Purpose

Effective security requires a high level of participation from all ACS Technologies Group, Inc. ("ACST") employees. This policy defines responsibilities and roles for instilling information security awareness among all information resource owners, managers, service providers, and users.

Scope and Applicability

This policy applies to all ACST employees.

Policy

Security Awareness Guidelines

• ACST shall provide ongoing information security awareness and education for all employees.

• This education shall cover information security basics including but not limited to email phishing scams, data confidentiality guidelines, and awareness of social engineering tactics, as well as associated policies and procedures, and workforce member responsibilities.

• ACST managers are responsible for making sure their direct reports are aware of information security policies, procedures, and guidelines and have access to current versions.

• ACST shall inform employees of the importance of information security and their role in protecting sensitive ACST information systems and information assets, during orientation.

Enforcement

Any employee found to be in violation of this policy may be subject to corrective action, up to and including termination of employment.

Variance Process

The Chief Ventures Officer is responsible for the review, documentation, and management of any and all exceptions to this policy.