This memo serves to affirm our commitment to maintaining the highest levels of data security and compliance across all cloud-based services utilized by Columinate Financial. In line with our commitment to protect our customers’ and our company’s data, we ensure all third-party software partners adhere to the stringent security standards and compliance regulations required by our industry.

Cloud Service Providers:

Our cloud-based services are hosted by providers that are leaders in the industry, known for their robust security measures and commitment to data protection. These providers include

• Zoho Corporation Compliance page: https://www.zoho.com/compliance.html
• Bill/Bill.com SOC-T1: https://help.bill.com/direct/s/article/360003160192
• Intuit/QuickbooksOnline: Compliance Page: https://www.intuit.com/compliance/
• Sage Intacct: https://www.sage.com/en-us/blog/sage-intacct-expands-system-and-data-security-certifications/

Security Measures:

The security measures employed by our cloud service providers include, but are not limited to, the following:

• Encryption of Data in Transit and at Rest: Ensuring that all data is encrypted using industry-standard protocols to protect against unauthorized access.
• Access Control and Identity Management: Implementing strict access controls and identity verification processes to ensure only authorized personnel can access sensitive information.
• Network Security: Utilizing advanced network protection tools, including firewalls, intrusion detection systems, and regular security audits to prevent unauthorized access.
• Regular Security Audits and Compliance Checks: Conducting regular security assessments and audits to identify and mitigate potential vulnerabilities.

Compliance Standards:

Our providers are compliant with globally recognized standards and regulations, including:

• General Data Protection Regulation (GDPR): Ensuring the protection and privacy of data for individuals within the European Union.
• Health Insurance Portability and Accountability Act (HIPAA): For providers handling health-related information, ensuring the confidentiality, integrity, and security of health information.
• Payment Card Industry Data Security Standard (PCI DSS): For providers handling credit card information, ensuring secure transactions and protection of payment card data.
• ISO/IEC 27001: Demonstrating a comprehensive approach to information security management.

Continuous Monitoring and Improvement:

We are committed to a policy of continuous improvement in our data security and compliance efforts. Our team regularly reviews the security measures and compliance statuses of our cloud service providers to ensure they align with our evolving security policies and the latest regulatory requirements.

Requests for Documentation:

If your auditor requests it, we can provide Statements of Compliance (SOCs) for any of the above listed providers. Please reach out for further info as these are only available upon request, and require the signing of a non-disclosure agreement.