___ as of the ___ day of ___________, 2000 by and between ________________________ ("CBI") and __________________________ ("_____"). BACKGROUND CBI and _______ are exploring, or have engaged in, _____________________________________________________ ("Relationship"), which could, in part, require disclosure of certain proprietary and confidential information by each party to the other party. Each party desires to protect its proprietary and confidential information and to prevent other persons and entities from acquiring, appropriating or discovering its proprietary and confidential information. AGREEMENT NOW THEREFORE, in consideration of the promises and covenants set forth herein, and for other good and valuable consideration, the receipt, adequacy and legal sufficiency of which are hereby acknowledged, the parties agree and covenant as follows: 1. Confidentiality. Each party ("Receiving Party") agrees to regard and preserve as confidential any and all information, material, documents and data related to the business activities of the other party and their respective customers (including, but not limited to, customer lists), that may be disclosed to, or received by, the Receiving Party from the other party as a result of the Relationship or this Agreement, provided that any written information disclosed must be clearly marked as Confidential or Proprietary at the time of disclosure ("Confidential Information"). Such Confidential Information shall not include any information which is or becomes through no fault of the Receiving Party part of the public domain; which was already known to the Receiving Party at the time of disclosure as evidenced by written documents; which is independently developed by the Receiving Party without reference to or use of any Confidential Information received from the other party; or which was lawfully obtained by the Receiving Party from a third party outside of this Agreement. During the term of Relationship and for three (3) years thereafter, the Receiving Party: (i) shall hold the Confidential Information in trust and confidence for the other party and shall protect the Confidential Information with the same degree of care as the Receiving Party employs for the protection of its own trade secrets and confidential information (but in no event shall such care be less than that which is commercially reasonable); (ii) shall not disclose, reveal, make accessible or make available to any person or entity any Confidential Information; (iii) shall only use the Confidential Information for the limited purpose of performing its duties pursuant to the Relationship and, in such performance, shall limit access to and disclosure of the Confidential Information to the Receiving Party's employees on a "need to know" basis only; and (iv) shall never use or exploit any such Confidential Information for its own benefit or any other person's or entity's benefit.
Page 29 of 111

2. Ownership and Return. The Receiving Party acknowledges and agrees that all of the Confidential Information of the other party is and shall remain the sole and exclusive property of the other party, free of any and all claims of the Receiving Party. Any such information, data or ideas created as a result of the Relationship or this Agreement that relates directly to ____s product(s) or service(s) shall belong solely to ____ and that which relates in any way to CBI shall belong solely to CBI. Upon the discontinuance of the Relationship or an earlier request by the other party, the Receiving Party shall have no right to keep or use and shall promptly return to the other party all Confidential Information and all equipment and tangible personal property of the other party entrusted to the Receiving Party or otherwise in the Receiving Party's possession or control. The Receiving Party shall be deemed to be the bailee thereof for the use and benefit of the other party and shall not at any time acquire any right, title or interest in or to such Confidential Information or equipment or tangible personal property of the other party and shall safely keep and preserve the same. 3. Remedies. In the event of any actual or threatened breach by the Receiving Party of any provision of this Agreement, particularly Sections 1 and 2 above, the Receiving Party acknowledges that the other party will incur significant and irreparable damage for each such breach and that the other party has no adequate remedy at law for such breach. Therefore, the other party shall be entitled to injunctive relief immediately and permanently restraining the Receiving Party from such continuing and/or threatened breach. In addition, the Receiving Party shall be liable to the other party for any and all damages and other losses caused by any such breach. The rights and remedies of the parties hereto shall not be mutually exclusive and the exercise of one or more rights or remedies provided for by this Agreement or by law, equity, statute (including the Uniform Trade Secrets Act and any such similar statute) or otherwise shall not preclude the parties from exercising any other right or remedy. 4. Attorney's Fees. If a legal action or other proceeding is brought by CBI or _____ for enforcement of this Agreement, the party that prevails by enforcing this Agreement shall be entitled to recover reasonable attorney's fees, costs and expenses incurred, in addition to any other relief to which it may be entitled. 5. Miscellaneous. This Agreement constitutes the entire understanding between the parties hereto with respect to the subject matter hereof and supersedes all negotiations, representations, prior discussions and preliminary agreements between the parties hereto relating to the subject matter thereof. Each party hereto acknowledges that this Agreement does not in any way, expressly or impliedly, create any obligation on either party to pursue or consummate any business or other relationship. This Agreement shall be deemed to have been executed in the State of _______, and shall be interpreted, construed and enforced according to the laws of the State of _______, without giving effect to any conflict of laws provisions. Each party expressly submits themselves to the exclusive, personal jurisdiction of the federal and state courts situated in _______, _____. This Agreement shall inure to and bind the successors and assigns of the respective parties hereto; provided, however, that nothing herein shall be construed to permit the sale, assignment or delegation of the parties' interests and/or obligations hereunder. Any waiver by any party of any breach of any kind or character whatsoever by any other party, whether such waiver be direct or implied, shall not be construed as a continuing waiver of, or consent to, any subsequent breach of this Agreement on the part of the other party. In addition, no course of dealing between the
Page 30 of 111

parties, nor any delay in exercising any rights or remedies of the parties, shall be construed as a waiver. The provisions of this Agreement are severable. In addition, it is the intent and agreement of the parties that all of the terms and conditions hereof be enforced to the fullest extent permitted by law. All warranties, representations, indemnities, covenants and other agreements of the parties hereto shall survive the execution, delivery and termination of this Agreement and shall, notwithstanding the execution, delivery and termination of this Agreement, continue in full force and effect. IN WITNESS WHEREOF, the parties have executed this Agreement as of the day and year first above written. ___________________________ By:________________________ Print Name: _________________ Title: _______________________ _____________________________ By:___________________________ Print Name: ___________________ Title: ________________________

Page 31 of 111

Schedule B CONSULTANT CONFIDENTIALITY AGREEMENT

THIS CONFIDENTIALITY AGREEMENT ("Agreement") is made and entered into in _______, ___, as of the _____ day of ____________, 2000, by and between ______________________________, a _____________ corporation ("CBI"); and ______________________________, a _____________ corporation ("Consultant"). BACKGROUND CBI has retained (or will be retaining) Consultant to perform certain analyses and/or to make recommendations relative to CBI's business. This consulting relationship may require CBI to disclose certain proprietary and confidential information to Consultant. CBI desires to protect its proprietary and confidential information and to prevent other persons and entities from acquiring, appropriating or discovering its proprietary and confidential information. AGREEMENT NOW THEREFORE, in consideration of the promises and covenants set forth herein, and for other good and valuable consideration, the receipt, adequacy and legal sufficiency of which are hereby acknowledged, the parties agree and covenant as follows: 1. Confidentiality. Consultant agrees to regard and preserve as confidential any and all information, material, documents and data related to the business activities of CBI and its customers (including, but not limited to, customer lists), that may be disclosed to, or received by, Consultant as a result of the consulting relationship between CBI and Consultant (hereinafter referred to as "Confidential Information"). Such Confidential Information shall not include any information which is or becomes through no fault of Consultant part of the public domain; which was already known to Consultant at the time of disclosure as evidenced by written documents; which is independently developed by Consultant without reference to or use of any Confidential Information received from CBI; or which was lawfully obtained by Consultant from a third party outside of this Agreement. During the term of the consulting relationship and for three (3) years thereafter, Consultant: (i) shall hold the Confidential Information in trust and confidence for CBI and shall protect the Confidential Information with the same degree of care as Consultant employs for the protection of its own trade secrets and confidential information (but in no event shall such care be less than that which is commercially reasonable); (ii) shall advise its employees of Consultant's obligations under this Agreement and enter into separate employee confidentiality agreements with such employees in the form attached hereto as Exhibit A; (iii) shall not disclose, reveal, make accessible or make available to any person or entity any Confidential Information; (iv) shall only use the Confidential Information for the limited purpose of performing its duties pursuant to the consulting relationship and, in such performance, shall limit access to and disclosure of the Confidential Information to Consultant's employees on a "need to know" basis only; and (v) shall never use or exploit any such Confidential Information for its own benefit or any other person's or entity's benefit. 2. Ownership and Return. Consultant acknowledges and agrees that all of the Confidential Information of CBI is and shall remain the sole and exclusive property of CBI, free
Page 32 of 111

of any and all claims of Consultant. Any information, data or ideas created as a result of the consulting relationship or this Agreement that relates directly to CBI's product(s) or service(s) shall belong solely to CBI. Upon the discontinuance of the consulting relationship or an earlier request by CBI, Consultant shall have no right to keep or use and shall promptly return to CBI all Confidential Information and all equipment and tangible personal property of CBI entrusted to Consultant or otherwise in Consultant's possession or control. Consultant shall be deemed to be the bailee thereof for the use and benefit of CBI and shall not at any time acquire any right, title or interest in or to such Confidential Information or equipment or tangible personal property of CBI and shall safely keep and preserve the same. 3. Remedies. In the event of any actual or threatened breach by Consultant of any provision of this Agreement, particularly Sections 1 and 2 above, Consultant acknowledges that CBI will incur significant and irreparable damage for each such breach and that CBI has no adequate remedy at law for such breach. Therefore, CBI shall be entitled to injunctive relief immediately and permanently restraining Consultant from such continuing and/or threatened breach. In addition, Consultant shall be liable to CBI for any and all damages and other losses caused by any such breach. The rights and remedies of CBI shall not be mutually exclusive and the exercise of one or more rights or remedies provided for by this Agreement or by law, equity, statute (including the Uniform Trade Secrets Act and any such similar statute) or otherwise shall not preclude CBI from exercising any other remedy. 4. Attorney's Fees. If a legal action or other proceeding is brought by CBI for enforcement of this Agreement and CBI prevails, CBI shall be entitled to recover reasonable attorney's fees, costs and expenses incurred, in addition to any other relief to which it may be entitled. 5. Miscellaneous. This Agreement constitutes the entire understanding between the parties hereto with respect to the subject matter hereof and supersedes all negotiations, representations, prior discussions and preliminary agreements between the parties hereto relating to the subject matter thereof. Each party hereto acknowledges that this Agreement does not in any way, expressly or impliedly, create any obligation on either party to pursue or consummate any business or other relationship. This Agreement shall be deemed to have been executed in the State of _______, and shall be interpreted, construed and enforced according to the laws of the State of _______, without giving effect to any conflict of laws provisions. Each party expressly submits themselves to the exclusive, personal jurisdiction of the federal and state courts situated in _______, _____. This Agreement shall inure to and bind the successors and assigns of the respective parties hereto; provided, however, that nothing herein shall be construed to permit the sale, assignment or delegation of the parties' interests and/or obligations hereunder. Any waiver by any party of any breach of any kind or character whatsoever by any other party, whether such waiver be direct or implied, shall not be construed as a continuing waiver of, or consent to, any subsequent breach of this Agreement on the part of the other party. In addition, no course of dealing between the parties, nor any delay in exercising any rights or remedies of the parties, shall be construed as a waiver. The provisions of this Agreement are severable. In addition, it is the intent and agreement of the parties that all of the terms and conditions hereof be enforced to the fullest extent permitted by law. All warranties, representations, indemnities, covenants and other agreements of the parties hereto shall survive the execution, delivery and termination of this Agreement and shall,
Page 33 of 111

notwithstanding the execution, delivery and termination of this Agreement, continue in full force and effect. This Agreement shall be construed as though all parties had drafted it. IN WITNESS WHEREOF, the parties have executed this Agreement as of the day and year first above written. ______________________________ By:___________________________ Print Name: ___________________ Title: _________________________ [Consultant] By:___________________________ Print Name: ___________________ Title: _________________________

Page 34 of 111

Exhibit A EMPLOYEE CONFIDENTIALITY AGREEMENT

I, __________________________________, hereby acknowledge receipt of documents and other materials provided by ______________________________ ("CBI") to

______________________________ ("Consultant"), my employer, pursuant to a confidentiality agreement whereby Consultant has agreed to keep confidential all Confidential Information contained therein. In connection with such confidentiality agreement between CBI and

Consultant, I personally agree that I (a) will keep all such documents and materials confidential and will not disclose any of the same to anyone without the express written consent of CBI; and (b) will not copy, or authorize the copying of, any such documents except as expressly directed by CBI.

Signed this _____ day of _______________, 19____.

_________________________________ (Signature) _________________________________ (Print Name)

Page 35 of 111

Part 4: ANTI-HARASSMENT POLICY (revised 03/17/2010)

Cincinnati Bell seeks to provide its employees with a work environment free from sexual harassment and other harassment based on race, color, religion, age, national origin, disability, and all other legally prohibited forms of harassment. Each manager/supervisor and employee has a responsibility to maintain the workplace free of prohibited harassment. Such conduct may result in disciplinary action up to and including dismissal. While all forms of legally-prohibited harassment should be prevented or eliminated, Cincinnati Bell reminds its employees that sexual harassment is specifically prohibited. No supervisor shall threaten or insinuate, either explicitly or implicitly, that an employee's refusal to submit to sexual advances will adversely affect the employees employment, evaluation, wages, advancement, assigned duties, shifts, or any other condition of employment or career development, or that an employee's acceptance of such sexual advances will have a positive effect on the employee's employment. Supervisors should be aware that charges of harassment often develop from a consensual relationship between co-workers and should govern themselves accordingly, both on and off the job. Under no circumstances should a manager supervise or continue to supervise a subordinate with whom he or she has a sexual or romantic relationship. Any employee who becomes involved in such a relationship with his/her subordinate or supervisor should notify the Vice President of Human Resources immediately so that efforts to reassign one of the parties to the relationship may be undertaken. Other sexually harassing conduct in the workplace, whether committed by supervisory or non-supervisory personnel, is also prohibited. Prohibited harassment includes repeated and unwelcome physical, written, or spoken conduct that substantially interferes with an employees work performance or creates an intimidating, hostile, or offensive working environment as well as conduct which, if left unchecked, could rise to the level of unlawful harassment. By way of example, the following conduct in the workplace may constitute prohibited sexual harassment: Flirting, touching, or making advances or propositions of a sexual nature; Verbally abusing a coworker based on sex; Making graphic or suggestive comments about an individuals dress or body; Using sexually explicit words to describe an individual; Sending suggestive or obscene e-mails or e-mail jokes; Displaying sexually suggestive objects or pictures; or Making jokes of a sexual nature.

Remember, what may seem to be harmless teasing or practical joking to one employee may be perceived differently by other employees.
Page 36 of 111

It is everyones responsibility to create an atmosphere free from harassment, whether by fellow employees or by anyone else encountered by Cincinnati Bell employees in the course of our business. Cincinnati Bell believes that prohibiting harassment is such an important issue that any employee who has a complaint of harassment does not need to follow a typical chain of command in reporting the harassment. An employee who has a complaint of harassment should report such conduct to his or her supervisor, or to any Human Resources Manager, the Director of Employee Relations or to any officer of the Company who should in turn report it to a Human Resources Manager or the Director of Employee Relations. Retaliation against persons who make such complaints is unlawful and will not be tolerated by Cincinnati Bell. Any supervisor who sees harassing behavior or receives or otherwise becomes aware of an employees complaint or report of harassment must notify a Human Resources Manager or Director of Employee Relations immediately so that immediate and appropriate steps to investigate and, if substantiated, to stop the harassing conduct and prevent its recurrence through appropriate corrective action can be undertaken. All complaints of prohibited harassment will be investigated promptly and thoroughly in a manner which is both impartial and as confidential as possible, without reprisal to the complaining individual. After appropriate investigation, any employee found to have engaged in unlawful harassment of another employee will be subject to appropriate disciplinary action up to and including termination.

