Acceptable Use Policy

Introduction
U.S. Concrete Inc. ("Company") owns, operates, administers and provides various computing devices, communication devices and services for the purpose of facilitating business operations and improving productivity. The various devices and services are used to transmit, receive, process and/or store information, whether electronic or telephonic (i.e. voice-based), and include personal computers; server computers; local- and wide-area network and shared files; Internet-based services; e-mail and instant messaging; office phones and voice mail; and portable computing and communication devices (such as cellular phones, Blackberries, Personal Digital Assistants and handheld computers).

The various devices and services, along with the information and messages transmitted, received, processed or stored through them, will be collectively referred to as "Resources" in the remainder of this policy. The Resources are integral to ongoing business operations. A substantial human and financial investment has been made to develop and provide them and they are considered assets of the Company. The Resources also introduce significant business and legal risk. Consequently, the Company has an inherent interest in:

• Protecting its physical and informational Resources.
• Ensuring that the Resources are used effectively to facilitate business operations and increase productivity and that the usage is consistent with the Company's legitimate business interests.
• Reducing business and legal risk and avoiding legal and regulatory problems introduced by the Resources.
• Protecting the good name of the Company.
• Avoiding situations that could be detrimental to the image of the Company.

To accomplish its objectives, the Company has established and documented general principles that govern the usage of Company Resources along with examples of acceptable and unacceptable usage.

Scope
All Users: This policy applies to all employees, contractors, consultants, temporaries and other users at the Company, including those users "affiliated" with third parties who access Company Resources. Throughout this policy, the word "user" will be used to collectively refer to all such individuals.

All Resources: This policy applies to all Resources owned, provided and/or administered by the Company, including any external networks (e.g. the Internet) and services (e.g. Internet e-mail and bulletin boards) accessed through Company-owned and/or administered Resources.

All Locations: This policy applies to all locations of the Company.

Policy Areas: This policy covers the Internet; electronic and voice communications; information security; copyrights and license agreements; and computers.

General Principles
General principles governing the acceptable use of Company Resources are as follows:

• Company Property: All Resources (including backups) that have not been specifically identified as the property of other parties will be treated as the sole property of the Company. The Company's policy is to prohibit unauthorized access, disclosure, duplication, modification, diversion, destruction, loss, misuse or theft of the Resources that it owns.
  
  In addition, it is the policy of the Company to protect Resources belonging to third parties that have been entrusted to the Company in confidence as well as in accordance with applicable contracts and industry standards.
  
  
• Company Rights and Privacy: Management has the right and duty to control the Company's Resources and their use. The Company reserves all rights, including termination of use without notice, to the Resources owned or operated by the Company. Furthermore, management has the authority to define appropriate use and may deny, evoke, suspend or close any user's access at any time based upon its determination of inappropriate use by that user.
  
  These policies and guidelines shall not be construed as a waiver of any rights of the Company, nor shall they conflict with any applicable acts of law. Users have rights, which may be protected by federal, state and local laws.
  
  Subject to applicable laws and regulations, the Company reserves the right to audit, access and monitor the contents of electronic or voice communications and any information transmitted, received and/or stored through a Resource without prior notice for all purposes, including to support operational, maintenance, auditing, training, security and investigative activities. The company also reserves the right to inspect any and all files stored in private areas of our network in order to assure compliance with this policy.
  
  
• Access to Resources is a Privilege: The use of Company Resources is a privilege, not a right. The Resources are to be used primarily, if not exclusively, for job-related purposes. Inappropriate use, including any violation of the conditions and rules set forth in this policy, may result in cancellation of these privileges, as well as disciplinary action (refer to the Violations section below).
  
  
• User Conduct Must Be Ethical and Legal: Users are responsible for conducting themselves in an ethical and lawful manner when using Company Resources.
  
  
• Protect Copyrighted Materials and Trade Secrets: Copying, transmitting, transferring, adding or deleting any copyrighted material (including information and programs) or material protected by trade secret is strictly prohibited. The Company strongly supports strict adherence to software vendors' license agreements. When at work, or when Company Resources are employed, copying of software in a manner that is not consistent with the vendor's license is strictly forbidden.
  
  
• Utilize Company Name and Service Marks Only in Authorized Manners: Any use of the Company's or U.S. Concrete's name or service marks outside the course of the user's employment without the express authorization of an authorized member of manage­ment of the Company is prohibited.
  
