Enterprise Security Addendum

Last Updated: January 23, 2025

1. Security Program

QuROI maintains an information security program including:

• Administrative, technical, and physical safeguards
• Annual security reviews
• Access control policies
• Change management procedures
• Vendor management

2. Access Controls

• Unique user IDs for all personnel
• Multi-factor authentication (MFA) for administrators
• Role-based privilege control
• Session timeouts and automatic logouts

3. Network Security

• Firewalls and intrusion detection systems
• Segmented networks
• Monitoring for unusual activity

4. Vulnerability Management

• Regular vulnerability scanning
• Patch management cycles
• Remediation tracking

5. Incident Response

Designated response team with procedures for:

• Identification and triage
• Containment and mitigation
• Remediation and recovery
• Legal notification obligations

© 2025 QuROI, Inc. All rights reserved.