Page 37 of 111

PART 5: EQUAL EMPLOYMENT OPPORTUNITY AND AFFIRMATIVE ACTION POLICY (revised 04/26/2013)
It is the policy of Cincinnati Bell to provide equal employment opportunities in all aspects of the employer-employee relationship (including but not limited to recruiting, hiring, upgrading, promotion, conditions and privileges of employment, company sponsored training, education assistance, social and recreational programs, compensation, benefits, transfers, discipline, layoffs, recalls and terminations of employment) to qualified persons without unlawful discrimination based on race, color, religion, national origin, sex, age, disability or protected veteran status. The Company strives to maintain a work environment that is free of unlawful discrimination and harassment. Repeated and offensive physical, written, or spoken conduct that substantially interferes with an employees work performance or creates an intimidating, hostile, or offensive working environment is unlawful where based on race, color, religion, national origin, sex, age or disability. Such conduct as well as conduct which, if left unchecked, could rise to the level of unlawful harassment is prohibited by this policy. The support and assistance of all employees is necessary to enable us to achieve this objective. The Human Resources Department is responsible for addressing complaints of unlawful discrimination and harassment. Employees should direct such complaints to their supervisors or to any Human Resources Manager, the Director of Employee Relations or any officer of the Company. If that is not appropriate, employees are urged to seek the assistance of the Vice President of Human Resources. Additionally, supervisors are required to report complaints to the appropriate Human Resources Manager or the Director of Employee Relations. Retaliation against persons who make such complaints is unlawful and will not be tolerated by Cincinnati Bell. In addition, the Company will take appropriate action to protect the rights of individuals to file complaints, furnish information or participate in investigations, compliance reviews or other activities relating to compliance with, and enforcement of, applicable laws and regulations governing equal employment opportunity. It is the personal responsibility of each employee to be familiar with this policy. The Company supports the objectives of affirmative action and, as a federal contractor, is required to take affirmative steps to ensure that minorities and women are appropriately represented in our workforce. The Company's Affirmative Action Plan sets forth our present interpretation of the appropriate course of action and is available for review upon request to the Vice President of Human Resources. If an employee violates this policy, appropriate action will be taken, up to and including discharge. Cincinnati Bell maintains written Affirmative Action Plans (AAPs) for Women and Minorities, Persons with Disabilities and for Covered Veterans, as required by federal laws and regulations. The AAPs are updated annually and are available for viewing during normal business hours by contacting Human Resources Compliance Manager.

Page 38 of 111

PART 6: ANTITRUST COMPLIANCE POLICY (revised 3/22/00) 6.1 General

6.1.1 Cincinnati Bell maintains a firm policy of strict compliance with all aspects of the antitrust laws. The purpose of the antitrust laws is to promote and protect fair competition, the cornerstone of our free enterprise system. 6.1.2 All employees are charged with the responsibility for complying with both the letter and spirit of the antitrust laws. Any conduct which violates those laws is detrimental to the best interests of the Company. Accordingly, any employee who participates in such conduct may be subject to Company disciplinary action, up to and including dismissal. Disciplinary action will depend upon the nature and extent of the violation and its effect on the Company. Discipline will extend to those who are directly involved in the wrongdoing, and may extend to the violator's supervisor(s) or manager(s) to the extent that they have not exercised reasonable supervision or diligence to prevent the violation. Any employee who has information that the antitrust laws are being, or may have been violated, must disclose such information to the Company. Disclosure may be made to the General Counsel's Office. The facts will be investigated, and the identity of the employee presenting the information will be treated as confidential. No retribution will be taken against anyone because he or she discloses information about a violation or possible violation. 6.1.3 The following guidelines are designed to assist you in recognizing potential problem areas and in ensuring your compliance with Cincinnati Bells policy on Antitrust Laws. You should thoroughly review these guidelines and contact the Office of the General Counsel if you have any questions about their application to your activities or those of your subordinates.

6.2

Overview

This overview is intended to introduce employees to antitrust compliance. Elsewhere in this Policy (Section 6.3), detailed guidance is given as to antitrust compliance in relations with competitors, customers and suppliers. Most fraught with antitrust risk are relations between competitors. Important, although less risky, are relations with customers and suppliers. 6.2.1 Relations With Competitors 1. Price Agreements Any agreement with a competitor concerning prices is illegal, even if prices are decreased rather than increased, prices are stabilized, the agreed upon prices are reasonable or the purpose of the price agreement is to prevent ruinous competition. It is illegal to agree to a formula for computing prices, to agree to price differentials, or to agree to minimum or maximum prices. Agreeing to elements of price and terms and conditions of sales such as discounts, freight charges, credit, etc. is just as illegal as agreeing to price itself.
Page 39 of 111

2. Allocation of Territories It is illegal for competitors to divide or allocate territories in which they will sell or refrain from selling. 3. Allocation of Customers It is illegal for competitors to divide or allocate the customers to whom they will sell or refrain from selling. 4. Agreements to Limit or Restrict Production or Capacity An agreement among competitors to restrict or increase production or capacity is illegal. 5. Product Standardization An agreement among competitors to standardize products may be illegal. 6. Boycotts and Refusals to Deal An agreement between competitors not to sell to or buy from certain individuals or firms may be illegal. 6.2.2 Relations With Customers and Suppliers 1. Price Agreements An agreement with a customer or supplier concerning the price at which the product will be resold may be illegal. Announcing or receiving suggested resale prices is permitted, however. 2. Territory Agreements - A proposed agreement between Cincinnati Bell and its customers assigning territories or customers, designating a location from which customers will sell or containing other provisions relating to the area in which or customers to whom a customer will sell Cincinnati Bell products should be discussed with the General Counsels Office. 3. Tying Arrangements It may be illegal to sell a product on the condition that the customer purchase another product. 4. Refusal to Deal - It may be illegal to sell, buy or lease on the condition that the purchaser, seller or lessee will not deal with Cincinnati Bells competitors. 5. Reciprocity It may be illegal for a buyer to purchase goods only on the condition that the seller purchase the buyers product. 6. Price Discrimination It may be illegal to sell the same products to competing customers at different prices. Competing customers should be treated on a proportionally equal basis when granting sales promotions, promotion discounts, advertising allowances or assistance in the form of services and facilities. It is unlawful for a buyer to knowingly induce or receive an illegal discrimination in price or services. However, employees can and should bargain for and obtain the lowest lawful price for goods and services purchased by Cincinnati Bell. 6.2.3. Ten Things To Avoid: 1. Dont hold meetings management approval. and discussions with competitors without prior

Page 40 of 111

2. 3. 4. 5. 6. 7. 8. 9. 10.

Dont under any circumstances discuss prices, customers and markets with competitors. Dont offer one customer prices and terms more favorable than those offered a competing customer. Dont agree upon or attempt to control a customers resale price. Dont require a customer to buy a product only from you. Dont disparage a competitors product. Dont make sales or purchases conditional on reciprocal purchases or sales. Dont divide up markets or market share. Dont agree not to do business with a competitor. Dont exchange any material with competitors without review by the General Counsels Office.

6.3

Application of the Antitrust Laws

6.3.1. In the following sections, the legal concepts described above are applied to relationships with competitors, customers and suppliers. Relations with Competitors (1) Price Agreements Any agreement with a competitor concerning prices is illegal. A contract or other document is not necessary to have an agreement. Responding to pressure or doing what you know is expected can be sufficient. An agreement may also be inferred from your actions. Therefore, avoid contact that might raise any suspicion that an agreement exists. An agreement as to price is illegal even if prices are decreased rather than increased; prices are stabilized; the agreed upon prices are reasonable; or the purpose of a price agreement is to prevent ruinous competition. It does not matter that the prices agreed upon are not uniform or that no exact price is fixed. It is illegal to agree to a formula for computing prices; to agree to price differentials; or to agree to minimum or maximum prices.

Page 41 of 111

Agreeing to elements of price and to terms and conditions of sale, such as discounts, freight charges, credit, etc., is just as illegal as agreeing to price itself. Cincinnati Bells prices are to be arrived at independently by Cincinnati Bell without consultation of any kind with competitors. Never discuss prices or pricing policy with a competitor. If a competitor attempts to enter into such a discussion, terminate the conversation immediately and telephone a Cincinnati Bell lawyer. Never provide to, or accept from, a competitor a price list or information from which prices can be computed. While price lists of competitors may be obtained from customers, customers should not be used by competitors as a clearinghouse for exchanging price information. Note the date and source of all price information obtained on the face of the material. The only exception to this rule is a communication of price in connection with a good faith sale to or purchase from a competitor. (2) Allocation of Territories It is illegal for competitors to divide or allocate territories in which they will sell. Never agree with a competitor to sell or to refrain from selling in any area. (3) Allocation of Customers It is illegal for competitors to divide or allocate the customers to whom they will sell. Never agree with a competitor to sell or to refrain from selling to any customers or class of customers. Never agree to divide or share a customers business with a competitor. (4) Agreements to Limit or Restrict Production of Capacity An agreement among competitors to restrict or increase production or capacity is illegal.

Page 42 of 111

(5) Product Standardization An agreement among competitors to standardize products may be illegal. Consult the Legal Department before joining competitors in an effort to set standards. (6) Boycotts and Refusals to Deal An agreement between competitors not to sell to or buy from certain individuals or firms is illegal. Never suggest to or agree with a competitor not to sell to or buy from anyone. Cincinnati Bell has a legal right to choose its suppliers and customers, and to refuse to buy from or sell to anyone. But this right must be exercised independently by Cincinnati Bell, without consultation with competitors. B. Relations with Competitors and Suppliers (1) Price Agreements An agreement with a customer or supplier concerning the price at which the product will be resold may be illegal. Consult the Cincinnati Bell Legal Department before doing more than suggesting resale prices to a customer. (2) Territorial and Customer Restrictions Any proposed agreement between Cincinnati Bell and its customers assigning territories or customers, designating the location from which the customer will sell or containing other provisions relating to the area in which a customer will sell Cincinnati Bell products should be discussed with a Cincinnati Bell attorney. Decisions concerning enforcement of policies relating to restrictions on customers must only be made with the advice of a Cincinnati Bell attorney. Consult the Legal Department before terminating sales to a distributor. (3) Tying Arrangements It may be illegal to sell a product only on the condition that the customer purchase another product. Consult the Legal Department before imposing that condition on a customer.
Page 43 of 111

(4) Exclusive Arrangements It may be illegal to sell, buy, or lease on the condition that the purchaser, seller, or lessee will not deal with a competitor. All proposed exclusive, requirement, or output contracts should be reviewed in advance with a Cincinnati Bell attorney. (5) Reciprocity It may be illegal for a buyer to purchase goods only on the condition that the seller purchases the buyers products. Any proposed reciprocal transaction should be discussed with a Cincinnati Bell attorney. Cincinnati Bell purchases on the basis of price, quality, terms, and service. (6) Price Discrimination The Robinson-Patman Act prohibits price discrimination. While the Act is complicated and very difficult to apply, some general rules are: It may be unlawful to sell the same products to competing customers at different prices. Competing customers should be treated on a proportionately equal basis when granting sales promotions, promotion discounts, advertising allowances, or assistance in the form of services and facilities. In some situations, the law permits discriminations which are justifiable based on meeting the equally low price of a competitor, or changes in the market for or marketability of a product. However, a number of technicalities govern the application of these justifications. It is unlawful for a buyer knowingly to induce or receive an illegal discrimination in price or services. However, Cincinnati Bell employees can and should bargain for and obtain the lowest lawful price for goods and services purchased by Cincinnati Bell. Selling in one section of the country at a lower price than in another section for the purpose of eliminating competition or a competitor can be unlawful. Selling at unreasonably low prices or below cost can be unlawful if done for the purpose of eliminating competition or a competitor.

Page 44 of 111

6.4

Examples

6.4.1 Set forth below are some examples of business situations which may be encountered by you with instructions for proper handling: CASE 1: A good customer claims he can buy cheaper from Competitor X. He is reluctant to give you a copy of Xs written quote, however, and suggests that, X can verify this for you. Response: You should not call X to verify the quote. You should never attempt to verify a price in any way with the competitor involved or with any other competitor. The fact that the customer suggested it makes no difference. It would be advisable to inform the customer that Company policy prohibits you from discussing prices with X. CASE 2: In the course of a conversation with you, Competitor X complains, prices sure are low in our industry right now, and asks you if you agree or disagree. Response: This question should not be answered by you. Your agreement or disagreement could be misconstrued as an acceptance by you of an invitation to fix prices. CASE 3: You would like to purchase a product from Competitor X and ask for a quote. In response, Competitor X mails to you, unsolicited, price sheets or lists for other products as well, including some products which X sells in competition with the Company. Response: The receipt of any unsolicited price information from a competitor should be brought to the attention of the Office of General Counsel. CASE 4: You receive a telephone call from Competitor X who asks if you would like to join him for lunch to discuss a community project. Response: You should limit contacts with employees of competitors as much as possible. This is so, even though the purpose of the contact is proper, due to the appearance of impropriety that may come from such contacts. If it is necessary to have a meeting with an employee of a competitor to discuss a proper subject, you should carefully document the purpose of the meeting and the matters discussed. CASE 5: At a trade association meeting a competitors sales executive indicates that costs have gone up and it would be a dandy time to consider raising prices.

Page 45 of 111

Response: If you are ever in attendance at any trade association meeting (either formal or informal) and the subject of prices or other terms of sale is raised, you should object immediately and ask that such matters not be discussed. If such discussion continues over your objection, you should leave the meeting immediately. All such occurrences should be reported as soon as possible to the Office of General Counsel. CASE 6: You receive a written questionnaire from any source (including a trade association, a government agency, another company, a research group, etc.) requesting compensation information. Response: Refer it to the Office of General Counsel for advice as to whether you may properly respond. The foregoing examples are not intended to exhaust the variety of situations with which you may be presented, but only to aid you in comprehending the wide range of the application of the Companys Antitrust Compliance Policy and in avoiding potentially dangerous situations. The seriousness of these matters and the vital necessity of full compliance by all employees cannot be over-emphasized. If you have any questions regarding whether any activity is permissible, you should contact the Office of General Counsel for guidance.

Page 46 of 111

PART 7: COPYRIGHT POLICY (revised 3/22/00) 7.1 General

Copyright law provides valuable rights and powerful remedies that can be used to protect Cincinnati Bell's substantial investment in its intellectual work product. Copyright law can also be used against Cincinnati Bell should any Cincinnati Bell employee trespass on the copyrights of another. Accordingly, it is Cincinnati Bell's policy to protect its rights, and to respect the copyrights of others. It is each employee's responsibility to become familiar with corporate policy detailed below and to consult with the Office of General Counsel whenever there is a question of interpretation or application. 7.11 Scope of Copyright Law Copyright law covers works of original authorship, such as: books and magazines manuals and technical reports advertising and promotional copy databases and directories computer software programs sound recording software commercials photographs and musical works (to name some relevant examples).

Protection is automatic under US and international law. This means that somebody does not have to register a work to have it protected, and may be able to sue to protect their rights even if the disputed work is not identified as "copyrighted." Some of the rights a copyright owner enjoys are the exclusive rights to: make copies distribute copies prepare adaptations and derivatives display a work in public perform a work in public transmit a covered work electronically

A person who does any of the above without permission from the copyright owner may be liable for infringement. The remedies for copyright infringement include: a court order to stop the infringing conduct seizure and destruction of the infringing materials
Page 47 of 111

recovery of the damages sustained by the copyright owner disgorgement of the infringer's profits an award of statutory fines reimbursement for the successful plaintiff's costs and attorney fees. Under certain circumstances, infringement for commercial gain constitutes a federal

crime. Fair Use Under limited circumstances, a person may be able to use a very limited amount of copyrighted material without permission for non-commercial purposes. This is known as fair use. For example, a limited amount of copyrighted material can be used in connection with non-commercial purposes such as news reporting, teaching, scholarship, research, and criticism. In general, however, it is more prudent, and it is Cincinnati Bell's policy, to assume that the fair use doctrine does not apply to any use of copyrighted material. You should assume that any copying or use of copyrighted material must comply with the guidance of this policy. Work for Hire When Cincinnati Bell contracts with outside consultants or vendors to perform work for the Company, it is important that our rights are protected in the final work product. Specifically, Cincinnati Bells rights must not only be secured for the piece of work that is delivered, developed, designed, or modified, but the Companys underlying rights must also be secured. It is important that Cincinnati Bell retains the exclusive right to the final work product so that it may adapt, reproduce, distribute, and publicly display or perform that work product. Please consult with the Office of the General Counsel for review of all consultant agreements. A List of Things You Should Do and Things You Should Avoid Do: Get outside vendors to sign a written agreement that contains appropriate copyright protections when outsourcing the development of a copyrightable work (and always have it reviewed by the Office of General Counsel) Include a copyright notice on every copy of any Cincinnati Bell work intended for general circulation Don't: Assume that commissioning a work and paying a substantial fee will automatically transfer ownership of the copyright to Cincinnati Bell in the absence of an appropriate, written agreement Assume that the absence of a notice on a work from some other source (including the Internet) means that it is in the public domain Consider copyright registration for any Assume that you can side-step an significant copyrightable work product infringement claim merely by making (whether or not it is intended for resale changes to someone else's work
Page 48 of 111

and whether or not it is intended for publication) Always check with the Chief Information Officer before installing any software or peripheral device on company-owned equipment Assume that every use (including strictly internal uses) you make of someone else's copyrighted work will come to their attention, and govern your conduct accordingly

Make multiple copies (or systematically make single copies) of journals, newsletters, or any other publications even for strictly internal use or distribution

7.2

Copyright Responsibility

7.2.1 The Office of the General Counsel will be responsible for obtaining copyright registration for Cincinnati Bell by submitting all applications for copyright registration along with all required data and deposit materials to the appropriate authority. In appropriate cases, the Office of General Counsel may delegate.