  
• Issuance of Public Representations Regarding the Company Is Prohibited: Issuance of media advertisement, Internet home page, electronic mail message, voice mail message or any other public representation about the Company or U.S. Concrete or on behalf of the Company or U.S. Concrete is prohibited unless it has first been approved by an authorized member of management of the Company. Unsolicited contact from the public media shall be deferred to management of the Company.
  
  
• Protect Confidential, Sensitive or Otherwise Proprietary Information: Users may not place or post confidential, sensitive or otherwise proprietary information on the Internet under any circumstances. Users may not disperse or transmit corporate data to the Company's customers, clients or anyone not affiliated with the Company without the express authorization of an authorized member of manage­ment of the Company.
  
  
• Protect Resources from Physical Threats or Theft: The Company's policy is to protect computer hardware, software, data, documentation or other Resources from misuse, theft, unauthorized access and environmental hazards. Users must exercise care to safeguard valuable Resources assigned to them, such as electronic equipment, from unauthorized access or theft. Users should protect Resources from exposure to environmental hazards such as food, smoke, liquids, high or low humidity and extreme heat or cold. Users who neglect their duties may be accountable for any loss or damage that result.
  
  
• Report Security Issues or Breaches: Any incident that appears to compromise the security of Company Resources should be reported to the Director of IT immediately, including unauthorized use and compromised passwords or other system access control mechanisms.
  
  
• Violations: Failure to observe these guidelines may result in disciplinary action by the Company, up to and including termination, in accordance with Company policy.

Statement of Responsibility
General responsibilities and guidelines pertaining to this policy are set forth in this section.

User Responsibilities
Users are responsible for:

1. Complying with the policies established in this document as well as any additional guidelines established by the administrator of the policy.
2. Reporting security lapses or abuses to the Helpdesk.

Manager and Supervisor Responsibilities
Managers and supervisors are responsible for:

1. Ensuring that all users are aware of and comply with this policy.
2. Creating appropriate performance standards, control practices and procedures designed to provide reasonable assurance that all users observe this policy.

Director of Information Technology Responsibilities
The Director of Information Technology is responsible for:

1. Developing and maintaining written standards and procedures necessary to ensure implementation of and compliance with these policy directives.
2. Providing appropriate support and guidance to assist users to fulfill their responsibilities under this directive.

Adherence and Agreement
All users must read, understand and comply with the policies established in this document as well as any additional guidelines established by the administrator of each Resource.

BY USING ANY COMPANY-OWNED COMPUTER - OR COMMUNICATIONS-RELATED SYSTEM OR TECHNOLOGY (I.E. ANY RESOURCE), USERS AGREE THAT THEY WILL COMPLY WITH THESE POLICIES.

Contact Point
Questions about this policy may be directed to helpdesk@us-concrete.com.


Internet Usage Policy
Purpose
The purpose of this policy is to establish general principles along with specific examples of authorized and unauthorized use that ensure the appropriate protection of Company Resources from Internet connections and ensure that all users are responsible and productive Internet users.

Scope
This policy covers any service or information accessed through a Company-provided Internet connection including web pages, personal email accounts, instant messaging, bulletin boards, chat rooms, newsgroups and file/information storage.

General Principles

• User Conduct Must Be Honest and Appropriate: Users must conduct themselves honestly and appropriately on the Internet, honoring the acceptable use policies of other networks and respecting the copyrights, software licensing rules, intellectual property rights, privacy and prerogatives of others, just as the individual would in any other business dealings.
  
  
• Internet-based Information Should Be Considered as Suspect: All information taken from the Internet should be considered suspect until confirmed by separate information from another source. There is no quality control process on the Internet and a considerable amount of its information is outdated or inaccurate.
  
  
• Information Transmitted or Received Over the Internet Is Typically Not Secure: Information transmitted or received, whether internal or external through the Internet, should be considered unsecured and vulnerable to third party access. No confidential information should be sent without verifying proper security.
  
  
• Monitoring and Privacy: The Company has software and systems in place to monitor and record all Internet usage. Company security systems are capable of recording each Web site and e-mail message into and out of internal networks. No user should have any expectation of privacy as to his or her Internet usage. All messages created, sent or retrieved over the Internet are the property of the Company and may be regarded as public information. We reserve the right to monitor and record Internet usage at anytime if the Company believes, in its sole judgment, that it has a business need to do so.

Authorized Use
The Company's Internet connection is intended primarily for business use. That means that the Company expects users to use their Internet access primarily for business-related purposes. Specific examples of authorized use include utilizing Internet connections and access to carry out day-to-day job duties; communicate with customers, suppliers and other business contacts; research business-relevant topics; and obtain useful business information.

