evaluation of the outsourcee , review of the outsourcee ’s qualifications, and provision associated with the use of services to ensure mitigation of risks from the outsourcee ’s access to the organization’s IT

) Chapter 2: IT Security with the following details: 2.1 Information Security Policy; 2.2 Organization of Information Security; 2.3 Human Resource Security; 2.4 Asset Management; 2.5 Access Control 2.6

three years, if any. 1.3 Shareholding structure In the case where the Company consists of subsidiaries or associates, the following information is required: - Policy on operational organization within the