The purpose of this policy is to formulate, develop, document, train and communicate policies, procedures, control mechanisms and standards governing key IT function activities and protection of key IT systems and infrastructure from operational, cyber, physical access and other risks. Periodic independent review of such policy, procedures, and controls is performed to assure such policy remains commensurate with risks involved in the Company’s operations.