A-LIGN COMPLIANCE AND SECURITY, INC.

A-LIGN

ALIGN;Account auditing; Accounting services; [ Tax advisory services; ] Business auditing;Reviewing standards and practices to assure compliance with [ tax, Internal Revenue Service, ] Sarbanes Oxley Act, Health Insurance Portability and Accountancy Act, and Payment Card Data Security Standards laws and regulations;

A-LIGN

ALIGN;Providing internal audit services in the nature of business auditing; disaster recovery services, namely, business continuity consulting related to technology related security; Business continuity consulting in the field of business practices utilized during the disaster recovery process and business consulting relating to technology-enabled security; Business consulting related to disaster recovery; Attest services in the nature of account auditing services provided to entities which must adhere to cybersecurity and privacy compliance frameworks, standards and regulations under the Sarbanes Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH), Payment Card Industry Data Security Standard (PCI DSS), Gramm-Leach-Bliley Act (GLBA), Consumer Financial Protection Bureau (CFPB), Federal Financial Institutions Examination Council (FFIEC), National Technical Information Service (NTIS), Limited Access Death Master File (LADMF), General Data Protection Regulation (GDPR) laws, E.U.-U.S Privacy Shield, Criminal Justice Information Services (CJIS) assessments, Agreed Upon Procedures (AUP) engagements, System and Organization Controls (SOC), SOC1, SOC2, SOC3 and SOC for Cybersecurity, Statement on Standards for Attestation Engagements (SSAE), International Standard on Assurance Engagements (ISAE), and Canadian Standard on Assurance Engagements (CSAE), computer software systems' Supplier Security and Privacy Assurance Program (SSPA), and CFPB readiness;Regulatory compliance consulting and assessment services in the nature of providing advisory services relating to cybersecurity and privacy compliance frameworks, standards and regulations under the Sarbanes Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH), Payment Card Industry Data Security Standard (PCI DSS), Gramm-Leach-Bliley Act (GLBA), Consumer Financial Protection Bureau (CFPB), Federal Financial Institutions Examination Council (FFIEC), National Technical Information Service (NTIS), Limited Access Death Master File (LADMF), General Data Protection Regulation (GDPR) laws, E.U.-U.S Privacy Shield, Criminal Justice Information Services (CJIS) assessments, Agreed Upon Procedures (AUP) engagements, System and Organization Controls (SOC), SOC1, SOC2, SOC3 and SOC for Cybersecurity, Statement on Standards for Attestation Engagements (SSAE), International Standard on Assurance Engagements (ISAE), and Canadian Standard on Assurance Engagements (CSAE), Computer Software Systems Supplier Security and Privacy Assurance Program (SSPA), and CFPB readiness; Regulatory compliance consulting relating to security of computer networks, applications, and personal information, namely, providing SOC assessments and attestation, PCI DSS assessment and advisory services, healthcare-related assessments in the nature of HIPAA, HITECH, Health Information Trust Alliance (HITRUST) assessments, related to international IT security standardization certification services, federal assessments in the nature of Federal Risk and Authorization Management Program (FedRAMP) authorization, Federal Information Security Management Act (FISMA) authorization and certification, and computer and scientific subject matter assessment services, including providing computer and scientific subject matter Special Publication (SP), Federal Information Processing Standards (FIPS), and Cybersecurity Framework (CSF) assessment services; regulatory compliance consulting, namely, providing General Data Protection Regulation (GDPR), E.U.-U.S. Privacy Shield, Health Insurance Portability and Accountability Act (HIPAA) security and privacy and Health Information Technology for Economic and Clinical Health Act (HITECH), cybersecurity, data privacy, information security and compliance best practices review, compliance program assessment in the nature of assessing people, processes, technology, data, assets, policies, and procedures to ensure compliance with information security and privacy standards and requirements, computer network and enterprise-level risk assessment, third party risk management, data protection analysis and privacy impact assessment services; Providing internal audit services in the nature of information security and privacy auditing, namely, legal analyses of privacy and information security policies to determine compliance with applicable laws and regulations; Regulatory compliance consulting in the field of data storage and transmission via computer systems;Disaster recovery services, namely, disaster recovery consulting in the nature of computer disaster recovery planning; computer security consultancy services; Providing internal audit services in the nature of IT and systems auditing, namely, evaluating the function of software and hardware systems for security compliance;

