The Osborne Group takes cybersecurity seriously.

From the onset, all principals and associates are trained to understand the role they
hold with the security of the organization. It starts with onboarding; signing off on a
confidentiality agreement, user account configuration and cybersecurity training. It
continues with annual cyber security training, routine phishing testing and ongoing
security awareness activities.

The Osborne Group utilizes the services of a well-respected cybersecurity firm and
subscribes to a virtual Chief Information Security Officer to oversee best practices
and maturity throughout the organization.

For Governance, The Osborne Group has a robust set of security policies and
standards, and ensures they are followed and kept up to date.

On a technical front, The Osborne Group adheres to best practices in the industry,
including strong Microsoft practices, multi-factor authentication, and encryption of
confidential and restricted data. All backups are encrypted and stored offsite, and our
website is tested monthly for security vulnerabilities via pen testing and scanning.

Overall, The Osborne Group treats cybersecurity as a priority and works to
strengthen its posture in every aspect of its delivery.