7.3

Form of Copyright Notice

Cincinnati Bell requires copyrights on all works. The following notice shall appear on all works: Copyright Cincinnati Bell 20___ All rights reserved.

7.4

Location of Copyright Notice

7.4.1 Printed and handwritten material: a) b) For single-page works, the copyright notice may be placed anywhere on the front or the back of the page. For works in book form, the copyright notice may be placed in any one of the following locations: 1) 2) 3) the title page; the page immediately following the title page; or either side of the front cover, or if there is no front cover, either side of the front page.

Page 49 of 111

c) d)

For material in loose leaf form, the copyright notice should appear on the title page or the page immediately following the title page. For material in microfilm or microfiche form, the copyright notice should be placed on the front of the container.

7.4.2 Machine-readable material: a) External notice: The copyright notice along with the program identification number is to be placed on a printed label and affixed to the exterior of the machine-readable medium (i.e., to the box, reel, cartridge, cassette or other container used as a permanent receptacle for the medium.) b) Internal notice: The copyright notice is to be included at or near the beginning of the material in such a way that all printouts of the program, either in human or machine readable form, contain the copyright notice. The copyright notice should appear adjacent to the program identification number and is to be contained in the source code and the executable object code.

7.5

Outsourcing of Creative Works- Work for Hire Doctrine

7.5.1 Outsourcing of creative works to independent contractors raises two potential issues. First, where the services are to be performed on site and the vendor is an individual rather than a corporation, it is important to ensure that the relationship created is not subsequently perceived as an employment relationship. Second, when commissioning technical consultants, artists, photographers, or writers to produce copyrightable work product, it is necessary to address complex intellectual property rights issues as well as the usual array of contract issues. The most common question raised in such a transaction is: what exactly did Cincinnati Bell purchase? Did it buy only the physical piece of work that was delivered or did it also buy the underlying exclusive rights to adapt, reproduce, distribute, and publicly display or perform that work? 7.5.2 Due to the complexity of the issues involved with outsourcing creative works, all contracts for the procurement of technical consulting services, and creative works must be drafted by or under the supervision of the Office of the General Counsel. Similarly, any draft contracts originated by or on behalf of vendors must be reviewed and approved by the Office of the General Counsel before execution. At a minimum, all contracts must contain provisions protecting Cincinnati Bells underlying rights to adapt, reproduce, distribute, publicly display, or perform the final work product.
Page 50 of 111

7.6

Internal Photocopying of Copyrighted Material

7.6.1 In the course of its general research and development activities, Cincinnati Bell purchases or subscribes to many industry publications, journals, newsletters, and other copyrighted source materials for use by employees in the performance of their duties. Except under certain very limited circumstances, the Company does not generally have the right to make, or direct the making of, photocopies of all or portions of these copyrighted materials even for strictly internal use. Rather, the Company's use of these publications is governed by subscription agreements with vendors and by Federal Copyright Law. 7.6.2 With respect to the latter, unauthorized photocopying of entire publications or the articles contained therein may subject the Company (and any individuals directly involved) to civil damages of as much as $100,000 per incident as well as criminal liability in certain extreme cases. 7.6.3 The Company strictly adheres to a policy in compliance with copyright law, and accordingly requires all Cincinnati Bell employees to comply with the following policy governing the photocopying of published works: Company employees shall not make photocopies of copyrighted publications for archiving, circulation, or distribution internally or otherwise without first securing written permission through the office of the General Counsel. Where there is a need for access to multiple copies of a particular publication or portions of it, the Office of the General Counsel can assist with procuring an appropriate photocopy license from the copyright holder or a rights licensing agency. Specifically prohibited are the following: (a) the making of multiple copies of an entire publication, a single section or article contained within the publication, or a substantial portion of a single section or article, for any purpose; Example: making 20 copies of a newsletter article on internet marketing tactics for distribution to department marketing personnel is prohibited, though a single copy could be made and circulated. (b) the systematic or regular photocopying of even single copies of complete sections or articles (or substantial portions thereof) contained within a publication, as for an individual file, archive, or library; Example: a standing order to make a single copy of the Market Watch column from each issue of a trade journal for a single employee's file is likely an infringement of the copyright in the publication and is prohibited. (c) the making of multiple copies of entire articles downloaded from a database or other on-line resource.
Page 51 of 111

Example: downloading, printing, and copying an article from a database for distribution to a department is prohibited, though a single copy could be printed for individual reference (or the URL and an abstract of information available at the site could be distributed). The following uses are permitted: (a) (b) (c) abstracting an article and distributing internally copies of the abstract; making a single copy of an article or section for circulation or routing; making multiple copies of the table of contents of a journal or publication for the purpose of alerting employees to the contents thereof;

(d) making a copy of an entire article to avoid a risk of spoilage to the original work (under these circumstances, the copy made must be destroyed when the need for which it was made has expired). 7.7 Installation and Use of Personal Computer Hardware and Applications Software

7.7.1 Cincinnati Bell owns and maintains both the hardware and peripheral devices attached to the hardware, and either owns or licenses all Company-supplied operating systems and application software. Cincinnati Bell employees are authorized to use the equipment as their day-to-day business needs dictate. No changes of any kind are permitted to the hardware or its peripheral devices, drivers or configurations without express, written permission from the Chief Information Officer. 7.7.2 The installation or use on Cincinnati Bell-owned equipment of software products (acquired, owned or developed by the user) which are designed for entertainment purposes, for personal gain, to access public or private on-line services, or for any other reason, is not authorized without express, written authorization from the CTSG Director. Any authorization to install privately-licensed software will be conditional in part on proof of authority to possess and load such software. 7.7.3 Company-supplied software, documentation, operating system and all data stored on the internal disk drive is owned or licensed by, and remains the property of Cincinnati Bell. 7.7.4 Installed software shall be used for business purposes only and may not be copied (except to create a back-up or archival copy), altered or distributed in any fashion. This provision does not include the dissemination of data, reports or other information to authorized Cincinnati Bell employees during the normal course of business. 7.7.5 Cincinnati Bell, or its authorized representatives, will from time-to-time, at its discretion, inspect computer equipment and software, with or without notice. Users agree to surrender Company-owned equipment for such inspections promptly upon request. Cincinnati Bell reserves the right to remove software, with or without notice, that does not meet the qualifications outlined in this
Page 52 of 111

document or that in any way adversely impacts the proper and efficient operation of the system.

Page 53 of 111

PART 8: TRADEMARK AND SERVICE MARK POLICY (revised 3/22/00) 8.1 Introduction

8.1.1 Trademarks are among our Company's most effective tools in communicating our corporate identity. In addition to being the objective symbol of the goodwill Cincinnati Bell has developed, the Company's trademarks/service marks perform the following critical functions: (a) (b) They identify our products and services and distinguish them from the products and services of our competitors; They signify that the quality of all goods and services bearing a Cincinnati Bell mark is controlled by Cincinnati Bell, and that the level of such quality is consistent; and They serve as a prime element in advertising and selling our products and services.

(c)

8.1.2 Once we have acquired legal rights in our marks, and have consistently acted to preserve those rights, we can stop companies from trading on our goodwill by using identical or similar marks on identical or similar products and services. In order to accomplish this, we must follow the guidelines set forth below. Additionally, because of the size and complexity of our various businesses, and the important role played by Cincinnati Bell's marks, it is important that you consult and work with the Office of the General Counsel in connection with any action involving our marks. Specific areas in which the Office of the General Counsel needs to be consulted are listed below.

8.2

Definition of Trademarks and Service Marks

8.2.1 A trademark is any word, name, symbol or design, or any combination of two or more of these, selected and used by a company to identify its goods and to distinguish them from the goods manufactured and sold by others. "Service marks" perform the same function for services.

8.3

Importance of Proper Use of Cincinnati Bell Marks

8.3.1 Using our marks properly shouldn't be an afterthought. If used properly, Cincinnati Bell marks will retain their value and remain valuable assets of the Company. The internal misuse of Cincinnati Bell marks could invite illegal use of our marks by other businesses or outside organizations. It is important that all Cincinnati Bell marks are presented in accordance with the standards outlined in this policy. 8.3.2 The Cincinnati Bell name and symbol are two of the most important marks that Cincinnati Bell uses. Applications for trademark registration of the Cincinnati Bell name and
Page 54 of 111

symbol have been filed with the U.S. Patent and Trademark Office. Until the Cincinnati Bell mark and logo are registered on the United State Patent and Trademark Federal Register, the SM designation should be used in accordance with the standards set forth herein and until otherwise indicated by the Office of the General Counsel. 8.3.3 In addition, the Cincinnati Bell name and the Bell symbol are very important marks and don't belong to Cincinnati Bell exclusively. The Bell name and symbol are jointly owned by the Regional Bell Operating Companies created at divestiture plus Cincinnati Bell and Southern New England Telephone (Bell stakeholders). Since all of the Bell stakeholders may use these marks and symbols in their own and each other's territories, there is a potential for public confusion. To assure the integrity of our shared marks, we've all agreed to follow a set of explicit guidelines in their presentation. Specifically, there are graphic standards for size, shape, color and positioning of the Bell name and symbol, whether used on caps, T-shirts, marketing materials or advertising. Please contact the Office of the General Counsel to obtain these standards.

8.4

Use Standards

8.4.1 Once we have acquired rights in a mark, it is important to act consistently to preserve those rights. Both the appearance and use of the marks must be consistent. The correct use and appearance of the mark increases its strength in the market place. To ensure this strength, we must adhere to the following rules: When used as a mark, a name or symbol should be set off from other words or symbols in a sentence or paragraph . Distinguish word marks by using capitalization, quotation marks, colors, or similar means. For example: With COMPLETE CONNECTIONS, you receive $65 worth of phone services for just $34.95 a month. The mark should always be used to modify a descriptive noun. A mark should be followed by the generic name of the product it represents. If a mark stands alone on packaging or as a heading in advertising, brochures, or similar items, be sure it appears distinctively and is used with the generic product name in the text of the written material. Marks should never be modified, pluralized, apostrophized, or used on their own in a sentence. For instance: Correct: Incorrect: Stay connected with Fuse Internet access. Fuses Internet access is the best way to stay connected.

The appearance of the elements of a graphic design should never be changed without prior approval of the Office of the General Counsel. Be consistent. Always spell a mark properly if it is a word, or reproduce it faithfully if it is a design or a symbol. Never add, modify or delete the words of a combination design and word
Page 55 of 111

mark, and never change the graphics of a design mark without prior legal approval. Once a mark is registered, the symbol should always be used in connection with the mark in advertising and on packaging. The notice should appear at least once, preferably the first time the mark appears. The symbol is the most common and preferred form of federal trademark notice, and puts others on notice of our registration and fulfills the notice provisions of the federal trademark law. Place the symbol on the shoulder or, adjacent to, the last letter of the mark. For Ex: Simple, reliable access to the Net . Do not use the federal registration notice for marks which are not registered with the U.S. Patent and Trademark Office. If you are uncertain if a mark is registered, contact the Office of the General Counsel. If the mark is in use but has not yet been registered, and is being used in materials which do not contain the marks of other companies, use the symbol TM or SM in association with the mark. Use the SM or TM designation in the same fashion as described above. You may also use the legend "Trademark" (or "Service Mark") in text copy. The generic name of the product or service should not be included in the matter designated as an unregistered trademark. For materials which contain the marks of other companies as well, see the discussion below.

8.5

Monitoring Cincinnati Bell Marks

8.5.1 In order to maintain the value of our marks, we have an ongoing obligation to police industry use of marks which may be the same or similar to ours. The marketplace should be constantly and carefully monitored to detect use by other companies of marks which are or may be confusingly similar to any Cincinnati Bell marks. Such marks should be brought to the immediate attention of the Office of the General Counsel so that proper action can be determined. 8.5.2 Failure to act against use by other companies of marks similar to ours can result in the dilution of and possible loss of rights in our marks. In order to take immediate action, the Office of the General Counsel will need information regarding the user and owner of the offending marks, the goods or services with which those marks are used, and the geographical location of the use. Samples of products and packages should be obtained where possible. 8.5.3 Monitoring of Cincinnati Bell marks should also include monitoring any incorrect use of our marks internally.

Page 56 of 111

8.6

Creation of New Trademarks

8.6.1 Cincinnati Bell marks are selected by the Company only after consideration and recommendation by the marketing and public relations staffs and approval by management and the Office of the General Counsel. Extensive searches are often required to make sure we do not select a mark too similar in sound, appearance or meaning to an existing mark belonging to someone else for similar goods or services. Once established by use, our marks are usually registered with the federal government to enhance their value and protectability. 8.6.2 If it is determined that a new symbol or name is desired for a new product or service, the following process must be followed: Clearance: Contact the Office of the General Counsel to determine the following: Is the proposed mark distinctive enough to act as a trademark or service mark; and Does the proposed mark infringe or present other risks with respect to any existing marks of others. Application: If the legal check suggests that the proposed mark is legally available, and is a "good" mark, and the Company intends to use the mark, an application for federal registration of the mark should be filed. Under federal trademark law, an application's filing date is extremely important since the rights acquired under the registration will date back to the application filing date. Actual Use: The Office of the General Counsel should be kept informed as to the status of the mark's use. Once the mark is actually in use, proof of use should be sent to the Office of the General Counsel for examination and forwarding to the Trademark Office so that the application can proceed to registration. This proof should include the date of first use of the mark, and at least 3 actual labels, packages, or tags attached to the products, or advertising and sales literature used in connection with the service. The registration process is a fairly lengthy process and can take anywhere from one to three years to register a trademark or service mark with the United State Patent and Trademark Office.

8.7

Packaging, Labels, and Advertising and Promotional Materials

8.7.1 All packaging, labels, advertising and promotional material or products which make use of any Cincinnati Bell mark must be reviewed and approved in advance by the Office of the General Counsel. This includes promotional material used for the Company's own products and in co-promotion with other products.
Page 57 of 111

8.8

Use of Cincinnati Bell marks On Or In Connection With Non-Cincinnati Bell Products or Services

8.8.1 No other company is allowed to use marks on its goods or services without express prior written permission from the Company. A written license agreement for such use must be provided by and approved by the Office of the General Counsel to insure the proper use and protection of our marks when used by another company. Do not attempt to license a Company mark on your own. 8.8.2 When Cincinnati Bell's marks are used in co-promotions with other companies, we must be careful to prevent our products, services, and marks from being improperly associated with those of the other companies. This can be accomplished by making certain that there is a sharp distinction, both in words and illustrations, between our products and marks and those of the other company. Promotional materials for such co-promotion should include a special footnote similar to the following: CINCINNATI BELL TELEPHONE and CHOICE MAIL are registered service marks of Cincinnati Bell Telephone Company. 8.8.3 When we use promotional products manufactured by other companies, such as T-shirts, caps, or tote-bags, for promotion of the company's products and services, we should make certain that such promotional materials are quality products. If a user of these promotional products finds fault with any of them, such dissatisfaction could be directed to the Companys products and services, and/or could adversely impact upon the valuable good will of the Company. 8.8.4 The symbol is the preferred and most common method of showing that the mark is registered. In a Cincinnati Bell publication, the registration symbol should be used only for Cincinnati Bell registered trademarks and service marks. Registered marks of other companies should be designated by the use of an * to reference a footnote stating: *Registered trademark (or service mark) of another company. 8.8.5 The legend "Registered U.S. Patent and Trademark Office" (or abbreviated as "Reg. U.S. Pat. & TM Off." or "Registered trademark or service mark") may be shown as an asterisked footnote in material in which the trademarks of others do not appear. 8.8.6 When Cincinnati Bell marks are used in material that also contains the marks of other companies, the asterisked footnote method should be used and must identify the corporate owner of the mark. Use "TM" or "SM" for unregistered marks. Unregistered marks must not be shown with a federal registration notice. When Cincinnati Bell unregistered marks appear in material that does not contain marks of others, identify them as marks by using the designation "TM" (for trademarks) or "SM" (for service marks) on the shoulder of, or adjacent to,
Page 58 of 111

the last letter of the mark. This designation should be used with the first appearance of the mark in text copy, but need not be used on subsequent appearances in the same publication. Alternatively, the legend "Trademark" (or "Service Mark") may appear as an asterisked footnote for the first appearance of the mark in the text copy. For Ex: People you know, you can rely on for AnswersSM.

When Cincinnati Bell unregistered marks are used in material that also contains marks (whether registered or unregistered) of others, the asterisked footnote method should be used and must identify the corporate owner of the other companys mark.

