Is there a documented policy in place for hardening the operating system for web and other servers? Yes Are periodic security scans performed to determine if system vulnerabilities exist (i.e. ISS)? Yes, quarterly. Would Customer data be segregated, so that one customer cannot access another customer’s data? Yes, each customer operates within its own assigned domain. No data is shared between domains. Is there any case in which Customer data might be stored on or copied to a customer PC or Laptop? Yes. When RELAYTO creative support services are used, customer content can be edited/designed on personal machines. This is allowed only for non-sensitive content. Personal machines are required to have a firewall, anti-virus and the latest OS per policy. Are audit trails maintained within your company records of Customer activity? Yes. Web analytics for the customer’s content is stored, including IP addresses with device information. This is stored for the duration of the agreement. Will copies of audit logs be made available to Customer on request? Yes Are Intrusion Detection or Prevention tools used at your network, on servers, and/or workstations? Yes, our company utilizes Cloudflare's suite of products which includes advanced Intrusion Detection and Prevention tools. These tools are integrated across our network, servers, and workstations to ensure robust security against unauthorized access and potential cyber threats. Does your company have a computer incident or emergency response team with a formal process to respond to cyberattacks? 39 of 53