Ridgeline’s security program includes

• Security and Data Privacy Awareness and Training. A mandatory security and data privacy awareness and training program for all members of Ridgeline’s workforce, including management.
• Access Controls. Policies, procedures, and logical controls: a) To limit access to its information systems and the facility or facilities in which they are housed to properly authorized persons; b) To prevent individuals who should not have access from obtaining access; and c) To remove access on a timely basis in the event of a change in job responsibilities or job status.
• Network and Systems Security. Deployment of intrusion prevention and detection systems. Deploying systems for the prevention, detection and removal of viruses and other malware from relevant servers as well as endpoints(laptops/desktops).
• Physical and Environmental Security. Controls that provide reasonable assurance that access to physical serversat the production data center is limited to properly authorized individuals and environmental controls are established to detect, prevent and control destruction due to environmental extremes.
• Security Incident Procedures. A security incident response plan that includes procedures to be followed in the event of any security incident affecting Customer Data or any security incident of any application or system directly associated with the accessing, processing, storage, communication and/or transmission of Customer Data.
• Data Integrity. Policies and procedures to ensure the confidentiality, integrity, and availability of Customer Data and protect it from disclosure, improper alteration, or destruction.
• Storage and Transmission Security. Technical security measures to guard against unauthorized access toCustomer Data that is being transmitted over a public electronic communications network or stored electronically.Such measures include requiring encryption of any Customer Data stored on desktops, laptops, cloud storage, or other removable storage devices which are housed outside of a secured data center.
• Secure Disposal. Policies and procedures regarding the disposal of tangible property containing Customer Data Taking into account available technology so that Customer Data cannot be practicably read or reconstructed.
• Change and Configuration Management. Maintaining policies and procedures for managing changes to production systems, applications, and databases.
• Testing. Regular testing of the key controls, systems and procedures of its information security program to validate that they are properly implemented and effective in addressing the threats and risks identified.
• Program Adjustments. Monitoring, evaluation, and making necessary adjustments, as appropriate, to the security program in light of:a) Any relevant changes in technology and any internal or external threats to Ridgeline systems and services and/or Customer Data;b) Security and data privacy regulations applicable to Ridgeline’s business and services; and) Ridgeline’s own changing business arrangements, such as mergers and acquisitions, alliances and joint ventures, outsourcing arrangements, and changes to information systems.