Page 59 of 111

PART 9: INSIDER TRADING POLICY (revised 03/17/2010) 9.1 Introduction

The Company recognizes that its directors, officers and employees invest in and sell Cincinnati Bell securities (including the Company's common stock and options and warrants to purchase common stock). However, federal and state securities laws prohibit engaging in transactions in Cincinnati Bell's securities on the basis of material non-public information. The Securities and Exchange Commission (the "SEC"), state securities regulators and members of the legal profession have been vigorously pursuing actual and alleged violations of insider trading laws. These laws are directed to preventing trading in a company's securities by company personnel who have inside information about that company. Although most of the publicity to date has centered on violations by individuals, federal law also imposes liability on companies such as Cincinnati Bell and possibly other "controlling persons" for insider trading violations by company personnel. Just as important, we've all worked hard over many years to establish Cincinnati Bell's reputation for integrity and ethical conduct. None of us can afford to have that reputation damaged by even the appearance of improper conduct by anyone employed by or associated with our company.

9.2

The Policy

Cincinnati Bell's policy has been developed to ensure that its directors, officers and employees do not have an unfair advantage over other investors when making an investment or trading decision relating to Cincinnati Bell's securities. The term Covered Transactions for purposes of this Policy includes any change in ownership, including gifts, stock and option grants, and other transfers. Furthermore, this policy has been developed to provide you with guidance so that you can avoid unlawful conduct when investing or trading in the Company's securities: 1. If any director, officer or employee has material non-public information relating to Cincinnati Bell Inc. or any of its subsidiaries, it is our policy that neither that person nor any related person living in his or her household may buy or sell our securities or engage in any other Covered Transactions to take advantage of, or pass on to others (including parents, siblings and other relatives living outside one's household), that information or any trading advice based on that information. 2. All Company employees at the Vice President level and above, as well as any other designated employee who has been so informed by the General Counsel, must comply with the following additional restrictions: (a) Neither you nor any related person living in your household may buy, sell or otherwise complete a Covered Transaction in Cincinnati Bell securities for a period beginning fifteen (15) days prior to the end of a fiscal quarter and ending on the third trading day following the public release by Cincinnati Bell of the prior quarters or prior years financial results.
Page 60 of 111

For example: Cincinnati Bell announces first quarter operating results before market opens on Thursday, April 19 th. Under Cincinnati Bells insider trading policy, trading may resume on the third trading day after the release (i.e. Monday, April 23rd.) and (b) All of your transactions in Cincinnati Bells securities must be pre-cleared by a Compliance Officer. Pre-clearance means that a proposed transaction is discussed with, and approved by, a Compliance Officer prior to any order being placed with a broker. Notification to a Compliance Officer after the fact is not acceptable and is considered a violation of this policy. 3. Members of the Board of Directors and officers designated as 16(b) insiders who regularly have access to, or generate, material non-public information are subject to the additional restrictions and reporting requirements discussed in Section 9.7 of this Policy. 4. The ultimate responsibility for following this policy and avoiding improper transactions rests with the individual. 5. Questions regarding this policy should only be directed to a Company Insider Trading Compliance Officer (Compliance Officer). For purposes of this Policy, the following individuals are Compliance Officers: Cincinnati Bells General Counsel.

9.3

Definitions

The policy on insider trading prohibits buying or selling Cincinnati Bell's securities or engaging in any other Covered Transaction while in possession of "material non-public" information, or passing on such information ("tipping") to others who buy or sell Cincinnati Bell's securities. Material information is any information that a reasonable investor would consider important in a decision to buy, sell or hold Cincinnati Bell's securities. In other words, any information (good news or bad news) which reasonably could be expected to affect the price of Cincinnati Bell's securities is "material" information. Some examples of material information are: * * * * * quarterly and year-end earnings information projections which show changes from prior earnings trends changes in sales trends news of a pending merger, acquisition, divestiture or tender offer changes in senior corporate officers
Page 61 of 111

* * * * *

changes in dividend policy or stock splits significant new products or services gain or loss of a substantial customer or supplier restructurings of the Companys business new financing activities.

Information is considered public only when Cincinnati Bell has released it through appropriate channels, such as a press release. Enough time must be allowed after such a release for the investing public to evaluate the information. At that point - and not before - the information is considered "public." Tipping is the passing along of material non-public information to others. The disclosure of any Cincinnati Bell confidential information, including material non-public information, is prohibited by Company policy.

9.4

The Consequences

The consequences of insider trading law violations can be severe. The sanctions that may be imposed on individuals who trade on inside information (or "tip" information to others who then trade on the basis of that information) include: * * * A civil penalty of up to three times the profit gained or loss avoided; A criminal fine (no matter how small the profit) of up to $5 million; and A jail term of up to 20 years.

Companies (as well as possibly supervisory persons) that fail to take appropriate steps to prevent insider trading may face: * * A civil penalty of the greater of $1 million or three times the amount of the profit gained or loss avoided as a result of the individual's violation; and A criminal fine of up to $25 million.

Moreover, a violation of Cincinnati Bell's insider trading policy will result in Company sanctions up to and including dismissal. Any of the above actions, or even a SEC investigation that does not result in prosecution, can tarnish a person's or a company's reputation and irreparably damage the careers of those involved.
Page 62 of 111

9.5

A Word of Caution

Remember, the SEC and the courts will view any transaction that becomes the subject of an insider trading inquiry with 20-20 hindsight. Therefore, we must consider the appearances of the transaction both now and in the future. If you have any questions at all about the propriety of a transaction, contact a Compliance Officer for advice before buying or selling Cincinnati Bell's securities.

9.6

Questions and Answers

Question 1: Who is an Insider? Answer 1: An "Insider" is any director, officer or employee of the Cincinnati Bell family of companies who has material information about the Company's business that has not been released to the public or that has been released but for which an insufficient amount of time has passed for the information to be evaluated by the public.

Question 2: Why am I receiving this Policy? Answer 2: Cincinnati Bell is trying to make all of its personnel more aware of their responsibilities. A simple note to a friend or relative saying "just wanted to let you know Cincinnati Bell is doing well" prior to the pubic announcement and evaluation of material information about the Company can jeopardize you (the "tipper") and your friend or relative (the "tippee") in the eyes of the law.

Question 3: Would information about a potential new customer contract (or lost or changing existing contract) represent material inside information? Answer 3: It could be. New contracts, financial results and/or trends in the business could be considered material inside information. When you are in doubt, ask first before trading in the Company's securities or telling others who do not have a need to know. Direct any questions to a Compliance Officer. The Compliance Officer will make a final determination. Trading moratoriums or restrictions may need to be put in place until inside information becomes public. However, absence of specific trading restrictions is not an excuse for trading on material non-public information. In any case, you must not pass to outsiders rumors or information about the Company which is confidential, whether or not it is material. Remember the appearance of impropriety can be as damaging as the fact.

Question 4: How are transactions within our 401K Plans affected by the Policy? Answer 4: So long as you do not make an election which changes the percentage invested in Cincinnati Bell shares, or begins or ends an investment in Cincinnati Bell shares, you have not engaged in a transaction that is covered by this Policy.
Page 63 of 111

9.7

Supplemental Trading Restrictions and Reporting Requirements for Board of Directors and Officers Designated as 16(b) Insiders

Cincinnati Bell has adopted a policy prohibiting insider trading which applies to all of our personnel. As noted in the policy, members of the Board of Directors and officers designated as 16(b) insiders (Officers) who regularly have access to, or generate, material non-public information are subject to additional restrictions and reporting requirements when they trade in Cincinnati Bell securities. As a director or Officer of Cincinnati Bell, your position at Cincinnati Bell regularly exposes you to such inside information. Accordingly, the Board of Directors has determined that, for your own protection as well as the Company's, additional trading restrictions must apply. In some cases, you may be deemed as a matter of law to be "aware" of information about Cincinnati Bell, even if you haven't been fully briefed on it. In addition, SEC rules require you to report all transactions in Cincinnati Bell securities on the appropriate SEC form within two (2) days of completing the transaction (the trade date, not the settlement date). Therefore, it is imperative that you comply with these additional restrictions, pre-clear all transactions with a Compliance Officer, and report the completion of all transactions immediately. As discussed in our insider trading policy, violations of this type always are examined with 20-20 hindsight, usually by people who don't know you or Cincinnati Bell, and even the appearance of impropriety can severely damage both you and the Company. These additional trading restrictions represent an effort to guard against even the appearance of impropriety. Therefore, in addition to the broad prohibitions on insider trading which apply to all Cincinnati Bell personnel, by virtue of your position the following additional trading restrictions apply: 1. Neither you nor any related person living in your household may buy or sell Cincinnati Bell securities for a period beginning fifteen (15) days prior to the end of a fiscal quarter and ending on the third trading day following the public release by Cincinnati Bell of the prior quarter's or prior year's financial results. For example: Cincinnati Bell announces first quarter operating results before market opens on Thursday, April 19 th. Under Cincinnati Bells insider trading policy, trading may resume on the third trading day after the release (i.e. Monday, April 23rd.) 2. All of your transactions in Cincinnati Bell's securities must be pre-cleared by a Compliance Officer other than transactions effected pursuant to a trading plan that (a) is formulated and entered into during any period other than that specified in Point 1 above, and (b) meets the requirements set forth below in Point 3 and complies in all respects with Rule 10b5-1 under the Securities Exchange Act of 1934. Keep in mind that this exemption from the pre-clearance requirement does not affect your obligation to report trades made pursuant to the trading plan with the SEC within 2 days. If a transaction is contemplated other than in connection
Page 64 of 111

with a trading plan that satisfies these requirements, contact a Compliance Officer in advance. 3. Any trading plan must be provided to the General Counsel for review and comment prior to the execution or adoption of any plan. Further, any trading plan must : be in writing; either (i) specify precisely how determinations as to amounts, prices, dates and frequency of transactions are to be made (e.g., by designated formula or algorithm) or (ii) delegate discretionary authority to a named party who is neither subject to your influence nor privy to material nonpublic information about the Company or its securities; specify a termination date (unless the intention is to continue the plan for an indefinite period under specified guidelines until there are no more securities available (in the case of sales) or no more funds available (in the case of purchases)); make allowances for unforeseen events outside of your control that would warrant automatic cancellation of plan transactions, such as: the announcement of a merger of the Company; the occurrence of an event that would cause any transaction in the Company's securities to violate the law;

unless the trading plan specifically delegates discretionary authority to a named party, indicate that any person executing transactions under the plan may not deviate from the instructions provided in the plan; state that no transaction under the trading plan may be effected by a person who is aware of material nonpublic information at the scheduled time of the transaction; where the trading plan delegates discretionary authority to another party, state that such party must make all trading decisions independently, without any influence from the person who created the plan; and contain provisions instructing the party effecting transactions under the plan to provide timely notification of such transactions to the trading person for purposes of assuring compliance with applicable reporting requirements.

4. As a further safeguard against inadvertent trades in violation of this Policy, and to assist you in your reporting obligations, you should provide your broker with a Broker Notification Letter, a copy of which can be obtained from a Compliance Officer in advance of any trades with that broker. 5. In order to facilitate timely reporting of all transactions in Cincinnati Bell securities by members of the Board of Directors and Officers, you are strongly encouraged to
Page 65 of 111

execute a power of attorney giving the Compliance Officers the power and authority to file SEC reporting forms on your behalf. 6. Prohibition of Insider Trading During Pension Fund Blackout Periods . No director or executive officer of the Company may, directly or indirectly, purchase, sell, or otherwise acquire or transfer any equity security of the Company during any pension fund blackout period. We recognize that this policy may cause inconvenience from time to time, and we apologize for that. However, we believe that this approach will help avoid inadvertent problems under the insider trading laws, and thus protect our most important shared asset - our reputation for integrity and the highest ethical conduct.

Page 66 of 111

Part 9A: POLICY STATEMENT ON THE RELEASE OF COMPANY INFORMATION TO THE PUBLIC (revised 4/1/04)
The Companys policy is that all disclosures made by it to its security holders, the investment community and the general public should be accurate and complete and made on a timely basis in accordance with all applicable laws and New York Stock Exchange requirements. All employees must be aware that the Company has specific guidelines about external communications and that only designated spokespersons of the Company are authorized to communicate Company information to external audiences in accordance with such guidelines. Employees must not discuss non-public information about the Company with audiences outside the corporation and must maintain all non-public information about the Company as confidential. Company employees who are not authorized spokespersons should refer all inquiries from analysts, investors and other members of the financial community to the Companys Vice President of Investor Relations and Corporate Communications. All inquiries from the press or other communications media should be referred to the Companys Director of Corporate Communications. All inquiries from other persons should be referred to the General Counsel. Any Company employee should notify immediately the General Counsel and/or the Vice President of Investor Relations and Corporate Communications if he or she believes that anyone within the Company, whether authorized or not, has disclosed or may be about to disclose material non-public information (or has any doubt about whether such information has been or will be disclosed). After appropriate investigation and consultation, the General Counsel will determine whether additional and/or expanded dissemination of such information is necessary and the means by which such information should be disseminated. To reiterate, it is the Companys policy to release information about the Company and its business as required by various legal and regulatory requirements and as it meets the Companys business interests. Such information releases are only to be made by authorized spokespersons in accordance with this policy statement and the practices and procedures established from time to time by the Companys Disclosure Committee. For purposes of this policy statement, the term authorized spokespersons shall include the members of the Companys Disclosure Committee and those individuals specifically designated by the Disclosure Committee to speak on behalf of the Company in external communications. The Disclosure Committee is comprised of the following corporate officers: Chief Executive Officer Chief Financial Officer General Counsel
Page 67 of 111

Senior Vice President, Internal Controls Vice President, Controller Vice President of Investor Relations and Corporate Communications

Page 68 of 111

PART 10: SECURITY POLICY (revised 3/22/00) 10.1 General

The responsibility for the physical security of all Cincinnati Bell buildings and grounds belongs to the Security department. Security oversees the Card Access Security System and the Alarm Surveillance Center at all facilities. Any questions regarding this policy or any other security questions should be directed to the Director of Security.

10.2 Providing Employee Access

a) b) c) Each employee shall display his/her Photo ID card in plain view and above the waist whenever on company property. All employees are encouraged to challenge anyone in their area not wearing the appropriate ID. Photo IDs, keys, laptops, etc. shall be recovered from any person before termination or transfer. Combinations on safes or locks shall be changed periodically and with changes in personnel.

10.3 Providing Visitor Access

Each visitor shall be escorted by a Cincinnati Bell employee at all times while on company property.

10.4 Clean Desk Policy

Employees should follow a clean/locked desk policy when away from their desks for any period of time, and after hours. Other office furniture containing sensitive information should be locked when unattended.

Page 69 of 111

PART 11: Cincinnati Bell Computer & Enterprise Network Security Policy (revised 08/02/2010)
11.1 Scope & Overview

This policy applies to Cincinnati Bell Inc. and all of its subsidiaries, (hereafter "Cincinnati Bell"), and applies to all Cincinnati Bell networks, communication systems and equipment (including computers, telephones, fax machines, e-mail, Internet services, and commercial systems when use is paid for by Cincinnati Bell) (hereafter "Cincinnati Bell Internal Network"). The various organizations within Cincinnati Bell rely upon many systems and vast amounts of information to deliver products and services to our customers. These information resources are vital assets that require protection. Data, whether stored in central computers accessible though remote terminals or processed locally on PCs, are vulnerable to a variety of threats and must be afforded adequate safeguards. In order for Cincinnati Bell to be successful, we must all accept our individual responsibility for securing our data from these threats. This Cincinnati Bell Computer & Enterprise Network Security Policy serves to establish standards for information technology resource protection by assigning responsibilities and providing basic rules, guidelines and definitions for all employees and contractors to follow. Whether from hackers, viruses or misconfigured workstations, there is the potential for loss of revenue, critical work stoppages and damage to the Cincinnati Bell image. This policy thus helps prevent inconsistencies that can introduce risks and serves as a basis for the enforcement of more detailed rules and procedures. This document is intended for use by users of any Cincinnati Bell Internal Network, including Cincinnati Bell employees, contractors and vendors who have need to access our internal network and systems. If you have any questions or concerns about any topics covered in this document contact the Team BEST Electronic Security Group at email address # IT NETWORK SECURITY. 11.2 Computer/Network Security 11.2.1 Separation of Duties 11.2.1.1 General

The Cincinnati Bell Internal Network has become an integral part of our everyday operation. To ensure the network benefits everyone, we must make sure certain rules or policies are enforced across all Cincinnati Bell companies. This document serves to inform the users of those rules and how to work with the Information Technology organization to best utilize the network to perform their daily tasks.
Page 70 of 111

All persons using the Cincinnati Bell Internal Network shall be responsible for the appropriate use of the facilities as specified by the policies defined in this document. This includes employees and third parties, (e.g. contractors, vendors, etc.). 11.2.1.2 Roles

Network Services Manager This position manages the group responsible for the physical network components, (i.e., routers, switches, servers, etc.) Network Administrator This position reports to the Network Services Manager and performs the tasks necessary to maintain the existing network, increase capacity and implement new components into the network. Electronic Security Group This group is responsible for reviewing the network to make sure it is protected from intrusion and abuse. This position is also responsible for maintaining these policies and procedures. If there are any questions concerning security issues the Electronic Security Group can be reached by using the IT NETWORK SECURITY e-mail address. System Administrator This position is responsible for working with developers/suppliers of applications other than the standard office automation suite. They coordinate information and requests between the users and the supplier of the application. Help Desk Responsible for assisting the user with problems they may encounter in their daily use of the system. All calls to the Help Desk result in a ticket being generated for tracking the problem from the time it is reported until it is resolved. The numbers for the Help Desk are: (513) 397-1313 and (866) 517-1313. End User They use all the applications/systems supplied and supported by Team BEST and the IT groups in all of our entities. The end users are also responsible for following the guidelines defined in this document to make sure they are operating in a safe and secure manner.

