Internal Documentation

Risk Assessment Policy

Purpose

The purpose of this policy is to establish a formalized procedure for Risk Assessment Processes in terms of information assets and information resources.

Scope

This policy applies to all employees, contractors, subcontractors, consultants, temporaries, guests, and any third party that uses Cadence OneFive information assets or information resources. All information assets and information resources used by and in support of Cadence OneFive business operations must comply with the provisions of this policy.

Policy

Risk Assessment Scope

It is Cadence OneFive policy to ensure that Risk Assessments are conducted to identify the critical assets that require protection and to understand and document risks from security failures that may cause loss of confidentiality, integrity, or availability. Risk Assessments should take into account the potential adverse impact on Cadence OneFive reputation, operations, and assets.

Annual Review

Cadence OneFive will conduct an annual, formal Risk Assessment that identifies current and possible threats and vulnerabilities. Cadence OneFive will review its policies, procedures, standards, and guidelines in accordance with the updated Risk Assessment and make any applicable modifications to counter evolving threats.

Visibility

This document is confidential and is a proprietary work product of Cadence OneFive. The information contained herein may not be copied or distributed without the specific written consent of Cadence OneFive.