Unanet Information Security Exhibit 

why-unanet-logo-mask

Effective Date: August 17, 2023
Reviewed and Updated: July 18, 2025  

Unanet maintains a written information security program that contains administrative, technical, and physical safeguards that are appropriate to protect Customer Data in its possession and control and that are reasonable based on the size and scope of Unanet’s business, its resources, and the type of Services it provides.

Unanet’s security program is designed to:

  • Protect the confidentiality and availability of Customer Data in Unanet’s possession or control;
  • Protect against unauthorized or unlawful access to the Customer Data or accidental loss or destruction of Customer Data in Unanet’s possession or control; and
  • Protect against anticipated threats to Customer Data or Unanet Subscription Services.

Policies.

Unanet maintains internal policies designed to:

  • Limit access to software and systems to authorized individuals;
  • Place restrictions on software installation and use;
  • Manage technical vulnerabilities and malware; and
  • Manage data retention and deletion requirements.

Security and Access Controls.

Unanet has implemented and maintains security controls, including:

  • Asset inventory and asset classification based on criticality for business continuity;
  • Return policy for equipment and process for disabling access following employee termination;
  • Unique, individual access credentials to approved applications, operating systems, databases, and network devices;
  • Multi-factor authentication for authorized employee access to local operating system, VPN, AWS environment, and individual servers;
  • System segregation and access controls for access to Customer Data;
  • Limit access to authorized users based on the principle of least privilege within Unanet;
  • Review access rights quarterly;
  • Password complexity requirements and password expiration and storage policies;

AWS provides all physical asset controls to the cloud platform.

For additional information security details and information, including copies of our SOC2 reports, please visit our trust portal at trust.unanet.com. The materials and information in the trust portal are provided for informational purposes only and do not form part of any agreement.