Unauthorized Use
Users must not use the Internet for purposes that are illegal, unethical, harmful to the company or nonproductive. Specific examples of prohibited use include:

• Participating, during or outside the user's employment in any Internet, online or other electronic bulletin or message board regarding the Company is prohibited, and under no circumstances may any Internet, online or other electronic bulletin board or message board posting regarding the Company ever be issued (whether in response to a prior posting regarding the Company or U.S. Concrete or for any other reason whatsoever). Participating, during or outside the user's employment, in any Internet, online or other electronic chat room discussion regarding the Company is also prohibited.
  
  
• Utilizing bandwidth-intensive Internet-based services such as Hotbar, music/MP3 sites (e.g. Gator, Kazaa, Napster and MP3-Xtreme) and streaming media (e.g. audio, Internet radio and video).
  
  
• Downloading of games, e-mail enhancements, graphics or other non-business related applications.
  
  
• Downloading or distributing copyrighted material without express authorization from the Director of Technology.
  
  
• Disabling the Inoculate download scan.
  
  
• Excessive use of sports, entertainment and job information and/or sites.

The preceding list of prohibited actions is by way of an example only and is not intended to be exhaustive.


Electronic and Voice Communications Usage Policy
Purpose
Electronic communications services and underlying technologies (especially Internet connections) offer an opportunity for non-authorized individuals to view or access corporate information. Therefore, it is critical that all services and their associated connections be secure, controlled and monitored. The purpose of this policy is to establish general principles along with specific examples of authorized and unauthorized use that ensure that the Company's electronic and voice communications services are utilized in a productive, secure manner.

Scope
The Company considers electronic communications services to include e-mail, instant messaging and fax and the underlying technologies to be anything that is enables electronic messages to be transmitted, received, processed or stored including internet connections, networks, personal computers, Blackberries, Personal Digital Assistants (PDA's), handheld computers and cellular phones. Voice communications services are considered to be any technology used to transmit, receive, process or store voice messages such as telephones, cellular phones and voice mail.

General Principles
General principles governing the acceptable use of Company electronic and voice communications services are as follows:

• Professional Image: When composing electronic messages, the Company expects users to follow the same standards required in written business communications for the Company. Spelling and grammar in e-mail messages should be checked by the e-mail client before sending the message.
  
  
• Large E-mails Slow System Performance: E-mail messages containing large attachments, images, etc. can drastically slow system performance. Attachments that exceed 5 MB in size will be removed by the server and not sent.
  
  
• Message Retention: Long-term e-mail message retention is important only if it is relevant for business or legal purposes. The e-mail system is designed to delete messages older than six months.
  

Unauthorized Use
Users must not use Company-provided electronic and voice communications services for purposes that are illegal, unethical or harmful to the Company or nonproductive. Specific examples of prohibited use include:

• Using Company electronic and voice communications services for private business activities or amusement/entertainment purposes without the express authorization of an authorized member of manage­ment of the Company.
  
  
• Creating, forwarding or exchanging SPAM (i.e. unsolicited "junk" e-mail sent to large numbers of people to promote products or services), chain letters or e-mails (i.e. messages containing instructions to forward the message to others), solicitations or advertising.
  
  
• Sending or forwarding messages of a religious, political or racial nature.
  
  
• Making unreasonable use of personal internet service e-mail accounts.

The preceding list of prohibited actions is by way of an example only and is not intended to be exhaustive.


Information Security Policy
Purpose
The information stored in Company Resources (such as applications, systems and the network) is proprietary and is considered to be an asset of the Company. Therefore, it is critical that Company information be safeguarded against unauthorized use; disclosure or modification; and damage or loss. The purpose of this policy is to establish general principles that help to ensure the appropriate safeguarding of Company information through logical access controls, such as access codes and passwords.

Scope
This policy covers any Company proprietary information or data stored within or processed by an application; system; network; server, personal or handheld computer; or communications device.

General Principles
General principles governing the appropriate safeguarding of Company information by users are as follows:

• Access Must Be Requested and Granted Based on the User Account Management Procedure: The User Account Management Procedure must be followed whenever requesting or granting access to any Company Resource at any location within the Company.
  
  
• Restrict Access to the Minimum Level Required: When requesting or granting access to information, applications, systems, the network, etc., request or grant the minimum level of access and capabilities required to support relevant work responsibilities and need-to-know.
  
  
• User Responsibility: Each user is responsible for the proper use of any Company Resource assigned to them or available for their use, including password protection and physical control. Users must maintain exclusive control over and use of his/her password, and protect it from inadvertent disclosure to others. Passwords should not be recorded where they may easily be obtained. In addition, each user is responsible for all computerized or electronic transactions made with his/her access code and password. Users must lock or log out when leaving a workstation for an extended period.
  
