Purpose and Scope

Purpose

This Information Security Policy has been established to ensure the business continuity of Datica and to minimize the risk of damage by preventing security incidents and reducing their potential impact. It defines the technical, administrative, and physical controls and configurations that users and administrators are required to implement in order to ensure the confidentiality, integrity, and availability of the data environments owned and operated by Datica. The goal of this policy is to guide and direct Datica workforce members on how to defend its assets against internal, external, deliberate or accidental threats. Adherence to the policy and associated standards referenced herein is mandatory for all employees and incorporates elements involving defined processes, integration, culture, and infrastructure management, and serves as the central security policy that all Datica employees must be familiar with and have working knowledge thereof.

Scope

The policy requirements and restrictions defined in this policy shall apply to all Datica personnel and systems. The policy covers Datica network systems which is comprised of various hardware, software, communication equipment and other devices designed to assist Datica and its customers in the creation, receipt, storage, processing, and transmission of data and information.

Datica’s portfolio of cloud-based products include the following: 1) Compliant Platform as a Service (CPaaS) 2) Compliant Kubernetes Service (CKS), 3) Compliant Managed Integration, and 4) Cloud Compliance Management System. These products are cited throughout Datica policies, standards, and procedures as customers in each category inherit different standards, procedures, and obligations from Datica. It is the responsibility of the Chief Security Officer and Chief Privacy Officer to maintain this policy and ensure the contents of the policy are continually monitored and enforced.