Compliance

Unvertex recognizes that compliance is crucial for success. By adhering to industry standards, we improve performance, drive consistency, and reduce errors, enabling our customers to achieve better outcomes with greater efficiency.

Our security management and compliance programs are based on industry standards, including CIS, ISO 27001, and NIST. Our security risk management framework establishes the mandate, commitment, guiding principles, and defined roles and accountabilities for managing, monitoring, and continuously improving risk management practices within the organization.

We perform internal testing of key security and privacy controls to validate adherence to established frameworks. This includes annual third-party security penetration testing. The results of these tests are communicated to executive management, and remediation efforts are closely monitored. Controls are retested as appropriate to ensure ongoing security.

Security and privacy controls are audited annually by an independent third party to verify that our technology, processes, and procedures are in place and followed.

Data Security

Responsibility for ongoing monitoring and remediation is shared among our dedicated security and product teams. Documented procedures are in place to facilitate the timely and effective response to any security incident. Our cybersecurity teams manage security controls and monitoring activities designed to protect customer data and strengthen company operations.

Our methods of protecting customer data from cyberattacks and other fraudulent intrusions include:

• Data Encryption Protocols
• Information Protection Programs
• Data Retention Programs
• Data Processing Agreements
• Continual Security Training (including OWASP & Phishing Exercises)
• Third-Party Security Penetration Testing
• Third-Party Risk Assessments
• 24x7 Monitoring, Alerting, & Response

Privacy

Our dedicated security governance and privacy teams are responsible for developing and overseeing the privacy and security practices of our organization. Unvertex continuously strives to enhance its privacy culture, and all employees undergo comprehensive privacy and security training.

Our Privacy Policy clearly outlines what information we collect, how we collect it, how we use it, with whom we may share it, and what choices customers have regarding our use of their information.

We recognize that data is one of our customers' most valuable assets, and we are deeply committed to protecting their information within our solutions.

GDPR

We are committed to incorporating the GDPR's core principles and requirements into our global privacy and data protection programs. We conduct internal assessments to evaluate our readiness to meet and maintain our obligations under the law.

Policy

Unvertex maintains corporate security policies and subsidiary documents that establish clear requirements for accessing, using, storing, transmitting, protecting, and disposing of information and information systems for which Unvertex is responsible.

These policies provide the standards and guidance on security controls used to govern our information and information systems. Policies include, but are not limited to:

• Acceptable Use
• Access Control
• Audit
• Change Management
• Cloud Security
• Data Classification, Protection, Retention
• Incident Response
• Risk Management
• Patch Management
• Password
• Penetration & Vulnerability Testing
• Vendor Risk

We consider the protection of information and information systems to be critical to the success of our company and our customers. As such, it is company policy to require that all reasonable efforts be made to ensure:

• Confidentiality and integrity of sensitive company, client, and employee information
• Availability of critical systems, resources, and information
• Timely responses to potentially damaging and disruptive incidents
• Compliance with relevant laws and regulations