I. Introduction
Axolt is committed to maintaining the highest standards of information security, privacy, and
confidentiality. This document provides an overview of our information protection policies,
processes, and procedures that are used to manage the protection of our information systems and
assets.

II. Purpose
This document aims to guide all employees, contractors, and partners of Axolt in understanding
their roles and responsibilities in ensuring the protection of all information assets, including
systems, hardware, software, and data.

III. Scope
This document applies to all information systems, assets, and data owned or managed by Axolt,
including, but not limited to, our Salesforce ERP platform, AWS, Heroku, and Digital Ocean cloud
deployments.

IV. Roles and Responsibilities
Every member of the Axolt community has a role to play in information protection:
1. Senior Management is responsible for endorsing and upholding these policies and ensuring
that adequate resources are allocated for their implementation and maintenance.

2. The IT Department is responsible for the operational execution of these policies, including
regular audits, risk assessments, and responding to any security incidents.
3. All Employees, Contractors, and Partners are required to comply with these policies in all
their activities for Axolt.

V. Management Commitment
The Axolt management team is fully committed to these information protection processes and
procedures, understanding the critical role they play in our ongoing operations and long-term
success. This commitment is continually communicated to all employees, contractors, and partners.

VI. Policies, Processes, and Procedures
1. Information Classification and Handling: All information assets are classified according to
their sensitivity and are handled accordingly. Employees are trained on handling
procedures.
2. Access Control: Access to information systems and assets is controlled and is based on
roles and responsibilities. The principle of least privilege is followed.
3. Encryption and Data Protection: Sensitive data are encrypted during transmission and at
rest. Data protection measures such as regular backups and integrity checks are in place.

4. Incident Response: An incident response protocol is established and communicated to
relevant personnel. Training on incident response is periodically conducted.
5. Cloud Security: Security measures specific to our cloud-based deployments, including
proper configuration and access controls, are strictly followed.
6. Vendor Management: Vendors are subject to the same level of information security as
Axolt. They are required to demonstrate compliance with our information security policies.

VII. Regular Reviews
These policies, processes, and procedures will be regularly reviewed and updated to ensure their
effectiveness and alignment with the evolving information security landscape.

VIII. Conclusion
Axolt’s commitment to robust information protection processes and procedures helps ensure
that we can continue to provide reliable, secure, and trusted ERP solutions to our clients. We
require all our stakeholders to adhere to these procedures and contribute to our collective
information security.

IX. Acknowledgment
All members of the Axolt community are required to sign an acknowledgment of having received,
read, and understood these processes and procedures and the obligations they entail.

X. Updates and Review
These processes and procedures will undergo a comprehensive review at least annually or as
necessitated by changes in our operational needs, technological advancements, or cybersecurity
trends. All updates will be communicated promptly to ensure continued compliance with our
evolving information security framework.