SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10

SiliconExpert Information Security Strategy Goal is making our business succeed through protecting

confidentiality, integrity and availability of our set of online tools and our customers’ information.

SiliconExpert is committed to protecting our set of online tools and our customers’ information from

unauthorized access, collection, retention, use, disclosure, modification or destruction.

Our purpose of making this document is to provide an overview of how we protect our systems and

our customers’ information.

SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10

Privacy and Information Security Program

SiliconExpert’s privacy and information security

program complies with privacy laws and

regulatory requirements, and based on the ISO

27001/2 international information security

standards, which includes:

Policies, standards, and guidelines.

Most up-to-date technical security controls and

technologies.

Information security incident management.

Business continuity and Redundancy.

Disaster recovery program.

Risk analysis and assessment.

Vulnerability management.

Monitoring, logging, auditing, and

improvement.

Privacy Policy

We understand that our customers are

concerned about privacy, and the

appropriate use of data, SiliconExpert has a

robust privacy policy in place.

Our Privacy Policy describes how

SiliconExpert handles information about you,

and applies to your use of any website that

posts a link to this Privacy Policy.

This Privacy Policy is posted on

http://www.siliconexpert.com/privacy-policy

It includes, but not limited to:

- COLLECTION OF INFORMATION

- USE OF INFORMATION

- SHARING OF INFORMATION

- ACCESSING AND CHANGING

INFORMATION

SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10

New technologies enormously enhance our

business and abilities to communicate, share

information, but this also increases security

risks, as threats are hugely evolving, creating

more sophisticated attacking methods,

exploiting new vulnerabilities.

SiliconExpert invests in new and most

innovative security controls and

technologies, to maintain confidentiality and

integrity without affecting business

continuity. We combine multiple advanced

security controls which operate in different

layers, including, but not limited to:

- Anti-malware solutions

- Firewalls

- Encryption solutions

- Removable media control

- Multi-factor authentication

- Automated patching solution

- DDOS Mitigation systems

- Intrusion detection and prevention

- Web Application Firewalls

- Remote Access Security systems

- Physical security

- Logging, Monitoring and detection systems

Security Controls and Technologies

Our information security policies are

reviewed on a regular basis to help

ensure their continued effectiveness

and accuracy,

SiliconExpert employees are required to

conduct themselves in a manner

consistent with the company’s

guidelines.

Our information security policies

include, but not limited to:

- Human resources security

- Access control

- Communication security

- Operation Security

- Physical and environmental security

- Security Incident Management

Information security policy

Security Awareness Training

The behavior of employees who do not

comply with information security policies

and procedures is a major threat, which

could lead to costly damages.

SiliconExpert ensures -in an ongoing

process- that employees have a solid

understanding of information security

issues, and how can their proper acting be

a major line of defense against different

types of attacks.

SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10

User Access and Data Protection

SiliconExpert takes every measure possible to

ensure your personal and confidential data is safely

guarded.

Your component and Bill-of-Material (BOM) data is

only accessible by your designated employees

through their assigned user IDs and passwords.

Only designated administrators have high level

access to reset passwords and troubleshoot account

issues.

Customer information and passwords are securely

stored using industry-accepted best practices.

SiliconExpert does not know, and cannot infer, the

design of a product or what a product’s use case is

from a simple listing of components. However, for

our extremely vigilant and concerned customers,

we recommend to not upload sensitive data such as

product names, complete BOMs, or unmodified

internal part numbers into the system. This

precaution, although mostly unnecessary for the

vast majority of our customers, should be

considered as an extra responsibility for the most

data sensitive companies who rely on

SiliconExpert’s solutions.

Access to SiliconExpert is on a per seat license basis.

Users should never share user IDs or passwords.

This is not only important for security, but it also

enables your administrators to more accurately see

activity by user. In our activity reports, you can view

username access, number of component searches

and upload dates, timestamps and concurrent

usage of users.

SiliconExpert can customize security for your

company based on SSO (Single Sign On) and

SAML (Security Assertion Markup Language)

based user authentication schema. The time

period for automatic log out is also configurable

by customer. We also recommend providing

your company IP addresses which we can add to

your access settings.

If required, SiliconExpert can also assign

administrators from your company to control

access to your data and enforcement of your

company rules.

Customers with multiple business groups can

have separated access for each group so that

they can view only their own BOMs and

components but not those of other divisions.

ITAR controlled customer data must never be

loaded into SiliconExpert in its entirety without

modifications (e.g. adding or omitting part

numbers or modifying internal part numbers,

omitting any reference to ITAR in BOM or Project

naming convention, etc.). This is necessary and

recommended as SiliconExpert employs US

citizens and non-US citizens worldwide.

Components loaded into customer projects and

BOMs, which are deleted by a customer, are

then deleted by both active servers and

replication servers. If a customer disengages with

SiliconExpert, their data is purged from our

servers and the account information is deleted.

SiliconExpert Technologies | 1455 NW Irving Street, Suite 200 Portland, OR 97209 | www.siliconexpert.com Version 10

Disaster recovery and business continuity

As SiliconExpert is committed to protecting our services and our customers’ data, we are supporting

these efforts by clear identification of our business potential risks, and disaster recovery strategies

and plans.

The resources needed for incident prevention, detection, response, and recovery are applied, tested,

and updated on an ongoing basis, and also the whole production environment including customers’

data is maintained with the assistance of a leading managed hosting provider.

Compliance and Validation

In order to make sure that all our applications, networks, and security controls are working

effectively and properly, and to maintain and improve our security level, we regularly execute the

following:

- Application and network security vulnerability assessments.

- Security controls effectiveness assessments.

- Information Security Policy and international standards compliance audits.