Page 71 of 111

11.2.2 Network Usage and Management 11.2.2.1 General Users of the Cincinnati Bell Internal Network, communication systems and equipment (including computers, telephones, fax machines, e-mail, internet services, and commercial systems when use is paid for by Cincinnati Bell) should be aware that such use serves as consent to monitoring for any type of use, including incidental and personal uses, whether authorized or unauthorized, and that there are no expectations of privacy with respect to such use. Periodic compliance scans and assessments may be performed to identify unauthorized or improper use of company resources. Unauthorized or improper usage discovered during the course of such monitoring will be handled at the discretion of Cincinnati Bell and may result in disciplinary action(s), up to, and including, termination. Warning Banner All Cincinnati Bell computer assets will display a "Consent to Monitoring" warning banner prior to allowing users to login to the Cincinnati Bell network. The banner will be implemented in such a manner so as to prevent system logon if the user does not consent to having their network activities monitored. 11.2.2.2 General The Cincinnati Bell Internal Network is for official and authorized purposes only. Limited personal use, including use for educational or professional development, is permitted as long as: It is not restricted by business needs or by the immediate supervisor It is of reasonable duration and frequency Serves a legitimate company interest, and Does not overburden the system or create any additional expense to the company. Peer-to-peer file sharing programs are not permitted on any part of the CBT Internal Network (including ISDN and VPN connections). Examples of peer-to-peer programs are: Kazaa, BearShare, Morpheus, Gnutella, LimeWire etc. This type of software congests the network causing slowness issues. Appropriate Use Consent to Monitoring and Privacy Expectations

Cincinnati Bell managers are responsible for ensuring that assigned personnel understand the company Appropriate Use Policy. Computer Etiquette and Inappropriate Use
Page 72 of 111

All employees are expected to conduct their use of these systems with the same integrity as in face-to-face or telephonic business operations. It is impossible to define all unauthorized use, however examples of behavior deemed unacceptable include: Accessing obscene or pornographic sites. Harassment, including sexual harassment. Unauthorized attempts to break into any computer or attempting to gain access to material you have not been expressly granted access to. Using company time and/or resources for personal gain. Theft or copying electronic files without permission. Sending or posting company confidential information outside the company or inside the company to unauthorized personnel. Sending chain letters, commercial selling and spam through e-mail. Deliberate over-extension of system resources or interference with the processing of a system.

Internet Relay Chat (IRC) Frequenting chat rooms or IRC channels using Cincinnati Bell assets is discouraged. Employees visiting these sites should keep in mind that such activity is subject to monitoring and may serve as grounds for disciplinary action. Connecting to Internet chat rooms from the Cincinnati Bell internal network increases the risk that network vulnerabilities could be exploited by outside 3rd parties. Cincinnati Bell Disclaimer The following disclaimer should be attached to all documents faxed outside the company and will automatically be appended to e-mail messages being sent outside the company: E-MAIL and FAX DISCLAIMER EXAMPLE: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this document . Because posting messages from a corporate account may be likened to replying using company letterhead, postings to newsgroups, message boards, Internet mailing lists, etc., personal or otherwise, must include a disclaimer as part of each message.

Page 73 of 111

MESSAGE POSTING DISCLAIMER EXAMPLE: The information transmitted is the personal opinion of the individual sending/posting this message. It in no way reflects the corporate policy or opinion of Cincinnati Bell Inc. or its subsidiaries. Internet Access from Home Access to the Internet from home using a Cincinnati Bell owned laptop or personal computer must adhere to all the same policies that apply to use from within company facilities. Employees should not allow family members or other non-employees to access Cincinnati Bell computer systems. Acceptable E-mail Uses Limited personal e-mail use is permitted as long it falls within the guidelines of the "Cincinnati Bell Appropriate Use Policy". E-mail content that is discriminatory, harassing, pornographic or illegal is prohibited. Other prohibited content includes but is not limited to chain letters, commercial selling, and Spam. Employees responsible for sending or forwarding prohibited content via their e-mail account are subject to disciplinary action as determined by the appropriate Cincinnati Bell management. See Section 3 of this document for additional details concerning the use of E-mail. Broadcast E-mail Broadcast e-mail messages shall be sent by authorized personnel only, to specified audiences and only when required. 11.2.2.3 General Cincinnati Bell user accounts will be created by authorized System Administration or Network administration personnel only. In order to reduce the risk of inadvertent access by unauthorized users, Cincinnati Bell user accounts will be created with the concept of least privilege' (only those system privileges deemed necessary to perform assigned tasks will be assigned to the user). In addition, Cincinnati Bell users will be assigned a specific user account for each system they are authorized to access. The sharing of user accounts is strictly prohibited. User accounts are reviewed by system administration personnel every 30 days for the purpose of general security review, determining inactive accounts, disabling inactive accounts, and deleting unnecessary accounts. Usernames Cincinnati Bell users will be assigned private, unique usernames, 6-8 characters in length. Usernames will be composed of the first initial of the first name, the first 3 characters of the last name and the last three digits of the user's Social Security Number. (i.e. John Smith, Social Security Number 123-45-6789 would have a userid of jsmi789).
Page 74 of 111

User Accounts

Existing usernames in a format different from this can be used until such time as they can be changed into the new format. All new ids will follow this new format. Because they are well known throughout the computer community and may be easily guessed by hackers or other unauthorized personnel the following types of usernames may not be assigned on Cincinnati Bell computer systems: Usernames that are the same as special accounts or group names (i.e. root, bin, sys, adm, cron, nobody, everybody) Usernames that are the same as default accounts within a given system (i.e. guest, administrator) Usernames that are the same as the system name. For example, Oracle administrators will not create user accounts with the username "oracle".

Disabling Accounts User accounts for former employees of Cincinnati Bell will be disabled for a period of 90-days. This will allow managers the opportunity to retrieve any important files or documents the employee may have been working on prior to their departure. After the 90 day period has elapsed, the account will be deleted. The Human Resources department will provide notification of the employee's termination. It is the responsibility of the sponsor for a contractor to notify Team BEST that the contractor has been terminated. Inactive Accounts User accounts that are inactive for a period of 30 days will be disabled. After the 30-day period system administration personnel will consult with the user or user's manager to ensure the account is still required. User accounts that have been inactive and remain disabled for an additional 60 days or found no longer to be valid will be deleted. 11.2.2.4 General Passwords play an important role in ensuring only authorized personnel have access to the Cincinnati Bell Internal Network and computer files. Passwords that are easily guessed undermine security by giving an unauthorized user the ability to gain network access. Once inside, the intruder can modify files or processes, steal data or use the system as a launching point for other network attacks. To reduce the likelihood of this occurring, the following guidelines will be followed when creating Cincinnati Bell user passwords. Passwords

Page 75 of 111

Password Strength All Cincinnati Bell systems will be configured to enforce the creation of strong user passwords. When creating a password, users should refrain from using parts of their first/last name, birthday, social security numbers, or common words out of the dictionary. User passwords will be checked by the system upon initial password creation and periodically thereafter by qualified personnel. Users found to have weak passwords or passwords that do not fall within Cincinnati Bell password guidelines will be required to create a new password. A good way to create a secure password is to use the initials of a phrase, and include special characters and / or numbers as well as letters. "For example, 86CaRa!" is a good password, and it's easy to remember because it stands for "86 Corvettes are Really awesome!." Password Length & Uniqueness Passwords will consist of at least 7 characters, and at least three out of the four following categories; upper case letters, lower case letters, numbers, and special characters. Passwords must not contain all or part of your account or full name. RACF passwords consist of a minimum of 6 and a maximum of 8 alpha-numeric characters. Maximum Password Aging Users will change their desktop password every 60 days. Cincinnati Bell systems will notify users at least 3 days prior to the password expiration date in order to facilitate the password change process. Users who are away from the office and unable to change their passwords will be provided 3 grace logins after their return. Accounts whose passwords have not been changed after the 3rd grace login will be disabled. Minimum Password Aging Minimum password aging will be set to 24 hours. This will prevent unauthorized users from immediately changing the passwords for new accounts they may have created. Password History This value will be set to a minimum of 12 passwords. This will prevent passwords or variations of the same password from being utilized for successive password change cycles. Mandatory Password Changes Passwords will be changed under each of the following circumstances: After the first system logon (when an account is initially created). Every 60 days. When an employee terminates from Cincinnati Bell, every account password they possessed will be changed (including dial-up passwords).
Page 76 of 111

When there is a suspected password or system compromise.

Password Sharing Passwords will be kept private; i.e. not shared, coded into programs, or written down. Cincinnati Bell users should be wary of any requests made by administrators for their passwords (over the phone or via e-mail). If a user receives a request to provide their password they believe is questionable or suspicious in nature they should attempt to verify the identity of the requestor (call the help desk/system owner/network security) prior to releasing the requested information. 11.2.2.5 Network Login

Identification and Authentication Identification and authentication (I&A) is the process of recognizing and verifying valid users or processes. It is used to determine what system resources a user or process will be allowed to access. Failure to follow proper I&A procedures could result in session hijacking or successful hacker attacks, both of which unnecessarily jeopardize Cincinnati Bell's network security posture. Authentication is required for access to Cincinnati Bell corporate systems from the Internet. Anonymous logins will not be permitted to any computer system within the Cincinnati Bell network. Authentication Devices Employees are responsible for safe handling and storage of all company authentication devices issued to them. Authentication tokens will not be stored with the computer(s) used to access corporate systems. If an authentication device is lost or stolen, the loss must be immediately reported to network security so that the device can be disabled. Failed Logins User accounts will be frozen after 5 failed login attempts. All erroneous password entries will be recorded in an audit log for later inspection and action, as required. Locking user accounts after a successive number of failures reduces the risk of an unauthorized user gaining system access via a brute force attack. Screen Locking Cincinnati Bell forces password protected screen saver function on Windows to automatically lock the screen after 20 minutes of inactivity on workstations / laptops. Screen locking a computer is an easy and cost effective way to reduce an unauthorized user's ability to access, modify or view sensitive information by simply walking up to an unattended workstation.
Page 77 of 111

Screen locking a computer will not be used as an alternative to "logging off" of the computer when the user is away for an extended time. 11.2.2.6 General Organizations use both dial-in lines and the Internet to provide remote access. While Internet-based attacks get most of the media attention, most computer system breakins occur via dial-up modems. To reduce the risk of break-in via this method, all remote access to Cincinnati Bell computer systems, whether via dial-up or Internet, will use company encryption services to ensure session confidentiality. Direct dial-in connections to company systems are not authorized unless approved by the Chief Information Officer (CIO) of Cincinnati Bell. Desktop Modems The use of unsecured desktop modems to support dial-in access to company systems is prohibited. When modems are installed they should be used for outbound calling. If needed for inbound, such modems should be configured to operate in a dial-back mode as well as requiring a User ID and password for authentication. Dial-In Access Numbers Information regarding access to company computer and communication systems, such as dial-up modem phone numbers, is considered confidential. This information will not be listed on electronic bulletin boards, in telephone directories, on business cards, or made available to third parties without the written permission of the Cincinnati Bell CIO. System Information Restriction All system information and menu options will not be presented prior to a user successfully entering a valid user ID and password. Password Changes All users who access the company system through dial-in connections will be required to change their passwords every 60 days. Forcible Log-Off In order to reduce unnecessary system load and reduce the risk of highjacked computer sessions, Cincinnati Bell user sessions will be forcibly logged off of the network after 4 hours of inactivity. Remote Access (Dial-In, FTP, Telnet, etc)

Page 78 of 111

Remote Control Software Remote control software, such as pcAnywhere, VNC, etc. is not allowed to be used without the permission of the Electronic Security group and without having undergone a security check. Any non-Cincinnati Bell personnel requiring remote access must have the authorization of the Cincinnati Bell CIO . 11.2.2.7 Backup Files Backups are performed on all network drives on a daily basis. Backup files will be secured in a manner that ensures it is accessible only to authorized personnel and protected from inadvertent over-writing. File Management Overloading network drives can have serious consequences for all users, including slow overall performance or server failure. In order to maintain the network at peak performance, all users must make proper use of network disk space. Only business related files are to be stored on corporate systems (local or network). Any non-business related files (e.g. sound/music files, games, picture files, etc.) are subject to deletion without prior notice. Users are granted an initial amount of space for their personal directory. Group directories are setup to allow for users in a workgroup to share information. Additional space may be requested via a MAC (Move, Add, Change) ticket. It is the users' responsibility to make sure data on their drives is secured and only allow users with a specific need to have access to their group data. File Handling

11.2.3

Firewalls, Gateways, Routers & Network Connectivity 11.2.3.1 General Background and Purpose

The Cincinnati Bell organization is connected to the Internet so that employees and clients can have convenient access to Internet services. Since activity on the Internet is not fully trustworthy, Cincinnati Bell systems are vulnerable to misuse and attack. In order to minimize our Internet vulnerabilities, Cincinnati Bell has implemented firewall technology to serve as the gatekeeper between the untrusted Internet and our more trusted networks. From a security point of view, the use of firewalls allow Cincinnati Bell to centralize internal / external network access control. If outsiders or remote users access
Page 79 of 111

Cincinnati Bell's networks without going through the firewall, the firewall effectiveness is diluted and our security posture is jeopardized. Cincinnati Bell network administrators will make every effort to minimize the trade-offs between convenience and security on our networks in hopes of providing the highest level of security without placing an undue burden on internal users. 11.2.3.2 Trust Relationships

General By their very nature, the security of interconnected networks drops to the level of the weakest network. When decisions are made for connecting networks, trust relationships must be defined in order to avoid reducing the effective security of all networks involved. The most secure policy is to only allow connection to trusted networks that have been approved by the appropriate level of management. However, business needs may force temporary connections with business partners or remote sites that involve the use of untrusted networks. Internal-External Connections The Cincinnati Bell CIO will approve all connections originating from Cincinnati Bell networks to external networks. External-Internal Connections Unless specifically approved by the Cincinnati Bell CIO, external connections to the internal network are strictly prohibited. Requests for external-internal network connectivity will be made in writing with all pertinent information to include: Point of Contact information (name, phone #, etc) Purpose of Connection Systems involved Destination / Source IP addresses Physical location of the systems affected Protocols / Ports affected Estimated duration of connection (long term, 1 week, 2 days, etc) Overall justification

All connections to approved external networks will pass through companyapproved firewalls.

