Purpose and Scope

Purpose

This Information Security Policy has been established to ensure the business continuity of Nakamura and to minimize the risk of damage by preventing security incidents and reducing their potential impact. It defines the technical, administrative, and physical controls and configurations that users and administrators are required to implement in order to ensure the confidentiality, integrity, and availability of the data environments owned and operated by Nakamura. The goal of this policy is to guide and direct Nakamura workforce members on how to defend its assets against internal, external, deliberate or accidental threats. Adherence to the policy and associated standards referenced herein is mandatory for all employees and incorporates elements involving defined processes, integration, culture, and infrastructure management, and serves as the central security policy that all Nakamura employees must be familiar with and have working knowledge thereof.

Scope

The policy requirements and restrictions defined in this policy shall apply to all Nakamura personnel and systems. The policy covers Nakamura network systems which is comprised of various hardware, software, communication equipment and other devices designed to assist Nakamura and its customers in the creation, receipt, storage, processing, and transmission of data and information.

Nakamura’s portfolio of cloud-based products include the following: 1) Compliant Platform as a Service (CPaaS) 2) Compliant Kubernetes Service (CKS) and 3) Compliant Managed Integration (CMI). These products are cited throughout Nakamura policies, standards, and procedures as customers in each category inherit different standards, procedures, and obligations from Nakamura. It is the responsibility of the Chief Security Officer and Chief Privacy Officer to maintain this policy and ensure the contents of the policy are continually monitored and enforced.