DBA Global Shared Services Inc., (“DBA” “us” “we” “our”) and DBA employees have an inherent responsibility to protect the physical information assets of the company, as well as confidential member data and intellectual capital owned by the company. These critical assets must be safeguarded to mitigate any potential risks to DBA and our members. Information Security at DBA is, therefore, a critical business function that should be incorporated into all aspects of DBA’s business practices and operations. 

Fully committed towards ensuring the Confidentiality, Integrity, and Availability of information, DBA has adopted an Information Security Management System (ISMS) with a comprehensive risk management framework to effectively protect the data and information that DBA holds, including information provided by our stakeholders and customers, from security threats, whether internal or external, deliberate, or accidental. 

The management of DBA is committed to ensure that: 

• Policies, procedures, and standards have been created to ensure secure business practices are in place at DBA. 
• Information security is a foundational business practice that must be incorporated into planning, development, operations, administration, sales, and marketing, as each of these business functions requires specific safeguards to be in place to mitigate the risk associated with normal business activities. 
• Awareness of the employees about information security risks is enhanced through regular training and appropriate initiatives. 
• Establishing, monitoring, reviewing measurable and time bounded objectives and performance indicators. 

As an outsourcing company, DBA is subject to the relevant Security and Privacy laws, including State and Federal Laws, and regulations where it provides its services, which, if not complied with, could potentially result in fines, audits, loss of member confidence, and direct financial impacts to the company. Compliance with all applicable regulations is the responsibility of every employee at DBA. 

The organization continually improves the suitability, adequacy and effectiveness of the information security management system and practices the same through various strategic and operational initiatives.