A-LIGN ASSURANCE

ALIGN ASSURANCE;Internal audit services, namely, business auditing; disaster recovery services, namely, business planning continuity and disaster recovery consulting;Regulatory compliance consulting and auditing in the field of cybersecurity and privacy regulations compliance with Sarbanes Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH), Payment Card Industry Data Security Standard (PCI DSS), Gramm-Leach-Bliley Act (GLBA), Consumer Financial Protection Bureau (CFPB), Federal Financial Institutions Examination Council (FFIEC), National Technical Information Service (NTIS), Limited Access Death Master File (LADMF), General Data Protection Regulation (GDPR) laws, E.U.-U.S Privacy Shield, Criminal Justice Information Services (CJIS) assessments, Agreed Upon Procedures (AUP) engagements, System and Organization Controls (SOC), SOC1, SOC2, SOC3 and SOC for Cybersecurity, Statement on Standards for Attestation Engagements (SSAE), International Standard on Assurance Engagements (ISAE), and Canadian Standard on Assurance Engagements (CSAE), Microsoft Supplier Security and Privacy Assurance Program (SSPA), and CFPB readiness; regulatory compliance consulting in the field of SOC assessments and attestation, PCI DSS assessment and advisory services, healthcare-related assessments in the nature of HIPAA, HITECH, Health Information Trust Alliance (HITRUST) assessments, International Organization for Standardization certification, federal assessments in the nature of Federal Risk and Authorization Management Program (FedRAMP) authorization, Federal Information Security Management Act (FISMA) authorization and certification, and National Institute of Standards and Technology assessments, National Institute of Standards and Technology Special Publication (SP), Federal Information Processing Standards (FIPS), and Cybersecurity Framework (CSF) assessments;Cybersecurity services in the nature of restricting unauthorized access to computer systems; cybersecurity and information security compliance and assessment services, namely, computer systems analysis for the capability to identify, protect, detect, respond, and recover from unauthorized access or data breach; development of security systems and contingency planning for information systems; testing of computers, networks, and applications to assess information security vulnerability; evaluation of cybersecurity and information security framework compliance with industry standards to ensure the confidentiality, integrity, and availability of data; cyber risk and privacy services, namely, computer security threat and privacy controls and procedures analysis to identify and control access to data; evaluating the processes and procedures in place to evaluate the computer network and privacy capabilities related to systems, people, assets, and data; cybersecurity advisory services, namely, computer security consultancy for the purpose of identifying, assessing, and remediating of controls, processes, policies, infrastructure, and overall cyber capabilities; computer security consultancy in the field of compliance with General Data Protection Regulation (GDPR), E.U.-U.S. Privacy Shield, Health Insurance Portability and Accountability Act (HIPAA) security and privacy, and Health Information Technology for Economic and Clinical Health Act (HITECH); computer security consultancy in the field of cybersecurity, data privacy, information security, and compliance best practices; evaluation of user's staff, processes, technology, data, assets, policies, and procedures to assure compliance with information security and privacy standards and requirements; computer network security consultancy in the field of enterprise-level risk assessment, third-party risk management, data protection analysis, and privacy impact assessment services; computer, network, and information security services, namely, computer network security consultancy to determine the ease with which users' computer network security could be compromised; software-as-a-service (SaaS) services, namely, software for tracking, auditing, storing, and reporting of compliance with local, state, federal, and international cybersecurity and privacy standards and regulations, governance, and risk management related to cybersecurity, data protection, and privacy; internal audit services, namely, evaluation of information technology (IT) systems of others; providing internal audit services, namely, assessment of the information security and privacy vulnerability of others;

