1. We will implement the appropriate organizational and technical measures to reliably protect the confidentiality, integrity, and availability of information assets. We will also keep pace with ever-evolving information technologies and respond to emerging threats.

2. We will raise and maintain a high level of awareness by providing all employees with information security training and ensuring that our policies are thoroughly communicated and understood.

3. We will establish a management system and information security objectives, conduct regular reviews, and remain committed to continuous improvement.

4. We will delegate responsibility and authority to a management representative to implement, maintain, and continually improve the management system.

5. We will establish and implement a management system to ensure the secure handling of client information in the course of designing, developing, and providing cloud-based services, as well as to protect client information from any and all cloud-based threats and reduce risk.

6. We will use cloud-based services in line with the acceptable level of information security risk with respect to organizational information and other assets.