The Information Resources Use and Security Policy provides

This Policy provides requirements and guidelines to establish accountability and prudent and acceptable practices regarding the use and safeguarding of the information resources; protect the privacy of personally identifiable information contained in the data that constitutes part of its information resources; ensure compliance with applicable policies and laws regarding the management and security of information resources; and educate individual Users with respect to the responsibilities associated with use of the information resources.

This Policy serves as the foundation for the information security program, and provides the Information Security Office the authority to implement policies, practice standards, and/or procedures necessary to implement a successful information security program in compliance with this Policy.

It is the policy of the company to:

• Protect Information Resources based on risk against accidental or unauthorized disclosure, modification, or destruction and assure the confidentiality, integrity, and availability of company data;

• Apply appropriate physical and technical safeguards without creating unjustified obstacles to the conduct of the business and the provision of services;

Comply with all local and international laws and system rules governing information resources.