Cybersecurity Advisory Services Policy

Overview

CYBERSECURITY ADVISORY SERVICES POLICY

Effective Date: November 10, 2025

Yama Industrials, Inc. (including any associated divisions and/or subsidiaries) is committed to delivering professional cybersecurity guidance and advisory services informed by industry frameworks and best practices.

This policy delineates the exact scope of our services and explicitly states that Yama Industrials does not act as, nor imply in any way the role of, the Chief Information Security Officer (CISO) or any related positions and/or titles for our clients.

All engagements are governed by the Main Service Agreement and related policies available at www.resources.yamaindustrials.com.

1. Important Notice

There is no single process or technology that will make systems 100% secure. Ensuring robust cybersecurity requires ongoing multi-layered safeguards, keeping software/firmware up-to-date, employee training, security-conscious workflows, and risk management. Yama Industrials' advisory services are limited to professional guidance and recommendations; the client retains ultimate responsibility for implementing, maintaining, and monitoring all cybersecurity measures.

2. Scope of Yama Industrials' Services

Yama Industrials' responsibilities are strictly limited to the following:

  • Providing risk-based guidance and advisory services on cybersecurity matters informed by industry frameworks and best practices

  • Conducting evaluations of the client's cybersecurity requirements, risk tolerance, and current posture

  • Recommending appropriate and tailored cybersecurity solutions based on the client's specific environment, risk profile, and operational constraints

  • Offering strategies for the implementation of cybersecurity solutions that balance security objectives with business requirements

  • Assisting in implementation of cybersecurity solutions as authorized and directed by the client

3. Implementation Assistance

Yama Industrials may assist in the implementation of cybersecurity solutions as requested. However, such assistance is provided under the client's approval, direction, and authorized supervision. The client retains ultimate responsibility for the implementation, monitoring, and effectiveness of all cybersecurity measures.

Yama Industrials shall not be liable for any damages arising from the deployment, configuration, or operation of cybersecurity measures except as provided in the Main Service Agreement Section 17 (Limitation of Liability).

4. Hands-On Engagement

When engaged to perform hands-on activities, Yama Industrials' team can engage in logistics, deployment, and configuration of cybersecurity measures based on the client's authorized specifications, risk tolerance, and operational requirements. The client retains sole discretion to accept, modify, or reject any recommendations. All such activities are subject to the Main Service Agreement.

4.1. Deviations from Standards and Frameworks

Yama Industrials provides recommendations informed by industry frameworks and best practices (such as NIST, CIS Controls, ISO 27001, etc.). However, the client retains ultimate authority to determine which controls, configurations, and practices are implemented.

Deviations from published standards and frameworks may be appropriate and acceptable based on the client's risk tolerance, operational requirements, budget constraints, business priorities, or specific environmental factors. Standards frameworks themselves include provisions for documented deviations that maintain equivalent or appropriate protection levels.

Yama Industrials shall not be liable for the client's decisions to deviate from, modify, or reject any recommendations, provided the client understands the risk implications of such decisions. The client is responsible for documenting its risk decisions and the business justification for any deviations from recommended practices.

5. What Yama Industrials Does NOT Provide

Yama Industrials does not:

  • Act as your CISO or assume any CISO responsibilities or accountability

  • Guarantee or warrant that recommended solutions will eliminate all security risks

  • Monitor or manage your systems on an ongoing basis unless explicitly contracted for such support services

  • Assume liability for the client's implementation decisions, risk acceptance decisions, or operational choices

  • Provide legal advice regarding regulatory compliance (consult legal counsel for compliance matters)

  • Provide insurance against data breaches or security incidents

  • Assume responsibility for client decisions to deviate from recommended practices or industry standards

  • Monitor, verify, audit, or enforce the client's compliance with laws, regulations, industry standards, or any recommendations

6. Client Acknowledgments

The client acknowledges and agrees that:

  • Yama Industrials' services are advisory in nature only

  • The client retains sole and ultimate responsibility for all cybersecurity decisions, implementations, operations, and compliance

  • The client is independently responsible for compliance with all applicable laws, regulations, and industry requirements

  • Yama Industrials has no obligation to monitor, verify, audit, or enforce the client's cybersecurity practices, compliance obligations, or implementation of any recommendations

All contractual obligations related to services are governed by the Main Service Agreement and related policies published at www.resources.yamaindustrials.com.

7. Service Engagement and Deliverables

Specific service deliverables, scope, timelines, and terms of engagement are defined solely in the applicable Order Form or Statement of Work. This policy does not enumerate or guarantee any specific deliverables. All advisory services are subject to the Main Service Agreement and related policies.

8. Governing Terms

All terms, conditions, obligations, fees, payment, termination, limitation of liability, indemnification, dispute resolution, and governing law related to Cybersecurity Advisory Services engagements are governed by the Main Service Agreement and related policies published at www.resources.yamaindustrials.com.

This policy addresses only the scope and nature of Yama Industrials' advisory services.

Contact Information

For questions about this policy or Cybersecurity Advisory Services, please contact:

Yama Industrials, Inc. 800 Third Avenue #1292 New York, NY 10022 Email: [email protected]

© 2025 Yama Industrials, Inc. All rights reserved.

PreviousHIPAA

Last updated