A-LIGN ISO 27001

Business services, namely, regulatory compliance services; Application service provider services; Banking and financial services; Data center provider services; Energy and utility services; Government services, namely, regulatory compliance services; Insurance services; Professional services, namely, regulatory compliance services; Software as a service services; Non-profit religious charitable fundraising services; All in the field of information security management systems;The mark consists of a fanciful triangle with a line beginning at the upper left of the design and cutting through the center of said design in the form of a chevron, wherein the term A-LIGN is within said fanciful triangle on the right side of said chevron, and the term ISO followed by the term 27001 are centered beneath said fanciful triangle.;ALIGN ISO TWENTY SEVEN THOUSAND ONE;Color is not claimed as a feature of the mark.;The Certification Mark, as used or intended to be used by persons authorized by the certifier, certifies or is intended to certify that the certified Information Security Management System services conform to the International Organization for Standardization ISO 27001 management system standards.;ISO 27001;

A-LIGN ISO 27001 SECURITY · COMPLIANCE INFORMATION SECURITY MANAGEMENT SYSTEM

Business services, namely, regulatory compliance services; application service provider services, banking and financial services, data center provider services, energy and utility services, government services, namely, regulatory compliance services; insurance services, professional services, namely, regulatory compliance services; software as a service services, non-profit religious charitable fundraising services, all in the field of information security management systems;The mark consists of two circles, one inside the other, and a banner centered near the bottom of said circles. The inner circle is divided into three horizontal bands, wherein the upper band is shaded in a dark gold; the middle band is shaded in a light gold and contains the wording A-LIGN centered near the top, wherein the A and the dot of the i is a dark gold color and the -LIGN portion of the wording is black; and the lower band is shaded horizontally from top to bottom from dark gold to white to dark gold with the words ISO 27001 in black lettering within the white shaded portion. Surrounding the top of the inner circle, and contained by the outer circle, are the words SECURITY and COMPLIANCE in black lettering. The outer circle is outlined with a thin black line and shaded from a light gold, on the left half, and becomes a dark gold on the right half. Centered at the bottom of the two circles is a stylized gold-shaded banner with the words INFORMATION SECURITY MANAGEMENT SYSTEM in black lettering, wherein said banner is outlined with a thin black line, and is shaded in bands of gold and white.;ALIGN ISO 27001 SECURITY · COMPLIANCE INFORMATION SECURITY MANAGEMENT SYSTEM;The color(s) gold, black, and white is/are claimed as a feature of the mark.;The certification mark, as intended to be used by authorized persons, is intended to certify that the certified parties' Information Security Management System services are found to conform to the International Organization for Standardization ISO 27001 management system standards.;SECURITY COMPLIANCE, ISO 27001, AND INFORMATION SECURITY MANAGEMENT SYSTEM;

A-SCEND

Software-as-a-service (SAAS) featuring technology that streamlines and organizes the audit process by centralizing evidence collection, comparing common security frameworks and standardizing compliance requests to consolidate into a single audit, facilitating communication throughout the audit process by providing a consolidated user interface dashboard to review audit status, access audit information, delegate tasks, and allow team members to comment on specific audit requests, and driving efficiency in the audit process by offering compliance driven testing and reporting solutions;

A-SCEND CROSSWALK

Software-as-a-service (SaaS) featuring software that automates matching of requests across compliance and audit standards and systematically deduplicates requests for audit evidence required to prepare for an audit, analyzes published cyber security compliance standards through automated routines to identify similarities in the standards, presents results through visual charts and graphs to demonstrate overlap between compliance audits and related cyber security compliance standards to educate on the level of effort required to pursue compliance with audit standards;

AUDITX

AUDIT X;Software design and development; software-as-a-service (SaaS) featuring software for use in connection with cloud storage design and development; software-as-a-service (SaaS) services in the nature of a self-service internet website portal for software design and development; software-as-a-service (SaaS) featuring software that provides a building assistant for developing and designing cloud-based computer software environments; software-as-a-service (SaaS) services featuring software for automating the construction and auditing of cloud-based computer software environments; software-as-a-service (SaaS) services featuring software for auditing the user environment, namely, user profiles, enforces cybersecurity controls, performs automated evidence collection, and provides risk assessment; software-as-a-service (SaaS) services featuring software for auditing and enforcing enterprise security for secure cloud environments using policy-as-code; software-as-a-service (SaaS) services featuring software for building secure cloud environments;

