3. Information Security Program

3.1      Security policies and standards

At Thru, Inc., our Information Security Program forms the foundation of our commitment to protecting our clients' data. Due to Thru’s cloud first strategy our comprehensive program relies heavily on the Cloud Security Alliance’s best practice recommendations, ensuring we meet or exceed industry and individual compliance framework’s best practices.

3.2      Security governance and organization

Our security governance is led by our Chief Software Architect, who reports directly to the CEO, underlining the importance we place on security at the highest levels of our organization. We have a dedicated security operations team who work closely with all departments to ensure security is integrated into every aspect of our operations. Risk management is a continuous process at Thru. We conduct continuous and regular risk assessments, using a combination of automated tools and manual analysis to identify potential threats to our Managed File Transfer service. Risks are prioritized based on potential impact and likelihood, with mitigation strategies developed and implemented promptly.

3.3      Security awareness and training

We believe that security is everyone's responsibility. Therefore, all Thru employees undergo mandatory security awareness training upon joining and annually thereafter. This training is regularly updated to address emerging threats, with a particular focus on the unique security considerations of data privacy.