Page 80 of 111

External Connection Review All connections and accounts related to external network connections are informally reviewed on a regular basis by a Network Services Manager. Functional managers are responsible for validating and reporting their connection requirements to the Network Services Manager on a quarterly basis. Any accounts related to these connections that are not used on a monthly basis will be deactivated. When notified by the Network System Manager that the need for connection to a particular network no longer exists, System Administrators will delete all accounts and parameters related to the connection. 11.2.4 Software Control 11.2.4.1 Installation

Team BEST provides workstations configured with software needed by the user. This includes the Microsoft Office suite and any special software needed by the user to perform their daily tasks. If the user requires additional software, they should submit a MAC (Move, Add, Change) ticket and the software will either be installed by the HelpDesk or by using an electronic software distribution tool. If the user is asking for specific system access, the MAC ticket is routed to the system administrator for their approval before being processed. Cincinnati Bell strongly supports strict adherence to software vendors' license agreements. Adherence to these agreements is subject to random audits by these vendors. Where Cincinnati Bell computing or networking resources are employed, copying of software in a manner that is not consistent with the vendor's license is strictly forbidden. Similarly, reproduction of words, images, sounds or software posted or otherwise available over the Internet must be done only with the permission of the owner/author. 11.2.4.2 Viruses

General A virus is a self-replicating program spread from executables, boot records, and macros. The most common "carriers" of viruses into a network are the floppy disk and e-mail attachments. After replicating itself into other programs, the virus may print annoying messages or delete stored data. A virus infection of the Cincinnati Bell Internal Network could potentially cause considerable loss of time, data, and potentially harm the reputation of our organization. An infection could also have disastrous results for our clients. As an organization we must take all reasonable measures to ensure Cincinnati Bell's networks remains virus free. Prevention and Detection Virus scanning software with current virus definitions is required on all servers and workstations connected to the CBT Internal Network. The Help Desk will provide, for
Page 81 of 111

temporary use, antivirus software for vendors and visitors that need to connect their systems to the CBT network. Antivirus software definitions are updated every three hours or as needed. Real-time virus scanning will be enabled on all servers and workstations to detect and prevent virus infections. Periodic Scanning Virus-scanning tools will be used to automatically scan computers at least once a week. Users will inform the Help Desk of any virus detected, configuration change, or any unexpected or unusual behavior of a computer or application. Incoming E-mail/Files All incoming E-mail and files received from across a network will be scanned for viruses as they are received. Suspicious or tainted files will be dropped at the outer network boundary. This is an additional security measure and does not negate the user's responsibility to virus check any files that they introduce into the Cincinnati Bell environment from the outside. Team BEST also utilizes an E-mail content filtering tool that allows all Emails, not just the attachments, to be scanned for specific words or phrases and drop the incoming message if the specific content is detected. Files Brought In from the Outside Cincinnati Bell employees are required to perform a virus scan on all files or programs they bring into the Cincinnati Bell network regardless of the transport mechanism (floppy disk, DAT tape, e-mail attachment or file transfer). Failure to scan a file or program prior to its execution subjects the Cincinnati Bell organization and it clients to an increased risk of computer viruses. Users will report all instances in which a virus is detected to the Cincinnati Bell Help Desk. Virus Logs Virus scanning logs will be recorded, reported and examined by the system administration staff daily. Virus Notification When informed that a virus has been detected, Cincinnati Bell system administrators will alert all users who may have potentially been affected. In addition, administrators will provide users with checklist procedures to detect and remove the virus. IT Security Administrator or the Messaging Services Manager will send out a Broadcast voice mail to alert Cincinnati Bell personnel of the virus, its characteristics and steps to take if they believe they have been infected.

Page 82 of 111

Virus Isolation Any machine infected by a virus or suspected of being infected will immediately be disconnected from all networks. The system will not be reconnected to the network until system administration staff can verify that the virus has been successfully removed. Virus Removal Virus removal will be accomplished with virus software when applicable. If the software fails to remove the virus, all software on the computer will be deleted including boot records (if necessary). System software will then be reinstalled with "clean" resources and rescanned for viruses. 11.2.5 PC & Laptop Security Issues 11.2.5.1 General

Desktop and laptop computers are personal workstations that are linked to other computers via a Local Area Network. Both present security issues, though laptop computers by their very nature pose a greater security risk. Basic security measures common to both desktop and laptop computers include: Do not leave the workstation logged in overnight. When finished for the day, logoff the network and power off the workstation. If data is stored on the workstation hard drive, it is the owner's responsibility to make sure a backup copy of the data is retained on alternate media. Locate the workstation away from environmental hazards. Password protected screen savers should be used when leaving the workstation unattended for a short period of time. Laptop Issues

11.2.5.2

The use of laptop computers has risen dramatically because of the reduced cost, size, weight and fragility of components. Because of this, laptop computers pose their own specific security issues. They can be lost or stolen while employees are traveling. They are often used in public places, such as on airplanes or airports, thus making data and passwords vulnerable to "shoulder surfing". Also, the laptop computer is often left unattended in relatively insecure locations, such as in hotel rooms or rental cars. Security measures for laptops computers include: Treat your laptop as if it were your wallet or purse. Secure it in a locked drawer or cabinet or cable it to a fixed piece of furniture. If placed in a docking station, use the locking feature of the docking station in addition to a cable lock. Do not leave your laptop in the open inside a parked car. Do not leave your laptop unattended in classrooms, conference rooms, cafeteria, etc.
Page 83 of 111

 11.3

Never check a laptop as baggage.

Electronic Mail 11.3.1 Appropriate Use

Cincinnati Bell's e-mail system shall be used for the sole purpose of fulfilling the business needs of the company, provided that limited or occasional personal use of e-mail is permitted. This policy applies to all Cincinnati Bell employees and contractors that use the corporate e-mail systems. All e-mail communication must be handled in the same manner as a letter, fax, memo or other business communications. No commercial messages, employee solicitations, chain letters, messages of a religious or political nature are to be distributed using company e-mail. E-mail messages may not contain content that may be considered offensive or disruptive. Offensive content includes but is not limited to obscene or harassing language or images, racial, ethnic, sexual or gender specific comments or images or other comments or images that would offend someone on the basis of their religious or political beliefs, sexual orientation, national origin or age. Unauthorized Access

11.3.2

Cincinnati Bell's e-mail system is accessed via password-protected login. It is against company policy to access or attempt to access another user's account using their username and password. The only allowed method of accessing a mailbox other than your own is by using permissions delegated by the mailbox owner. It is also not permitted to send e-mail with a "from" address other than your own without the permission of the mailbox owner. 11.3.3 Privacy/Disclosure/Auditing

Cincinnati Bell's e-mail system and all messages flowing through it are the property of the Company; this pertains to both business and personal e-mail messages. Your messages may be read or disclosed at the discretion of management. The reasons that your mailbox may be opened and messages disclosed include but are not limited to the following: Vice President's approval Any Vice President or higher level employee may request access to any of his/her employees' mailboxes for any reason and without notification. Legal and HR concerns The legal or HR department may request access to any mailbox to fulfill a subpoena, warrant, union grievance, investigation or other reason. Administrative reasons Although the e-mail administrators respect your privacy, it may be necessary in certain cases to open a user's mailbox for a variety of technical reasons.

Page 84 of 111

11.3.4

Anti-Virus/Anti-Spam/File-Blocking

Cincinnati Bell's e-mail system is protected from the Internet by anti-virus/anti-spam software. This software removes known computer viruses and attempts to block unsolicited bulk e-mail transmission by using customizable filters. A side effect of the anti-spam filter is that it is possible that legitimate e-mail transmissions may be blocked if certain keywords are found in the message. Due to the proliferation of computer viruses, Cincinnati Bell has decided to disallow the transmission and reception of executable file types including .EXE, .VBS and other file types. For a complete list of blocked file-types, refer to Team BEST's e-mail FAQ documents found on the Intranet Website. 11.3.5 Mailbox backup Cincinnati Bell's e-mail system is backed-up each night for disaster recovery purposes only. Except by special request, we do not backup individual mailboxes; therefore Team BEST will not restore purged or accidentally deleted e-mail messages. With the approval of a Vice President, Team BEST will arrange to back up specified mailboxes so that they may be restored upon request. Because this takes a great deal of system resources, we need to limit the number of mailboxes backed-up this way to those that are absolutely necessary (those receiving orders, etc.) In any case, the maximum backup retention period is six weeks. It will not be possible under any circumstances to restore any e-mail message deleted more than six weeks prior to the backup. The tapes are automatically recycled at the end of this period. Also, not all deleted messages can be recovered; it depends on when the backup was run as it relates to the exact deletion time. 11.3.6 Mailbox delegation Cincinnati Bell's e-mail system allows for the delegation of access to individual mailboxes. Each user has complete control over the folders delegated and level of access. If a user wishes Team BEST to setup the delegation, an e-mail authorizing the access must be sent to "Email Administrator" from the mailbox owner. Under no circumstance will delegation be performed without written authorization. 11.3.7 Message retraction Cincinnati Bell's Microsoft Exchange e-mail system allows for the automatic retraction of e-mail messages. This feature is enabled to allow the sender to retract unopened messages that were accidentally sent. If a message has been opened, the system will not allow the retraction. Cincinnati Bell's e-mail administrators are generally not permitted to open a user's mailbox for the purpose of retracting a message. In order to do this, approval from a user's Vice President and the Cincinnati Bell CIO are required. If the data is critical in nature and immediate action is needed, such as payroll records or legal contracts being
Page 85 of 111

compromised, the e-mail administrators are permitted to use their judgment and act accordingly. In this case, notification of the VP and CIO will be done after the fact. (Note: It is not possible to retract an Internet message). 11.3.8 Bulk e-mail Cincinnati Bell's e-mail system may not be used for outbound bulk mailing without the permission of the Senior Manager, Messaging Services. Unsolicited bulk e-mail (sometimes called Spam) is usually not appreciated by the recipient. If Cincinnati Bell were to appear on one of the many "black lists" of Internet mail "spammers," it would cause our e-mail to be rejected by certain companies that use Anti-Spam filters. (Bulk e-mail is defined as any unsolicited message sent to 100 or more external mail recipients). 11.3.9 Broadcast e-mail Cincinnati Bell's e-mail system allows for mass mailing to all employees. The company-wide distribution lists are restricted to Corporate Communications and other identified employees for the purpose of dissemination of important information and announcements. There is a maximum limit of 100 recipients on sending broadcast messages from personal mailing lists. It is against company policy to send an e-mail message to more than 100 recipients without using a departmental mailing list. A departmental mailing list can be created by calling the Help Desk and opening a request to have one created. 11.3.10 Mailing Lists

Team BEST will create a public mailing list for any department that has a legitimate business need. In general, we ask that public mailing lists contain at least 10 users and have at least two owners designated. The mailing list owners are responsible for adding and deleting users from the list and requesting the list's deletion when it is no longer necessary. Mailing list requests should be made via a Remedy Help Desk ticket and should contain the requested name of the list, the owners' names and the business case for creating the list. 11.3.11 Message size limit

Cincinnati Bell's e-mail system has a message size limit for technical reasons. The maximum size of any message is limited to 15 megabytes. 11.3.12 Mailbox size limit

Team BEST has imposed the following size limits on server-based mailboxes: 50mb 100mb >100mb New users Upon request (Call the Help Desk) With written approval by your Vice President and the Senior Manager,

Page 86 of 111

Messaging Services. Have your VP send request to "Email Administrator" stating requested size and business case. 500mb Absolute maximum for server based mailbox for technical reasons (Use .PST files for more storage.) 11.3.13 Personal folder size limit

Team BEST has imposed the following size limits on network-based .PST files: 100mb Normal users 100mb 250mb 500mb Normal users Senior Managers Directors and above

More space can be requested by approval of your Vice President and the Senior Manager, Enterprise Network Services. Have your VP send the request to Team BEST stating requested size and business case. It is recommended to never exceed 500mb on a single personal folder file; this can cause the .PST file to become corrupted and unusable. 11.3.14 Automatic mailbox purge

Cincinnati Bell's e-mail system has an automated purge system that will automatically delete messages not specifically placed in a folder. Any message left in your Inbox or Sent Items folder will automatically be deleted after 30 days and cannot be restored. 11.3.15 Records retention policy

Cincinnati Bell's e-mail system and other electronically stored information should be treated just like any other filing systems, and are subject to the same record retention policy. Different types of records have different retention periods, and it is the responsibility of each user to understand and follow Company record retention guidelines. The retention periods for e-mail and other electronic records are based upon the contents of each record, not how it happens to be stored as e-mail, an electronic file, or in a filing cabinet. Additional discussion of records retention and disposal are described in Part 13 ( Records Retention Policy). 11.3.16 For more information:

For information concerning Cincinnati Bell's e-mail system that is not covered in this document, see the e-mail FAQs on the Team BEST section of the Cincinnati Bell Communications Intranet. 11.4 Wireless Connectivity 11.4.1 General This policy prohibits access to Company's' internal networks via unsecured wireless communication mechanisms. Wireless connectivity can provide multiple business advantages
Page 87 of 111

if deployed correctly and securely. To further that goal, only wireless systems that meet the criteria of this policy or have been granted an exclusive waiver by Team BEST Services are approved for connectivity to Cincinnati Bell's internal networks.

Page 88 of 111

11.4.2 Scope This policy covers all wireless data communication devices (e.g., personal computers, cellular phones, PDAs, etc.) connected to any of the Company's internal networks. This includes any form of wireless communication device capable of transmitting packet data. Wireless devices and/or networks without any connectivity to the Company's internal networks do not fall under the purview of this policy. 11.4.3 Requirements To comply with this policy, wireless implementations must: Be inspected, installed and configured by Team BEST. They must be configured for point to point hardware encryption (at least 128-bit) and support strong user authentication checking via Cisco's LEAP wireless security server maintained by Enterprise Services. 11.4.4 Equipment Cisco access points and wireless cards must be used to comply with these security restrictions. Depending on budget constraints, efforts will be made to provide compatible replacement equipment if none exists. In most cases, departments wishing to start participating in a wireless network will need to fund their own compatible equipment access points and cards. Team BEST will arrange for purchase of appropriate equipment to be billed to the requesting department. Access points should be deployed in a locked IDF closet or similar. If this is not possible, a cable lock should be used to secure the access point to a fixed piece of equipment. 11.4.5 Management and Monitoring An accurate inventory of access points including a hardware address that can be registered and tracked - i.e., a MAC address and serial number - will be required for each device. In addition, management of the access point will be solely maintained by Team BEST to maintain a unified enterprise wireless network and audit program. Should equipment change, the access point will need to be re-configured and re-certified. Periodic site surveys will be performed by Team BEST to identify any rogue access points and take appropriate action. With the exception of these site surveys, the use of wireless hacking or discovery tools targeting company equipment without explicit permission is prohibited. To report an unauthorized access point, inquire about wireless scanning, or request services to install an authorized access point, an e-mail should be sent to # IT Network Support. 11.5 Records Retention

For retention purposes, all information in an electronic format will be categorized based on content. That is, retention periods will be assigned based on the subject matter of the information rather than the medium.
Page 89 of 111

Voice mail, instant messages and ephemeral data, such as RAM, which are not captured in another format in the ordinary course of business will not be retained. (See Section 13.2.3)

Page 90 of 111

GLOSSARY Backup: Duplicate copy of data or a software application kept on diskettes or other media, to provide a level of security against loss or corruption of the original. Configuration: The components (central processing unit, hard drive, monitor, keyboard, etc.) that make up a computer. File server: A computer set up as a central service point for multiple workstations on a network. The file server contains software applications and data to be shared among the workstations and also allows the workstations to communicate with each other. Hardware: The physical elements of a computer: central processing unit, monitor, keyboard, etc. Hardware, non-standard: Hardware that is not normally used a Cincinnati Bell. If users purchase and use non-standard hardware, they are responsible for their own installation, staff training, support and repair. It is highly recommended they do not do this. Hardware, standard: Hardware that has been designated as the norm for use at Cincinnati Bell. HelpDesk: The staff supplied by Team BEST to provide general support and arrange repairs for standard hardware and software. They can be reached on (513) 397-1313. Information Technology Architecture: The strategic plan developed by Cincinnati Bell for acquiring, integrating, and using emerging computer technologies. LAN: See Local Area Network. License agreement: The contractual terms to which a software purchaser consents. These terms are set by the software developer and usually cover duplication of software diskettes and the sharing of the software with other users. Local Area Network: A data communications network linking computers and allowing the sharing of peripheral devices such as printers and file servers. Local hard drive: The hard drive built into an individual workstation on the network. Software applications and data that aren't stored on the network can be installed and accessed from the local hard drive. Log in: The procedure by which a user identifies himself to a computer and begins communicating with it. Log out: The procedure by which a user signals the end of his communication with a computer. Modem: A device that allows one computer to communicate with another over telephone lines. Communications software is required to exchange data between computers using the modem. Network: Multiple computers linked together. Networked computers can share files, printers, and software. Password: A precise series of characters that is required to access the software and data on the network. Passwords must be changed every 30 days. Peripherals: Equipment that increases the capabilities of a computer but aren't necessary for its operation. Many peripherals are connected to the computer externally, such as printers, scanners, optical character readers and external modems. Public domain software: See Shareware. Remote access: The ability to gain entry to a network from outside the physically cabled system. Remote access usually requires modems or other high-speed connectivity such as ADSL. Remote access allows the use of E-mail and other network capabilities.
Page 91 of 111

Remote access server: A computer set up to act as a central service point for the modems that allow remote access. Network users with remote access gain entry to the network through the remote access server. Resource sharing: An arrangement in which workstations, each with its own internal processor, are clustered to facilitate the sharing of printers and storage. Shareware: Software that has been developed and released to the public at large, without duplication restrictions. Any shareware loaded on Cincinnati Bell computers must be checked for viruses before loading. SOE: See Standard Operating Environment. Software: The programs that tell a computer how to perform specific tasks. A software application is a complex program that handles many aspects of a particular kind of work, such as word processing or accounting applications. Software, custom: Software that was not available as a shrink-wrap package and was therefore designed and developed to a user's specifications to meet a particular need. Software, non-standard: Software that is not widely used at Cincinnati Bell and is therefore not available on the network. If users purchase and use non-standard software, but are responsible for their own installation, staff training and support. Software, shrink-wrap: Software applications developed independently and marketed to the public at large; "off-the-shelf" packages. Software, standard: Software that has corporate-wide benefits and has been loaded on the network. Software piracy: The illegal copying of computer software for use on a computer other than the one for which it was purchased. Standard Operating Environment: The hardware and software components that have been designated as the standard for an organization. Surge protector: An electrical device that works as a line filter to keep voltage variations from causing problems. The computer, modem, printer, etc. are plugged into the surge protector, and the surge protector is plugged into the outlet. User community: An identifiable group of people who use similar applications on the corporate network to perform similar work. User ID: A precise series of characters used during the log-on procedure to identify a user. Each user's ID is unique. Versions: Software developers periodically re-release their products with a new, higher version number. This indicates they have made significant changes to the product. The version you plan to use can be important because some versions require more powerful hardware and may not be compatible with earlier releases. Virus: Instructions that are hidden in an otherwise normal program and intended to corrupt data or trigger hardware or software problems. Any diskettes, including software diskettes that have been used on any non-corporate computer should be checked for viruses before being used. In addition, local hard drives should be checked periodically. The network provides access to anti-viral software. Workstation: The basic components of a work area for an individual user.