  
• User Accounts Should Not Be Shared: Sharing of user accounts (user name/password) by multiple users is strictly prohibited without the express approval of the Director of IT.
  
  
• Password Standards/Policies: Users are responsible for adhering to all password standards and policies established by the USC. The current password policy is:
  - Passwords must be at least 8 characters in length.
  - Passwords must contain at least one capital letter.
  - Passwords must contain at least one number.
  - Password history will be kept for 8 passwords.
  - Accounts will be locked out after five unsuccessful attempts.
  
  
• Suspected Disclosure of Passwords: Users must change (or request the IT staff to change) their passwords immediately if they suspect that they have been disclosed to others.
  
  
• Notify the Help Desk Promptly Regarding Terminations or Transfers: Managers and supervisors must notify the Help Desk promptly whenever an employee leaves the Company or transfers to another department so that his/her access can be revoked. Involuntary terminations must be reported concurrent with the termination.
  
  
• Verification of caller Identity: In the event a user account is locked, or a password needs to be reset verification of identity will be required. When calling the helpdesk the user will be required to provide the last four digits of their Social Security number to verify identity. No accounts will be unlocked, or passwords reset without proper verification.
  
  

Copyrights and License Agreements
Purpose
The Company and its employees are legally bound to comply with the Federal Copyright Act (Title 17 of the U. S. Code) and all proprietary software license agreements. Noncompliance can expose the Company and the responsible employee(s) to civil and/or criminal penalties. The purpose of this policy is to establish general principles that help to ensure that all employees comply with federal copyright laws and license agreements.

Scope
This policy applies to all copyrighted materials and any software that is owned by the Company, licensed to the Company or developed using Company Resources by employees or third parties.

General Principles
General principles governing the compliance with copyright laws and license agreements are as follows:

• Install Only Licensed or Company-owned Software: Only software that is licensed to or owned by the Company may be installed on Company Resources, e.g. computers.
  
  
• DO NOT Copy Any Software Without Authorization: Employees or third parties may not copy any software without the express authorization of the Help Desk.
  
  
• DO NOT Download Software: Employees and third parties may not download any software without the express authorization of the Help Desk.
  
  

Civil Penalties
Violations of copyright law expose the company and the responsible employee(s) to the following civil penalties:

• Liability for damages suffered by the copyright owner
• Profits that are attributable to the copying
• Fines up to $100,000 for each illegal copy

Criminal Penalties
Violations of copyright law that are committed "willfully and for purposes of commercial advantage or private financial gain (Title 18 Section 2319(b))," expose the company and the employee(s) responsible to the following criminal penalties:

• Fines up to $250,000 for each illegal copy
• Jail terms of up to five years

Computer Usage Policy
Purpose
The Company's policy is to safeguard the Company's computers against unauthorized use; modification; and damage or loss. The purpose of this policy is to establish general principles that help to ensure the appropriate safeguarding of the Company's computers.

Scope
This policy covers any personal, handheld, Personal Digital Assistant (PDA) or other computing device owned by the Company.

General Principles
General principles governing the appropriate safeguarding of Company computers are as follows:

• Maintain Physical and Logical Control: Each user is responsible for the proper use of any computing device assigned to them or available for their use, including password protection and physical control. Users must lock or log out when leaving a computing device for an extended period.
  
  
• Unauthorized Software May Not Be Installed or Executed Without Authorization: Users may not install or execute (i.e. run) any software on a computing device without the express authorization of the Help Desk.
  
  
• Do Not Install Any Devices or Add-ons: Users may not install any device or add-on onto a computing device without the express authorization of the Help Desk.
  
  
• Backup Sensitive, Critical and Valuable Data Files: Users are responsible for making backups of all sensitive, critical and valuable data files stored on personal or portable computing devices as often as is deemed reasonable by management.
  
  
• Protect Resources from Computer Viruses: Computer viruses are programs designed to make unauthorized changes to programs and data. Therefore, viruses can cause destruction of corporate resources, especially data. Viruses are much easier to prevent than to cure. Users must ensure that the antivirus software on their personal computer is kept up-to-date. All software downloaded from non-Company sources via the Internet, email or media such as CD's must be screened with virus detection software prior to being opened or run. Whenever the provider of the software is not trusted, downloaded software should be tested on a stand-alone (i.e. not connected to the network) non-production machine. If this software contains a virus, worm or Trojan horse, then the damage will be restricted to the test machine.