International Consulting Associates, Inc. (hereinafter together with all of its subsidiaries and affiliates, collectively referred to as “ICA” or “Company”) is committed to protecting Company information (“Information”) from a wide range of threats to minimize business risks, maximize return on investments and business opportunities, and ensure business continuity.

ICA is dedicated to safeguarding the confidentiality, integrity, and availability of all physical and electronic information/digital assets of the Company to ensure compliance with applicable regulatory, operational, and contractual obligations through the adoption and implementation of an effective Information Security Management System (ISMS).

The objectives for the ISMS are based on a security risk management program that:

• Follows a risk-based, reasoned approach
• Protects the operational integrity of the business
• Is commensurate with fiduciary and compliance responsibilities
• Addresses market/client/prospect expectations
• Is sustainable and adaptable to changing business and security threat environments
• Ensures our people understand their roles and responsibilities

ISMS goals align with the organization’s business objectives, strategy, and business plans. The Executive Team is responsible for reviewing these general ISMS objectives and setting new ones.

Objectives for individual security controls or groups of controls are proposed by the Security Manager and approved by the Executive Team.

The President declares that the ISMS implementation and continual improvement will be supported with adequate resources to achieve all objectives set in this Policy, as well as satisfy all identified requirements.

ICA employees, third party contractors/vendors, consultants, and external auditors who have access to and are responsible for viewing, creating, processing, handling, storing, transmitting, or destroying ICA information assets in any form are required to comply with the ISMS ICA Information Security Policy.