CRITICAL AXrVAULT
Fechnelogies ‘Your nonstop route to proving como!
Information Technology Change Management Policy
(Revised March, 2015)
Adoption and Declaration of Poliey
Critical Technologies, Inc. ("Critical") and AirVault@!, a division of Critical Tec
adopted this Infomation Technology Change Management Policy (the
control and manage carefilly how hardware, software, and functionality changes are released
into our production environment used by our clients to aceess and use various Critical Internet
portals and Internet-relatec services (he “Servioes"), The purpose ofthis document isto define
the practices and processes by which Critical maintains and updates its Production Systems
hile meeting the service evel agreements between Citeal and its clients.
ogies, has
H. About Our Services
Critical provides a robust, ate-oFthe art fully web-based document management and workflow
service for its business clents. Critical does not offer its Services to consumers. Critical's
clients are involved in a wide variety of industries including banking, credit unions, financial
services, government, gaming, and aviation. Critical’ liens use our Services to store, manage,
search, retrieve and route documents throughout theit organizations, and to their industry
afiliates, vendors, and regulatory agencies. The information we menage for our clients is
highly confidential to our liens, and often contains highly confidential personal and business
information about our eles’ customers and employees. Moreover, our elients are materially
nd operationally dependent on the Services we provide, and insist on “uptime” and reliability to
fequal the highest standaids of the Software-ss-e-Service industry. Consequently, Critical
controls and manages carfully the ways and means by which it introduces new hardware,
software, and functionality to our Services so tht Cteal causes te least amount of disruption
possible to clients dependent on our Production Systems and Services,
ML Production Systems Defined & Policy Scope
“The Policy covers changes made to existing Critical network equipment curently in production.
For terms of this documest, "Production System(s)" are those systems which are accessed by
clients and for which Crtsl receives payment for services on those systems, Systems that log
access oF provide other tesary Tunetions are not considered Production Systems with regard 10
‘change management procedures. Intemal Critical systems, such as emi and data access are also
not covered by tis Policy
" anvano aes Sven a Cel TessasCRITICAL
Critical Technologies, Inc.
Security Incident
Management
Policies and Procedures
Version 20, Septomber 2018
Cita! Teemetoge, nc da AVouRCRITICAL
hnelogies
AYrVAUL
DISASTER RECOVERY
AND AIRVAULT SERVICE CONTINUITY PLAN
FOR COMPANY OPERATIONS CENTERS
(REVISED JANUARY, 2017)