Security Documentation

AES ETL Control Panel for Microsoft Fabric

Publisher: Assurance eServices Inc.
Workload Name: AssuranceEServices.AESETLPanel
Version: 3.8.0
Last Updated: April 28, 2026
Classification: Public

---

1. Executive Summary

This document provides comprehensive security information for the AES ETL Control Panel workload for Microsoft Fabric. Assurance eServices is committed to maintaining the highest security standards to protect customer data and ensure the integrity, confidentiality, and availability of our services.

Key Security Principles:

• Zero Trust Architecture: Never trust, always verify
• Defense in Depth: Multiple layers of security controls
• Privacy by Design: Minimal data collection, customer-controlled storage
• Compliance First: SOC 2, ISO 27001, GDPR, CCPA certified
• Continuous Monitoring: 24/7 security monitoring and threat detection

---

2. Security Architecture

2.1 Architecture Overview

The AES ETL Control Panel implements a security-first architecture with the following components:

┌─────────────────────────────────────────────────────────────┐
│                    Customer's Fabric Tenant                  │
│  ┌────────────────────────────────────────────────────────┐ │
│  │           Microsoft Entra ID (Azure AD)                 │ │
│  │         • User Authentication                           │ │
│  │         • Multi-Factor Authentication                   │ │
│  │         • Conditional Access Policies                   │ │
│  └──────────────────────┬─────────────────────────────────┘ │
│                         │ Auth Tokens (HTTPS)               │
│  ┌──────────────────────▼─────────────────────────────────┐ │
│  │         AES ETL Control Panel Frontend                  │ │
│  │         (Azure Static Web Apps)                         │ │
│  │         • HTTPS Only                                    │ │
│  │         • Content Security Policy                       │ │
│  │         • No Credential Storage                         │ │
│  └──────────────────────┬─────────────────────────────────┘ │
│                         │ Fabric SDK APIs (HTTPS)           │
│  ┌──────────────────────▼─────────────────────────────────┐ │
│  │              Microsoft Fabric Platform                  │ │
│  │         • Workspace & Item Management                   │ │
│  │         • OneLake Storage (AES-256)                     │ │
│  │         • Spark Compute (Customer Capacity)             │ │
│  │         • Role-Based Access Control                     │ │
│  └─────────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘

2.2 Security Boundaries

Customer Boundary:

• All authentication via customer’s Microsoft Entra ID
• All data stored in customer’s OneLake storage
• All compute within customer’s Fabric capacity
• No data leaves customer’s tenant boundary

Assurance eServices Boundary:

• Frontend application code (static assets)
• No customer data storage or processing
• No credential storage or management
• No third-party data sharing

2.3 Data Flow Security

Every data transaction follows secure pathways:

1. User Authentication: Microsoft Entra ID validates user identity
2. Token Acquisition: Fabric SDK obtains access tokens securely
3. API Communication: All API calls use HTTPS with TLS 1.2+
4. Data Storage: Customer data written to OneLake with AES-256 encryption
5. Compute Execution: Spark jobs run within customer’s isolated capacity

---

3. Authentication and Authorization

3.1 Microsoft Entra ID Integration

Primary Authentication:

• Exclusive use of Microsoft Entra ID (Azure AD)
• OAuth 2.0 and OpenID Connect protocols
• Fabric Workload Client SDK for token management
• No custom authentication mechanisms

Enterprise App Registration:

• App ID: 74967d47-b945-468e-90d3-0637a7855ed8
• Multi-Tenant: Supports cross-tenant deployments
• Permissions: Delegated permissions only, no application permissions
• API Scopes: Fabric workspace and item access only

3.2 Multi-Factor Authentication (MFA)

Full MFA Support:

• Compatible with all Microsoft Entra MFA methods
• Supports conditional access policies
• No limitations or bypass mechanisms
• Enforces tenant-level MFA policies

Supported MFA Methods:

• Microsoft Authenticator app
• SMS/Phone call verification
• Hardware security keys (FIDO2)
• Windows Hello for Business
• Third-party authenticator apps

3.3 Conditional Access

Policy Compliance:

• Location-based access restrictions
• Device compliance requirements
• Risk-based conditional access
• Session controls and sign-in frequency
• Application controls and restrictions

No Workarounds: The workload cannot bypass conditional access policies configured by administrators.