Page 92 of 111

Page 93 of 111

PART 12: CPNI POLICY (revised 3/22/00) 12.1 General

As a telecommunications carrier, Cincinnati Bell has a statutory duty under Section 222 of the Telecommunications Act of 1996 to protect the confidentiality of proprietary information of, and relating to, other telecommunications carriers, equipment manufacturers, and customers, including telecommunications carriers reselling telecommunications services provided by another telecommunications carrier. The policies outlined below are meant to reflect in general terms Cincinnati Bell's obligations with respect to Customer Proprietary Network Information (hereinafter, "CPNI"), and the proprietary information of other telecommunications carriers (hereinafter, "Carrier Information"). Specific questions which are not addressed by these policies should be referred to the Office of General Counsel.

12.2 Definitions
"Aggregate Customer Information" means collective data that relates to a group or category of services or customers, from which individual customer identities and characteristics have been removed. "Carrier Information" refers to proprietary information of other telecommunications carriers that Cincinnati Bell receives or obtains for purposes of providing any telecommunications services to those carriers or their customers. "Customer Proprietary Network Information (CPNI)" means: (a) information that relates to the quantity, technical configuration, type, destination, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carriercustomer relationship; and (b) information contained in the bills pertaining to telephone exchange service or telephone toll service received by a customer of a carrier. The term "Customer Proprietary Network Information" does not include "Subscriber List Information." "Subscriber List Information" means any information: (a) identifying the listed names of subscribers of a carrier and such subscribers' telephone numbers, addresses, or primary advertising classifications (as such classifications are assigned at the time of the establishment of such service), or any combination of such listed names, numbers, addresses, or classifications; and (b) that the carrier or an affiliate has published, caused to be published, or accepted for publication in any directory format.

12.3 Policy Regarding Carrier Information

To the extent Cincinnati Bell receives or obtains Carrier Information from other telecommunications carriers for purposes of providing telecommunications services, it is Cincinnati Bell's policy to protect the confidentiality of such Carrier Information in the same manner as Cincinnati Bell protects its own proprietary information. Moreover, Cincinnati Bell will not use Carrier Information for any purpose other than the provision of the
Page 94 of 111

telecommunications service(s) in question. In no event will Cincinnati Bell use Carrier Information for its own marketing efforts.

12.4 Policy Regarding CPNI

Except as required by law or with the approval of the customer, it is Cincinnati Bell's policy to only use, disclose, or permit access to individually identifiable CPNI in its provision of: (a) the telecommunications service from which such information is derived; or (b) services necessary to, or used in, the provision of such telecommunications service, including the publishing of directories.

12.5 Disclosure of CPNI to Others

It is Cincinnati Bells policy to protect the confidentiality of all CPNI in its possession. Except upon affirmative written request by the customer, Cincinnati Bell will not disclose any CPNI to any third party.

12.6 Exceptions to CPNI Policy

Nothing in this Policy is intended to prohibit Cincinnati Bell from using, disclosing, or permitting access to Aggregate Customer Information in accordance with Section 222(c)(3) of the Telecommunications Act of 1996. Similarly, nothing in this Policy is intended to prohibit Cincinnati Bell from using, disclosing, or permitting access to CPNI obtained from its customers, either directly or indirectly through its agents: (a) to initiate, render, bill, and collect for telecommunications services; (b) to protect the rights or property of the carrier, or to protect users of those services and other carriers from fraudulent, abusive, or unlawful use of, or subscription to, such services; or (c) to provide any inbound telemarketing, referral, or administrative services to the customer for the duration of the call, if such call was initiated by the customer and the customer approves of the use of such information to provide such service.

Page 95 of 111

Part 13: Records Retention Policy (revised 09/01/2010)

13.1 Purpose

13.1.1 Virtually all functional areas within the Company generate records. The importance of these records varies to a substantial degree. The proper identification, retention, protection, retrieval and disposition of the large amount of recorded business and technical data continually being generated are of primary importance. 13.1.2 The purpose of this Records Retention Policy is to establish standard procedures for identifying, retaining, storing, protecting, and disposing of Company records. This policy is necessary to ensure that the Company's records management practices adhere to business, customer, and legal requirements and are conducted in a cost-effective manner. 13.2 Policy

13.2.1 It is the Company's policy to maintain complete, accurate, and high quality records. Records are to be retained for the period of their immediate use (active records), unless longer retention is required for historical business reference, contractual or legal requirements, or for other purposes as set forth in this Records Retention Policy. Records that are no longer required, or have satisfied their required period of retention, are to be destroyed in accordance with this Records Retention Policy. 13.2.2 Specific retention periods applicable to the Company's records are described in the attached Schedule of Retention Periods. All employees are responsible for ensuring that accurate and complete records are identified, retained, stored, protected and, if appropriate, subsequently destroyed, within their area of assigned responsibility and in accordance with this Records Retention Policy. 13.2.3 Changing technology has made available certain forms of so-called instant or ephemeral communication, including Internet Relay Chat, Instant Messaging, and wireless telephone text messaging. It is the Companys policy to discourage the use of these forms of communication in the ordinary course of business. If any ephemeral communications are made to conduct business such that storage of the communication is appropriate, then the user is responsible for making a record of the communication and storing that record in compliance with the applicable retention period. 13.3 Definitions 13.3.1 This Records Retention Policy utilizes the following terms: i) ii) "active records" - records which continue to satisfy an immediate use requirement. "inactive records" - records for which use or reference diminishes sufficiently to permit removal from the immediate area of the responsible custodian without impairing normal business.
Page 96 of 111

iii) iv)

v)

vi) vii)

viii)

ix)

"official records" - the record which furnishes the most conclusive information (i.e., the original, first copy, or the one used as the master). "records" - any documentary or electronically stored material, regardless of physical form, that is generated or received by the Company in connection with transacting its business, and is retained for any period of time for use in the ordinary course of business. In addition to normal business correspondence files and documentation, certain documentary or electronically stored material containing personal information, such as an appointment calendar and e-mail, are also considered records subject to treatment in accordance with this Records Retention Policy. "Records Center" - a designated area that is utilized for organizing storage, control and protection of inactive records, usually for a specified period of time. Each business or resource unit may have its own Records Center. "Records Retention Manager" - an employee appointed by a Vice President to ensure proper implementation of the requirements set forth in this Records Retention Policy. "vital records" - official records that are considered vital to the continuity of the Company. Without them, the business would be significantly impaired or could not survive a catastrophe, as they are necessary for the re-creation of the business. Examples of vital records include contracts, deeds, leases and corporate minutes. "Vital Records Center" - a designated area (separate from the Records Centers) that is utilized for organizing, storage, control and protection of vital records for reconstructive use in the event of a disaster. There shall be only one Vital Records Center, which should contain all Company vital records. "Vital Records Manager" - the employee responsible for identification, storage and retrieval of all Company vital records. The Vital Records Manager has the responsibility for the Vital Records Center.

13.4

Retention Period

13.4.1 The applicable retention periods for all Company records are described in the attached Schedule on Records Retention Periods. The retention periods designated shall apply to all company records, unless the record is specifically marked otherwise by the originator. 13.4.2 A retention period should be lengthened only where there is a significant and clear-cut business need or legal requirement. Any proposed change to a retention period shall be submitted in writing to the Records Retention Manager, who shall consider and act upon the request in consultation with the Office of General Counsel. 13.4.3 Personal records are not to be kept in Company files or otherwise commingled with Company records.

Page 97 of 111

13.5

Records Screening

13.5.1 Records should be screened periodically to determine if they are being actively used. Records that are being actively used should be stored in the immediate area of the responsible custodian. 13.5.2 Records not being actively used are to be reviewed for possible storage in the designated Records Center as detailed in Section 13.6. The assessment should be based upon the retention period, the existence of any legal holds, the need for retention, frequency of reference, the nature of reference, filing requirements and volume of files. 13.5.3 All drafts, duplicates and multiple materials should be eliminated. Whenever possible, the official record should be retained rather than a duplicate. 13.5.4 Unless a specific record is subject to a particular retention period, records containing handwritten marginal and personal notes should not be retained when the learning has been preserved in a formal written memorandum. 13.5.5 Each business or resource unit should identify those records that are essential to the continuity of the Company and designate them as vital records. Vital records should be duplicated and the original records stored in the Vital Records Center, separate from the Records Centers detailed in Section 13.6, for reconstructive use in the event of a disaster ("Vital Records Center"). The Vital Records Manager shall maintain a current list of vital records. 13.5.6 Electronic mail should be reviewed as part of the records screening and retention process. 13.6 Records Storage

13.6.1 All records containing Trade Secrets or other Confidential Information should be stored in accordance with the procedures outlined in Section 3.4.4 of the Company's Trade Secret Policy. 13.6.2 The Company should establish and maintain either internal or external records centers to store, control, and protect records which are not being actively used by the record holder ("Record Centers"). Records Centers are to be in safe/secure locations and protected from environmental and other potential harm including: i) ii) iii) Ordinary hazards such as fire, water, mildew, rodents, and insects. Man-made hazards such as theft, accidental loss, sabotage, and industrial espionage. Unauthorized use, disclosure, and destruction.

13.6.3 A separate Vital Records Center should also be established to store, control, and protect vital records. The Vital Records Center is to be in a safe/secure location and protected from environmental and other potential harm including:
Page 98 of 111

i) ii) iii)

Ordinary hazards such as fire, water, mildew, rodents, and insects. Man-made hazards such as theft, accidental loss, sabotage, and industrial espionage. Unauthorized use, disclosure, and destruction.

13.6.4 Confidentiality Agreements should be executed with all Records Center and Vital Records Center vendors prior to storage of records containing Trade Secrets or other Confidential Information at their sites. 13.6.5 Containers used to store records in the Records Centers and Vital Records Center should be labeled in sufficient detail to facilitate prompt and accurate content identification by the Records Center. Records are to be filed in records storage containers by year to facilitate their reference, review, and destruction. 13.6.6 Electronic information shall be stored in accordance with the CorpNET Guidelines set forth in the Company's Corporate Policies Manual (only applicable to CBT). 13.6.7 In no event should Trade Secrets or other Confidential Information be stored at an employee's home. 13.7 Review and Purging of Files

13.7.1 Each business and resource unit should designate at least one day annually on which all employees are to review and purge their respective files in order to ensure continued compliance with this Records Retention Policy. Before conducting any purge, the manager should contact the Office of the General Counsel to determine whether the Records Retention Policy has been suspended. 13.7.2 During the Review and Purge Process: i) ii) iii) iv) v) All records should be reviewed against this Records Retention Policy and the retention periods set forth in the Schedule on Records Retention Periods. Records which require retention should be identified, grouped, labeled, and transferred to storage. Records which have exceeded their required retention periods should be destroyed in accordance with the procedures outlined in Section 13.8. Unnecessary duplicate/multiple copies of records should be identified and destroyed in accordance with the procedures outlined in Section 13.8. The manager or supervisor of any terminating or transferring employee is responsible for reviewing the business files of the employee concurrent with the employee's departure. Such files should be reassigned to other employees or purged.

Page 99 of 111

13.8

Destruction of Records

13.8.1 All records identified for destruction during the review and purge process are to be shredded or burned. Electronic information shall be destroyed in accordance with the CorpNET Guidelines set forth in the Company's Corporate Policies Manual. Records are not to be thrown away in waste containers as normal trash. 13.9 Compliance 13.9.1 Each business or resource unit shall be responsible for appointing a Unit Records Manager to ensure proper implementation of the requirements set forth in this Records Retention Policy. 13.9.2 Each Unit Records Manager shall be responsible for developing a system for ensuring proper implementation for this policy within their respective business or resource unit. Each Unit policy shall de developed in writing and implemented under the supervision of the Records Retention Manager and the Office of General Counsel. 13.9.3 The Office of the General Counsel shall provide all business and resource units with continuing and updated legal and statutory requirements for records retention. 13.10 Suspension of Records Retention Policy 13.10.1 The Office of the General Counsel may at any time order a suspension of the Records Retention Policy, including a suspension of the destruction of paper documents, a suspension of the purging of electronic mail, limiting the size of electronic mailboxes, disabling the electronic accounts of terminated employees and/or disabling inactive electronic accounts, by notifying all affected departments. Upon being notified of such a suspension (also called a Legal Hold or a Litigation Hold), each business or resource unit manager shall immediately inform all Company personnel under his/her supervision of the suspension, and instruct such personnel to follow the procedures set forth in the Legal Hold or Litigation Hold, which will specify the types or categories of Company records which are not to be destroyed or purged during the suspension period. 13.10.2 Once declared, a Legal Hold or Litigation Hold shall be periodically redistributed and re-enforced to relevant Company personnel and shall continue to be enforced until the Office of the General Counsel issues a termination of the Legal Hold or Litigation Hold. 13.11 Sharing Company Records 13.11.1 On occasion, subject to legal and regulatory requirements, Company records may be shared with companies previously affiliated with the Company where there is a legitimate business need for the information. The sharing of Company records is permissible only under the terms and conditions of a signed Confidentiality Agreement between the Company and the Requesting Party. Requests for Company records must be coordinated through the Office of General Counsel and the Records Center Manager.
Page 100 of 111

13.11.2 Original Company records shall not be released from the Company's possession. The Records Center Manager will make arrangements to have the requested records copied, scanned, or made available for review by the Requesting Party.

