Sabytel Information Security Management

Sabytel Technologies Inc. (Sabytel) holds Canadian and NATO facility clearance granted by the Canadian Industrial Security Directorate (CISD) under the Industrial Security Program and is certified to apply for and hold individual security clearances up to that level. All employees and contractors acting on behalf of Sabytel shall abide by the requirements of this program and the orders outlined in this document. The overriding intent is to ensure our clients and partners that the information provided to Sabytel under contract is appropriately handled and safeguarded at all times. Sabytel maintains a security program to comply with the requirement for handling, processing and storage of clients and partners information. Sabytel recognizes the intent and requirements of the GC Industrial Security Program administered by PWGSC in its mandate to protect GC information and assets and shall abide by the program directives. Sabytel recognizes Treasury Board Secretariat (TBS) as the GC delegated authority for government security policies and the lead agencies identified in the policy documents (such as RCMP, CSIS and CSEC), and will conform to the directives and guidance provided by them in the processing, handling and storage of GC information and assets. Sabytel understands the term 3rd party confidential Information, meaning any information that the disclosing party may disclose to the receiving party that is not in the public domain or known to the receiving party through no fault of the receiving party. Precautions are taken to ensure safeguarding of the information against disclosure to others with the same degree of care and caution as exercised with its own information of similar nature. Precautions are taken to ensure that unauthorized persons do not gain access to protected information. Personnel must observe the requirements for control and registration of sensitive information and assets and to the proper procedures for their packaging and transmittal, predicated on the Government Security Policy. Sabytel adopts the relevant IT security standards such as ISO 27001, 27017, 27018, NIST guidelines and IT security best practices.

Quality Assurance Policy

Sabytel provides expert resources, physical-cybersecurity solutions and services that secure and enable businesses. Sabytel’s top management is committed to:

Comply with ISO 9001:2015 requirements
Comply with customer product quality requirements
Satisfy applicable requirements by ensuring that customer and applicable statutory and regulatory requirements are determined, understood and consistently met
Continual improvement of the QMS by ensuring the risks and opportunities that can affect conformity of products and services and the ability to enhance customer satisfaction are determined and addressed and that the focus on enhancing customer satisfaction is maintained.

Our company's aim is to provide professional and comprehensive services to our customers and it has recognised the importance of Quality Management System in assisting the company to achieve this objective.

Artificial Intelligence Policy

Purpose

This policy governs the use of all AI systems at Sabytel Technologies Inc. to ensure they are deployed securely, ethically, and in compliance with organizational, legal, and client requirements. Our goal is to leverage AI for enhanced operational efficiency, security, and risk management while maintaining accountability and transparency.

Permissible Use of AI Tools

AI tools are used in a manner that is consistent with Sabytel's values and ethical standards. All AI applications are reviewed and approved by the relevant department heads before deployment.

Compliance with Legal and Regulatory Requirements

All AI systems comply with applicable laws and regulations, including data protection and privacy laws. Sabytel conducts regular audits to ensure compliance with these requirements.

Security and Access Controls

Access to AI tools and data is restricted to authorized personnel only. Appropriate security measures is implemented to protect AI systems from unauthorized access and misuse.

Ethical Use

AI systems are designed and used in a way that respects human rights and avoids bias. Any potential ethical concerns are reported to the Ethics Committee for review at cybersec@sabytel.com.

Data Collection and Privacy

Data used by AI systems is collected and processed in accordance with Sabytel's data privacy policies. Personal data is anonymized wherever possible to protect individual privacy.

Monitoring and Reporting

The performance and impact of AI systems are continuously monitored. Any incidents or issues related to AI systems are reported to the IT department immediately.

Integration and Use of Third-Party AI Tools

Third-party AI tools are evaluated for security, compliance, and ethical considerations before integration. Contracts with third-party providers include clauses that ensure compliance with Sabytel's AI policy.

Responsibilities

Sabytel personnel are aware and are responsible for adhering to this policy. Department heads are responsible for ensuring their teams comply with this policy.