Common use of Infrastructure Security Personnel Clause in Contracts

Infrastructure Security Personnel. RootFi Inc has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. RootFi Inc’s infrastructure security personnel are responsible for the ongoing monitoring of RootFi Inc’s security infrastructure, the review of the Services, and for responding to security incidents. Access Control and Privilege Management.RootFi Inc’s and Customer’s administrators and end users must authenticate themselves via a Multi-Factor authentication system or via a single sign on system in order to use the Services Internal Data Access Processes and Policies – Access Policy. RootFi Inc’s internal data access processes and policies are designed to protect against unauthorized access, use, disclosure, alteration or destruction of Customer Personal Data. RootFi Inc designs its systems to only allow authorized persons to access data they are authorized to access based on principles of “least privileged” and “need to know”, and to prevent others who should not have access from obtaining access. RootFi Inc requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; a need to know basis; and must be in accordance with RootFi Inc’s internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies follow industry standard practices. These standards include password complexity, password expiry, password lockout, restrictions on password reuse and re-prompt for password after a period of inactivity

Infrastructure Security Personnel. RootFi Inc Solytics has, and maintains, a security policy for its personnel, and requires security training as part of the training package for its personnel. RootFi Inc’s Solytics’ infrastructure security personnel are responsible for the ongoing monitoring of RootFi Inc’s Solytics’ security infrastructure, the review of the Software/Services, and for responding to security incidents. • Access Control and Privilege Management.RootFi Inc’s . Solytics’ and Customer’s administrators and end users must authenticate themselves via a Multi-Factor authentication system or via a single sign on system in order to use the Services • Internal Data Access Processes and Policies – Access Policy. RootFi Inc’s Solytics’ internal data access processes and policies are designed to protect against unauthorized access, use, disclosure, alteration or destruction of Customer Personal Data. RootFi Inc Solytics designs its systems to only allow authorized persons to access data they are authorized to access based on principles of “least privileged” and “need to know”, and to prevent others who should not have access from obtaining access. RootFi Inc Solytics requires the use of unique user IDs, strong passwords, two factor authentication and carefully monitored access lists to minimize the potential for unauthorized account use. The granting or modification of access rights is based on: the authorized personnel’s job responsibilities; job duty requirements necessary to perform authorized tasks; a need to know basis; and must be in accordance with RootFi Inc’s Solytics’ internal data access policies and training. Approvals are managed by workflow tools that maintain audit records of all changes. Access to systems is logged to create an audit trail for accountability. Where passwords are employed for authentication (e.g., login to workstations), password policies follow industry standard practices. These standards include password complexity, password expiry, password lockout, restrictions on password reuse and re-prompt for password after a period of inactivityinactivity • Infrastructure. Solytics has AWS as its data center.