Page 101 of 111

SCHEDULE ON RECORDS RETENTION PERIODS For questions concerning this Records Retention Schedule or for retention periods for records not listed on this Schedule, contact the Records Center Manager for your business or resource unit. Unless indicated on the below chart, all inactive Company records, as defined by Section 13.3.1 (ii) of the Records Retention Policy, will be retained no longer than two years. Record Category Retention Period Access Market Information - Self Reports, Report Cards - Permanent Accounting Records - Financial Reports - Permanent Accounting Records - General Ledgers - Permanent Accounting Records - Journal entries & support documents - Permanent Administrative Guidelines Compensation Plans - 5 years Advertising Budgets - 5 years Advertising Campaigns - 8 years Advertising Media Schedules - 5 years Annual Department Budget - 3 years Annual Department Objectives - 3 years Annual Reports (before divestiture) - Permanent AP58's/Vouchers - 3 years AP58s & GE36s - 6 years B&C - Info Letters - Permanent B&C - PONS - Permanent B&C - Stargate - Permanent Bankruptcy Notice - Permanent Benefit Information Records kept in accordance with Federal Recordkeeping Requirements Bill Inserts & Bill Messages - 5 years Billing Detail - 3 years Bills, invoices, etc. - 4 years Board of Directors/Sr. Mgt Presentations - Permanent BSP - BCP - Tellabs - Wescom - AT&T - Lucent Documents - 1 year after equipment is obsolete Business Cases/Models and Documentation - Permanent C.O. Translations - Permanent Cable Details - Permanent CABS Voucher Approval Forms - 3 years CAMS (Computer Alarms) Log tape - 3 years CBIS Billing - Permanent CBIS Correspondence - Life of CBIS Contract + 2 years CBT billed revenue reports - Permanent CBT FCC Formal Complaints - Permanent CBT FCC Pleadings - Permanent CBT Lobbyists Registrations - Permanent Change of Lessee - 3 years CISR/BISR - Permanent Collateral & Brochures - 5 years Collection & Treatment - 5 years
Page 102 of 111

Communications Plans - Regulatory - 4 years Community Relations News - 5 years Company Publications - Permanent Company Videos - External Organizations - 5 years Company Videos - Internal - 5 years Compensation Plans and Compensation Results - management and hourly - 3 years after termination of compensation plan Completed Work Orders - 3 years Contracts - 15 years Corporate Re-Engineering Records (Project P) (3 years after restructure is complete Corporate Tickets - Purchase & Distribution - 3 years COSMOS Orders - Permanent Customer Billing Records - Bus/Res Information - 7 years Customer Billing Records IXC Information - 7 years Customer Feedback - 3 years Customer Files - 7 years Customer Proposals - 3 years Customer Rebates/Promotion Results - 7 years Customer Records - 5 years Customer Records - Bills - 7 years Customer Records - Equipment - 5 years Customer Records - Products - 5 years Customer Research -- Model for Public Input -5 years Customer Service - Equipment Records for All Services - 7 years Customer Service - Faxed Letters of Authorization - 3 years Customer Service - Frame Relay Customer Records - 7 years Customer Service - Fuse Billing & Customer Records - 7 years Customer Service - Fuse Dedicated Circuit Records - 7 years Customer Service - LAN Advantage, Circuit, Customer Records - 7 years Customer Service - Small Contracts - 15 years Customer Service - Vendor Technical Documents - 1 year after equipment is retired Customer Surveys - 7 years Customer's Work - 3 years CVA Data - Customer Information - 7 years Daily Location Log - 3 years Data Center Visitor Log - 3yr specified by Security Digital Cross Connect System Daily Backup Tapes - Permanent Directory Assistance Exemption Form - Permanent Dispute Resolution Documentation (LEC letters, Affidavits, Payphone bills) -10 years Driving Records - Employment plus 3 years E2700 Reports - Permanent Easements including railroad - Permanent Employee PAC Sign-Up Forms - 4 years Employment Records Records kept in accordance with Federal Records Keeping Requirements (FEP 401, 403 and 441) ES3.1 Files 10 years Environmental Records - Contact General Counsel for Retention Periods External Organization Correspondence and Contract Records - 4 years FCC Licenses - Permanent FCC Registrations - Permanent
Page 103 of 111

Financial Reporting and Analysis - Hyperion Enterprises & OLAP On-line detail - 2 years, Online summary - 10 years, Off line detail - 10 years Financial Reporting and Analysis Orbit Data Tapes 1984 Present Foundation Requests & Commitments - 8 years Fundraising Campaigns & Giving Histories - 5 years Headcount Reports - 5 years Held Service Orders - 1989-present Hiring Records Records kept in accordance with Federal Records Keeping Requirements (FEP 401, 403, 441 and WH 94, 96, and 97) Historical Files - Permanent Installation Records - 7 years Internal DA Cost Study - 5 years Joint Line Records - 5 years KY General Assembly Actions - 5 years Labor Relations Files (CAW) Records kept in accordance with Federal Recordkeeping Requirements (WH 90, 96 and 97, FEP 401) LEC COCOT Quarterly Snapshots - 10 years Legal - EEO/Employee Investigations - Records kept in accordance with Federal Records Keeping Requirements (FEP 401, 403 and 441) License for MS Office Professional for 29 copies - Permanent Licenses - IRP 4 years Mainframe and other Generated Reports - Actuals detail verification reports Part 32 & 64 Permanent Mainframe and other Generated Reports - Midas product detail reports- Permanent Mainframe and other Generated Reports - RFQ/RFP's - Permanent Maintenance Records - 10 years - Keep for Historical Records Manufacture Documentation - 7 years Maps to CBT Buildings - Permanent Market Plans - 7 years Matching Gifts - 3 years Medical Records - Records kept in accordance with Federal Recordkeeping Requirements (OSHA PM 249, GFNP 90, COMP 335, FEP 401, 403, 405, 441 and WH 95, 96 and 97) Microfiche (Central Office Drawings) - Permanent Minimum Service Standards - Permanent Monthly Service Order Status - 3 years News Releases - Permanent Non-OSHA - Until vehicle is retired NSEP/Shares Radio Info. - Permanent Operational Metrics - 3 years OSHA Files - 1 year after vehicle is retired - 5 years if injury PAC Check Disbursements - 6 years Payphone Owner Claims - 10 years Payroll - Timesheets (paper copies with breakdown of various billing codes not entered electronically on COMETS) - 3 years Payroll - Verification Reports - 3 years Payroll Records - 3 years Payroll Yearly Backup Tape - Permanent PCNs - 3 years Performance Measurements - Permanent
Page 104 of 111

Performance Records - 7 years Permits - 3 years PICS/DCPR - 10 years Pioneer Financials - 6 years Pioneer Volunteer Hours - 5 years Posted Work Order - Permanent Print Ads - 8 years Printer Volume - from 4/95 Product Information - 3 years Project Approvals - 10 years Purchase Orders - 7 years Quarterly KY Ethics Filings - Permanent Rate Case Material - Permanent Real Estate Management Records (Floor Plans, Leases, Estimates) - Permanent Regulatory Accounting Records Cost Studies- 3 years Regulatory Accounting Records - Depreciation Studies - 7 years Regulatory Accounting Records Other - 7 years Regulatory Filing Research - 4 years Regulatory Records - Interconnection - 10 years Regulatory Records - Rate Case Info - Permanent Requests for Corporate Contributions - 5 years Responses to Competitive Bids - 3 years SAART (AT&T Network) minutes of use/revenue reports - 7 years Safety Files Records kept in accordance with Federal Recordkeeping Requirements (GFNP 80, PM 247, LR 85) Salary Documents Records kept in accordance with Federal Recordkeeping Requirements (WH 94 and 96) Sales Tracking System (Lucent reports) billed revenue reports - 7 years Security Records - Subpoenas - 7 years Special Bids - 5 years Specific Estimates - 10 years Sponsorship Materials & Contacts - 8 years State Regulatory Documents - Ohio, Kentucky & Indiana - 6 years State Regulatory Documents all remaining states Records kept in accordance with state or FCC retention guidelines Strategic Plans - Permanent Subdivision Files - Permanent Tax Exemption Form - Permanent Tax Records - Permanent Technology Records - 5 years Telco Legislation - Permanent Telephone Service Assistance/Lifeline Assistance Forms - Permanent Time Sheets (for lobbying expenses) - Permanent TIRKS - 5 years TIRKS Restoration Plan - 7 years TIRKS Word Documents - Permanent Training Course Materials - Records kept in accordance with Federal Recordkeeping Requirements (PM 205, GFNP 90) Training Records - 5 years Trouble History - 7 years
Page 105 of 111

TV & Radio Tapes - 5 years Vehicle - Accidents/Bill Jobs - 10 years Vehicle - BPO Renewals - 3 years Vehicle - Fuel Tank Reconcile - 3 years Vehicle - Fuel Usage - 3 years Vehicle - Gas Sheets - 3 years Vehicle - IVMR (mileage recs.) - 3 years Vehicle - OS-287's (Purch Req) - 3 years Vehicle - PTO (Fuel tax credit) - 3 years Vehicle - Sale (Auction) - 14 years Vouchers (generally: invoices from vendors, employee expense reports, etc.) - Permanent Y2K - PMO Internal Processes/Procedures - 7 years Y2K - Meeting Minutes - 7 years Y2K - Monthly Project Books - 7 years Y2K - Monthly Status Reports - 7 years Y2K - Presentations - 3 years Y2K - Inventory Database for each Functional Area - 7 years Y2K - Telco Forum General Documentation - 7 years Y2K - Telco Forum Agreements - 15 years Y2K - Readiness Review Complete/signed Checklists - 7 years Y2K - Readiness Review Test Plans 7 years Y2K - Readiness Review Test Results 7 years Y2K - Readiness Review Other Supporting Documentation - 7 years Y2K - Schedules/Project Plan - 7 years Y2K - Vendor Compliance Letters - 7 years Y2K - Vendor Status Responses - 7 years Y2K - Conversion vendor Status Reports - 7 years Y2K - Conversion Vendor Invoices & AP's - 7 years Y2K - Business Sales Letters - 7 years Y2K - General Information (Lucent/Bellcore) - 7 years Y2K - Regulatory Filings - 7 years Y2K - Risk Management Documentation - 7 years Y2K - Risk Management Contingency Plan - 7 years Y2K - Risk Management Database - 7 years

Page 106 of 111

PART 14: MISCELLANEOUS ADMINISTRATIVE POLICIES (revised 3/22/00) 14.1 Receipt and Disposition of Legal Documents
14.1.1 In the course of conducting business, Cincinnati Bell is routinely served with documents of a legal nature. These documents typically include, but are not limited to, the following: (a) complaints, answers, motion, and other pleadings from parties to various litigation and/or regulatory proceedings involving Cincinnati Bell Inc. and its subsidiaries; letters or other correspondence in which litigation or other legal action against the Company is threatened or implied; documents/notices from regulatory agencies, tax authorities, etc. notifying the Company of actions taken (or to be taken) which may have an impact on the Company; subpoenas or other court orders directing the Company to take (or refrain from taking) certain actions; letters from other telecommunications carriers requesting the commencement of interconnection negotiations.

(b) (c)

(d) (e)

14.1.2 All documents of a legal nature received by any Cincinnati Bell employee (whether intentionally or by mistake) should be directed to the Legal Department in Cincinnati immediately. If there is any doubt as to whether the document is of a legal nature, or whether the document has already been forwarded to the Legal Department, the document should be hand-delivered to the General Counsels Office immediately.

14.2 Policy for Processing Court Ordered Wire Tap Requests

Cincinnati Bells Security Department is responsible for processing all service requests for court ordered telephone wire taps. Any law enforcement agency requesting a court ordered wire tap on a Cincinnati Bell subscribers line should be referred to the Security Department immediately. The Security Department will process all such requests in accordance with the Companys Operational Procedures for Processing Court Ordered Wire Tap Requests.

Page 107 of 111

PART 15: PERSONALLY IDENTIFIABLE INFORMATION PROTECTION POLICY (6/11/09) 15.1 Purpose and Scope
15.1.1 To effectively and efficiently service customers, to satisfy legal obligations, to protect the rights and assets of the Company and to provide employment-related benefits and fulfill other obligations to its employees, the Company collects and maintains certain Personally Identifiable Information (PII) regarding customers and employees. The purpose of this policy is to ensure that this information and the identities of our customers and employees are protected from misappropriation and theft.

15.2 Definitions
15.2.1 Personally Identifiable Information (PII) means individually identifiable information from or about an individual including but not limited to: (a) first and last name; (b) a home or other physical address including street name and name of city or town; (c) an email address or other online contact information such as instant messaging user identifier or screen name that reveals an individuals email address; (d) a telephone number; (e) a Social Security Number; (f) credit and/or debit card information, including credit and/or debit card expiration date; (g) credit history/credit score; (h) Customer Proprietary Network Information (CPNI); (i) a persistent identifier, such as a customer number held in a cookie or processor serial number that is combined with other available data that identifies an individual; or (j) any other information from or about an individual customer or employee that is combined with (a) through (i) above. Responsibility 15.3.1 The Vice President - Information Technology, shall be responsible for coordinating the security of PII. Policy Regarding Personally Identifiable Information (PII) It is Cincinnati Bells policy to use, disclose or permit access to PII only as necessary to efficiently provide quality customer service, to fulfill legal obligations, to protect its rights and assets and to provide benefits to its employees. It is the Companys policy to protect the confidentiality of PII in its possession. To achieve this objective, Cincinnati Bell will undertake efforts to: (a). Periodically review PII gathering practices and procedures to determine necessity (including availability of less intrusive alternatives) and usage; (b). Identify material external and internal risks to the security, confidentiality and integrity of PII that may result in unauthorized disclosure, misuse, loss, alteration, destruction or other compromise of such information and assess the sufficiency of existing safeguards to control such risks. This involves consideration of risks in areas of relevant
Page 108 of 111

operation including (i) employee training and management, (ii) information systems (network and software design information processing, storage, transmission and disposal), and (iii) prevention, detection and response to attacks, intrusions and other system failures; (c). Design, implement and maintain reasonable safeguards to control identified risks and adjust such safeguards as appropriate in response to testing and monitoring, material changes in operations or business arrangements, or other circumstances that reasonably may be expected to impact the effectiveness of the security program; (d). Annually notify all employees to review this and other Company policies addressing PII security such as the Trade Secret Policy, the Cincinnati Bell Computer & Enterprise Network Security Policy, the CPNI Policy and the Code of Business Conduct. Breach of Computer System Security Involving Certain Personal Information 15.5.1 A breach of system security means the unauthorized access to and acquisition of computerized data that compromises the security or confidentiality of Personal Information owned or licensed by Cincinnati Bell that causes, reasonably is believed to have caused or reasonably is believed will cause a material risk of identity theft or fraud. 15.5.2 Definitions. For purposes of this section 15.5:

a). Personal Information is non-public information that includes or consists of an individuals first name or first initial and last name in combination with and linked to one or more of the following data elements where such elements are not encrypted, redacted or altered by any method or technology such that the data elements are unreadable; (i) social security number, (ii) drivers license or state ID card number, (iii) account number or credit or debit number, in combination with and linked to a code or password that would permit access to an individuals financial account; b). System is any collection or group of records kept in an organized manner from which Personal Information is retrieved via name or other personal identifier. It does not include any published directory. c). Record is any information stored in an electronic medium that is retrievable in perceivable form excluding any publicly available directory information (i.e. name, address or telephone number); d). Encryption means the use of algorithmic process to transform data into a form in which there is a low probability pf assigning meaning without use of a confidential process or key; e). Redaction means altered or truncated so that only the last four digits of a social security, drivers license, state identification card account, credit or debit card number are accessible. 15.5.3 In the event of a system security breach involving a system owned or licensed by Cincinnati Bell that contains Personal Information, notice must be provided to residents of
Page 109 of 111

Ohio whose Personal Information was or reasonably is believed to have been accessed and acquired by an unauthorized person where such access and acquisition causes or there is a reasonable belief that it will cause a material risk of identity theft or other fraud to the resident. Any person or entity that, on behalf or at the direction of Cincinnati Bell is the custodian of or stores computerized data that includes Personal Information must immediately notify Cincinnati Bell of any system security breach if such Personal Information was or reasonably is believed to have been accessed or acquired by an unauthorized person and such access or acquisition causes or reasonably may cause a material risk of identity theft or other fraud to an Ohio resident. a). Notice of breach shall be made not later than forty-five (45) days following Cincinnati Bells discovery or receipt of notice of the breach and shall be consistent with measures necessary to determine the scope of the breach and to restore the reasonable integrity of the data system. However, notice may be delayed if a law enforcement agency determines that such notification will impede a criminal investigation or jeopardize homeland or national security. b). Notice may be made in writing (including bill insert), electronically (where the primary method of communication with the affected resident is by electronic means) or by telephone. Substitute notice methods (as specified by Ohio law) may be used where (i) insufficient contact information is available, (ii) the cost of providing notice to affected residents would exceed $250,000, or (iii) the affected class of affected residents exceeds 500,000 persons. c). Notice must be provided to consumer reporting agencies if 1,000 or more residents are affected by a single breach d). Notice must be provided to law enforcement by Corporate Security, where required pursuant to Ohio Revised Code 2921.22(A)(2). 15.5.4 ANY BREACH OR SUSPECTED BREACH OF SYSTEM SECURITY MUST BE REPORTED IMMEDIATELY TO THE VICE PRESIDENT OF INFORMATION TECHNOLOGY, DIRECTOR OF TAX AND INTERNAL CONTROLS AND THE VICE PRESIDENT OF HUMAN RESOURCES AND ADMINISTRATION (CORPORATE SECURITY). For each reported breach or suspected breach the following steps will occur: a). The complaint will be documented; b). The details regarding the suspected breach will be investigated; c). If a breach is confirmed, efforts to correct or eliminate the cause of the breach will be undertaken; and d). Any required customer, regulatory and law enforcement communications will be initiated, as appropriate.

Page 110 of 111

15.6 Destruction of Documents and Records Containing Personally Identifiable Information

15.6.1 All Personally Identifiable Information (PII) must be destroyed by shredding such that the information cannot practicably be read or reconstructed. Trade Secret and Confidential Information is not to be thrown away in the waste containers as normal trash or left in designated shredding cans overnight. 15.6.2 Electronic media containing PII, such as tapes and diskettes, must be erased and/or reformatted, so that the information cannot practicably be read or reconstructed, before being discarded or reused. Simply deleting a file containing PII is not the same as erasing it. 15.6.3 A contractor in the business of record or electronic media disposal may be retained to dispose of or erase PII only after a due diligence assessment, consisting of one or more of the following: (a) reviewing an independent audit of the contractors record/information disposal and/or erasure operations and/or its compliance with 16 CFR Part 682; (b) consulting with several of the contractors references or other reliable sources in a position to have information regarding the contractors record/information disposal and/or erasure operations; (c) requiring the contractor to be certified by a recognized trade association or similar third party; (d) reviewing and evaluating the contractors information security policies and procedures; or (e) taking other appropriate measures to determine the competency and integrity of the contractors record/information disposal and/or erasure operations.

Page 111 of 111