Geoffrey Ronning Group Inc. DBA ONLINEMEETINGNOW.COM
Data Security Policy
Effective Date: May 25, 2018

INTRODUCTION

The purpose of this Policy is to describe DBA ONLINEMEETINGNOW.COM (OMN) security
policy regarding personal information collected and processed by OMN’s online services
("Policy").

Specifically, this Policy is intended to identify OMN’s policies, procedures, and auditing and
training practices utilized for data security, and our resulting responsibilities to protect personal
information from loss, misuse, unauthorized access, disclosure, alteration and destruction.

PERSONAL INFORMATION

OMN collects personal information in accordance with our Privacy Policy. This information is
stored in a secure facility on hardened systems using reasonable and adequate security
protocols. Access to this information is restricted to authorized personnel only.

APPROACH TO SECURITY

The following sections describe OMN’s comprehensive approach to ensuring enterprise-wide
compliance with its Policy. This consists of four (4) major areas: Security, Personnel,
Education, Verification and Contracts.

SECURITY

Security of data is the cornerstone of verifying privacy of data. OMN maintains a rigorous
security posture through focused methodology. It is founded on the implementation of best
practices and security policies in five (5) major areas providing enterprise wide coverage
including:
Regulatory Controls
Organizational Controls
Service Provider Controls
Standardized Process and Practices
Business Partner Control.
Key policies in place that contribute to the verification and compliance with the Policy are:
Awareness and Training
Personnel Practices
Administrative Roles and Responsibilities
Network and Telecommunications Security
Incident Detection and Reporting
Malicious Code Control (Antivirus)
Logical and System Access
Physical Access
Remote Access
Firewall Management
Third Party Services
Data Classification, Confidentiality, Integrity and Availability
Policy Compliance

Operational procedures demonstrating compliance with the Policy are:
Change Control
Event monitoring
Data backup
System hardening

PERSONNEL

Our personnel consist of employees and contractors.

EDUCATION

OMN regularly notifies and reinforces its Privacy Policy with its personnel. This is done using
the following process:
The Privacy Policy is distributed company-wide via email upon employment and when updated.
The Policy is displayed on OMN’S website.
At least once per year, the Policy is presented and discussed at a company-wide meeting.

VERIFICATION

The Policy is self-verified periodically by OMN’S Security Officer. The Security Officer is
responsible for:
Ensuring that the policies, guidelines, internal procedures, personnel training, and other
measures necessary to implement the Policy are developed and put into practice,
Working with OMN’S legal counsel to ensure OMN’S ongoing compliance with
applicable privacy laws and agreements, as well as any of OMN’S other related legal
obligations, and
Overseeing annual assessments of OMN’S internal and external practices to ensure
that they conform to the Policy and related company obligations.
In addition, OMN’S, through its internal audit processes, conducts an audit of its
security controls a minimum of once per year. This independent review assesses the physical
security, network security and operational policies and controls in place to protect customer
data.


CONTRACTS

As a condition of employment, all OMN’S personnel must sign a IP Confidentiality Agreement.
This agreement includes a provision that addresses personnel responsibility regarding
compliance with privacy-related matters.

IN WITNESS WHEREOF, the undersigned Security Officer hereby accepts this Data Security
Policy and agrees to implement all terms and conditions thereof.

/Nahid Hossain/
_____________________________
Nahid Hossain, Security Officer