ISO 22301 CERTIFIED A-LIGN

Business services, namely, regulatory compliance services; Application service provider services; Banking and financial services; Data center provider services; Energy and utility services; Government services, namely, regulatory compliance services; Insurance services; Professional services, namely, regulatory compliance services; Software as a service services; Non-profit religious charitable fundraising services; All in the field of information security management systems;The mark consists of a fanciful triangle with a line beginning at the upper left of the design and cutting through the center of said design in the form of a chevron, wherein the term ISO 22301 CERTIFIED is placed above said fanciful triangle in an open-bottom semicircle shape within two lines also forming an open-bottom semicircle shape. The term A-LIGN is placed below said fanciful triangle justified right.;ISO TWENTY TWO THOUSAND THREE HUNDRED ONE CERTIFIED A-LIGN;Color is not claimed as a feature of the mark.;The Certification Mark, as used or intended to be used by persons authorized by the certifier, certifies or is intended to certify that the certified Information Security Management System services conform to the International Organization for Standardization ISO 22301 management system standards.;ISO 22301 CERTIFIED;

ISO 27001 CERTIFIED A-LIGN

Business services, namely, regulatory compliance services; Application service provider services; Banking and financial services; Data center provider services; Energy and utility services; Government services, namely, regulatory compliance services; Insurance services; Professional services, namely, regulatory compliance services; Software as a service services; Non-profit religious charitable fundraising services; All in the field of information security management systems;The mark consists of a fanciful triangle with a line beginning at the upper left of the design and cutting through the center of said design in the form of a chevron, wherein the term ISO 27001 CERTIFIED is placed above said fanciful triangle in an open-bottom semicircle shape within two lines also forming an open-bottom semicircle shape. The term A-LIGN is placed below said fanciful triangle justified right.;INTERNATIONAL ORGANIZATION FOR STANDARDIZATION TWO SEVEN ZERO ZERO ONE CERTIFIED ALIGN;Color is not claimed as a feature of the mark.;The Certification Mark, as used or intended to be used by persons authorized by the certifier, certifies or is intended to certify that the goods/services provided, namely the certified Information Security Management System services, conform to the International Organization for Standardization ISO 27001 management system standards.;ISO 27001 CERTIFIED;

ISO 9001 CERTIFIED A-LIGN

Business services, namely, regulatory compliance services; Application service provider services; Banking and financial services; Data center provider services; Energy and utility services; Government services, namely, regulatory compliance services; Insurance services; Professional services, namely, regulatory compliance services; Software as a service services; Non-profit religious charitable fundraising services; All in the field of information security management systems;The mark consists of a fanciful triangle with a line beginning at the upper left of the design and cutting through the center of said design in the form of a chevron, wherein the term ISO 9001 CERTIFIED is placed above said fanciful triangle in an open-bottom semicircle shape within two lines also forming an open-bottom semicircle shape. The term A-LIGN is placed below said fanciful triangle justified right.;ISO NINE THOUSAND ONE CERTIFIED A-LIGN;Color is not claimed as a feature of the mark.;The Certification Mark, as used or intended to be used by persons authorized by the certifier, certifies or is intended to certify that the certified Information Security Management System services conform to the International Organization for Standardization ISO 9001 management system standards.;ISO 9001 CERTIFIED;

S

The mark consists of a quadrilateral shape with pointed corners on the top left and bottom right and rounded corners on the top right and bottom left with a stylized letter S within the quadrilateral shape.;SHUJINKO;Color is not claimed as a feature of the mark.;Software design and development; software-as-a-service (SaaS) featuring software for use in connection with cloud storage design and development; providing software-as-a-service (SaaS) in the nature of a self-service internet website portal for software design and development; providing software-as-a-service (SaaS) featuring software that provides a building assistant for developing and designing cloud-based computer software environments; providing software-as-a-service (SaaS) that automates the construction and auditing of cloud-based computer software environments; providing software-as-a-service (SaaS) that audits the user environment, namely, user profiles, enforces cybersecurity controls, performs automated evidence collection, and provides risk assessment; providing software-as-a-service (SaaS) that uses policy-as-code to audit and enforce enterprise security for secure cloud environments; providing software-as-a-service (SaaS) featuring software for building secure cloud environments;