Is there any case in which Customer data might be stored on or copied to a customer PC or Laptop? Yes. When RELAYTO creative support services are used, customer content can be edited/designed on personal machines. This is allowed only for non-sensitive content. Personal machines are required to have a firewall, anti-virus and the latest OS per policy. Are audit trails maintained within your company records of Customer activity? Yes. Web analytics for the customer’s content is stored, including IP addresses with device information. This is stored for the duration of the agreement. Will copies of audit logs be made available to Customer on request? Yes Are Intrusion Detection or Prevention tools used at your network, on servers, and/or workstations? Yes, our company utilizes Cloudflare's suite of products which includes advanced Intrusion Detection and Prevention tools. These tools are integrated across our network, servers, and workstations to ensure robust security against unauthorized access and potential cyber threats. Does your company have a computer incident or emergency response team with a formal process to respond to cyberattacks? Yes, our company has a dedicated Computer Incident or Emergency Response process in place to respond to cyberattacks. In the event of a cyber incident, the RELAYTO Infrastructure/Security Team is responsible for implementing our response plan, which includes the following key components: Immediate Identification and Assessment, Containment and Mitigation, Notification Protocol, Investigation and Analysis, Recovery and Restoration, Post-Incident Review and Improvement How many of your personnel have either onsite or remote access to Customer data? Depends on the support package. On average up to 10 people. Are background checks performed on all of your personnel who have access to Customer data? Yes 39 of 52
Terms, Conditions, Policies & Plans Page 38 Page 40