Develop, implement, and maintain a comprehensive information security program that is written and contains administrative, technical, and physical safeguards that are appropriate to our size and complexity, the nature and scope of our activities, and the sensitivity of any customer information at issue.

Responsible for overseeing and implementing our information security program and enforcing our information security program

Identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and assesses the sufficiency of any safeguards in place to control these risks.

Effectiveness of the safeguards' key controls, systems, and procedures, including those to detect actual and attempted attacks on, or intrusions into, information systems

Ensure that personnel are able to enact our information security program

Information security program modified based on the results of the testing and monitoring of any changes to your operations or business arrangements; the results of risk assessments; or any other circumstances that may have a material impact on your information security program.

Designed to promptly respond to, and recover from, any security event materially affecting the confidentiality, integrity, or availability of customer information in your control

Regularly provide details regarding the information security program, addressing issues such as risk assessment, risk management and control decisions, results of testing, security events or violations, and recommendations for changes in the information security program to your organizations stake holders