3.4 Role-Based Access Control (RBAC)

Fabric-Native Authorization:

• Workspace roles (Admin, Member, Contributor, Viewer)
• Item-level permissions inherited from Fabric
• No custom permission models
• OneLake RBAC for data access

Permission Inheritance:

Fabric Workspace Role → Item Permissions → OneLake Access

Users can only perform actions permitted by their Fabric workspace role.

---

4. Data Security

4.1 Data Storage Security

OneLake Storage:

• Encryption at Rest: AES-256 encryption for all stored data
• Customer-Controlled: All data in customer’s OneLake storage
• Regional Storage: Data remains in customer’s selected Fabric region
• Automatic Backups: OneLake versioning and snapshot capabilities
• No Third-Party Storage: Zero data stored outside customer’s tenant

Data Types Stored:

• Pipeline configuration metadata
• Job definitions and schedules
• Execution logs and monitoring data
• User preferences and settings
• Temporary processing data

4.2 Data in Transit

Transport Layer Security:

• TLS 1.2 Minimum: TLS 1.3 preferred
• HTTPS Only: No unencrypted HTTP communication
• Certificate Validation: Strict certificate pinning
• Perfect Forward Secrecy: Ephemeral key exchange protocols

API Communication Security:

• All Fabric SDK calls over HTTPS
• Token-based authentication on every request
• No sensitive data in URL parameters
• Request/response integrity validation

4.3 Data Residency and Sovereignty

Geographic Control:

• Data stored exclusively in customer’s selected Fabric capacity region
• No cross-region data transfer without customer control
• Compliance with regional data sovereignty laws
• Support for all Microsoft Fabric supported regions

Supported Regions:

• North America (US, Canada)
• Europe (EU regions, UK, Switzerland)
• Asia Pacific (Australia, Japan, India, Southeast Asia)
• Middle East and Africa
• South America

4.4 Data Retention and Deletion

Customer-Controlled Retention:

• Default: 90 days for execution logs
• Extended retention based on OneLake policies
• Customer can purge data at any time
• Automatic cleanup of temporary processing data

Data Deletion:

• Item deletion removes all associated data
• Workspace deletion cascades to all items
• No data retention after customer deletion
• Compliance with “right to be forgotten” (GDPR Article 17)

---

5. Application Security

5.1 Secure Development Lifecycle (SDL)

Microsoft SDL Compliance:

• Threat modeling for all features
• Security requirements in design phase
• Secure coding standards enforcement
• Static Application Security Testing (SAST)
• Dynamic Application Security Testing (DAST)
• Security code reviews for all changes
• Vulnerability scanning in CI/CD pipeline

Development Practices:

• Principle of least privilege
• Defense in depth approach
• Secure defaults configuration
• Input validation and sanitization
• Output encoding to prevent XSS
• CSRF token protection

5.2 OWASP Top 10 Protection

Comprehensive Protection Against:

1. Broken Access Control
   • Fabric RBAC enforcement on all operations
   • Server-side authorization checks
   • No client-side access control decisions
2. Cryptographic Failures
   • TLS 1.2+ for all communications
   • No sensitive data in logs or error messages
   • Secure token storage in memory only
3. Injection
   • Parameterized queries for all data access
   • Input validation and sanitization
   • Context-aware output encoding
4. Insecure Design
   • Threat modeling for all features
   • Security requirements in design phase
   • Secure architectural patterns
5. Security Misconfiguration
   • Secure defaults for all settings
   • Content Security Policy (CSP) enforcement
   • HTTP security headers configured
6. