Background Tesserent's approach to security consulting services are outcome-driven and aim to support our customer’s cybersecurity strategies, risk management plans and compliance requirements. It is important to us that you, our customer, achieve a tangible benefit from our services. To achieve this, we set clear goals for all our services and place significant effort into creating a report that addresses both process based and technical issues, whilst also explaining the risk to the organisation in a coherent and concise way.

**Assessment Methodology ** Tesserent’s approach to security reviews are based on the following industry best practice standards, and leveraging these standards, the following security domains will be reviewed: • Anti-Malware Protection; • Application Integrations; • API Security; • Data Security Management; • Email Security; • Identity and Access Management; • Information Sharing; • Integration with other applications • Logging and Log Management; • Mobile Device Management • Password Controls; and • Security Review and Monitoring. With the following governance and compliance risk focused areas provided to assist in ensuring mature governance and risk mitigations within cloud platforms: • Business Continuity, Disaster Recovery and Availability; • Capacity and Performance Management; • Change Management; • Data Privacy; • Data Life Cycle; • Physical and Environmental Controls; • Incident Management; • Migration of Data; • Security Reviews; • Test and Development Networks; and • Vulnerability and Patch Management.

The report will include the following sections: • An Executive Summary providing an overview of the engagement, identified high level gaps and an overarching remediation strategy. The focus of this summary will be towards C-level executives and/or members of the board; • A Findings Summary detailing the discovered gaps, together with an assessed risk rating; • A Detailed Findings and Recommendations section for each security domain reviewed. This will tangibly explain the gap to your organisation, as well as provide detailed recommended remediation steps. • A cybersecurity implementation roadmap/action plan outlining suggested steps for not only closing gaps, reducing risks and aligning with best practice control objectives, but also prioritising tasks based on immediate risk to your organisation, thereby reducing overall risk to the business while the organisation seeks to complete all implementation tasks within the planned roadmap.