Version 1.0 | Last Updated November 25, 2025

Ashler Information Security Standards

These Ashler Information Security Standards (the “Information Security Standards”) form part of the Master Services Agreement (the “Agreement”) by and between Customer and Ashler. All capitalized terms that are not expressly defined in the Information Security Standards will have the meanings given to them in the Agreement.

Ashler shall implement and maintain an information security program (“Information Security Program”) that includes reasonable administrative, technical, and physical safeguards designed to protect Customer Data. At a minimum, the Information Security Program shall include:

  1. Authentication. Ashler shall maintain authentication measures including, as appropriate, multi-factor authentication for key systems that Process Customer Data and industry standard passwords.
  2. Encryption. Ashler shall encrypt Customer Data in transit and at rest using industry standard encryption technologies.
  3. Account Management and Access Controls. Ashler shall maintain account management and access controls.
  4. Secure Configuration of Hardware and Software. Ashler shall maintain controls designed to ensure the secure configuration of Ashler hardware and software that is used to Process Customer Data.
  5. Audit-Log Management. Ashler shall maintain controls for audit-log management.
  6. Network Monitoring and Defenses. Ashler shall maintain controls for monitoring and defending its network.
  7. Antivirus and Antimalware Protection. Ashler shall maintain antivirus and antimalware protections on Ashler personnel workstations**.**
  8. Information System Segmentation. Ashler shall maintain controls designed to ensure segmentation of its information systems that Process Customer Data.
  9. Limitation and Control of Ports, Services, and Protocols. Ashler shall maintain controls designed to limit and control ports, services, and protocols used to Process Customer Data.
  10. Secure Development. Ashler shall maintain controls designed to ensure secure development.
  11. Vendor Management. Ashler shall maintain oversight of vendors that process Customer Data.