This document covers the guidelines, processes, procedures and standards of our information security handling. Any questions or issues, you can reach us at info@yamaindustrials.com. Yama Industrials, Inc. employs industry standards & guidelines for information security compliance, ensuring clients have the highest degree of (TCC) trust, confidence, and consistency in our protection of their data and operations. Our security practices are aligned to the following information and data security compliance guidelines, standards, and best practices, Forrester Zero Trust Model of information security, GDPR (General Data Protection Regulation), NIST (National Institute of Standards and Technology, HIPAA (Health Insurance Portability and Accountability Act), PCI-DSS (Payment Card Industry Data Security Standard), SANS (SysAdmin, Audit, Network, and Security) Institute and ISO/IEC Information Security Management standards.

Personnel Security, Privacy & Security Training

Yama Industrials, Inc.’s guidelines, policies, procedures, and compliance standards apply to all employees/personnel/associates, team members, contractors, sub-contractors, and 3rd parties who make up the Yama Industrials, Inc. workforce. Prior to access to Yama Industrials, Inc. systems & infrastructure, workers and 3rd parties agree to NDA’s and consent to background checks/investigations as needed. Security awareness training is ongoing, including general security awareness, device security, web security, data privacy, physical security, incident reporting, insider threat awareness, reporting requirements, data protection, compliance, and workplace ethics. Upon termination, all access to Yama Industrials, Inc. systems and infrastructure are revoked.

Systems Security

Access to Yama Industrials, Inc. office systems are secured by digital video surveillance, electronic key locks, keyed access, and UTM (Unified Threat Management) systems as needed for the sensitivity of the material handled at the relevant facility. All systems used by team members are configured to compliance standards & guidelines for information security. These standards & guidelines require all systems to be securely configured, scheduled system updates, and security monitoring software. Systems are configured to encrypt relevant data, password authentication, restricted remote access, and lock when idle as needed for the sensitivity of the material handled.

Audits

Yama Industrials, Inc. continuously checks and updates, using independent 3rd party tools, guidelines & systems to assess our policies and procedures. Our processes & guidelines are certified and compliant with both HIPAA, NIST 800-171 and ISO27001. We actively work with our commercial client's security, management, and insurance teams to make sure we address all questions prior to services and product deployment(s).

Network security

Yama Industrials, Inc. incorporates a hybrid-cloud infrastructure that is decentralized, incorporates network-segmentation, micro-segmentation, nano- segmentation and granular perimeter enforcement based on users, their locations, and other data to determine whether to trust a user, machine, or application seeking access to a particular part of the enterprise, in order to protect all internal and external company data and relevant systems. System(s)-only and diagnostics logs are generated, used, and stored in accordance with our zero-knowledge framework, zero-trust architecture, and privacy-by-design security model.

Authorizing access

Yama Industrials, Inc. employs a zero-trust architecture security model when granting systems access in order to minimize the risks of a data breach and insider threat. Yama Industrials, Inc. grants 2FA/MFA secured access to code repositories, billing systems, customer relationship management tools, email servers, and cloud environments as needed.

Authentication

Yama Industrials, Inc. uses multi-factor authentication along with password management authentication on systems where applicable.

System monitoring & logging

Yama Industrials, Inc. logs systems access and activities on both production and development environments per compliance standards & guidelines.

Responding to security incidents

All security incidents are processed and logged by (UTM) Unified Threat Management systems and cloud based security automation tools. Our processes & guidelines are certified and compliant with both HIPAA, NIST 800-171 and ISO27001.