DEXTERION

VENDOR RISK MANAGEMENT POLICY

Effective Date: 2/15/26
Governing Law: Indiana, United States

1. Purpose

This Vendor Risk Management Policy establishes standards for evaluating and managing third-party service providers.

2. Vendor Selection Criteria

Prior to engagement, vendors may be evaluated for:

• Security posture.
  
  

• Compliance certifications (if applicable).
  
  

• Data handling standards.
  
  

• Financial stability.
  
  

• Operational reliability.
  
  

3. Contractual Safeguards

Vendors handling sensitive data must agree to:

• Confidentiality obligations.
  
  

• Data protection standards.
  
  

• Security safeguards equivalent to Dexterion requirements.
  
  

• Compliance with applicable law.
  
  

4. Ongoing Monitoring

Critical vendors may be periodically reviewed for:

• Continued compliance.
  
  

• Security performance.
  
  

• Operational stability.
  
  

5. Subprocessor Transparency

Where applicable, subprocessor information is available upon request to enterprise clients.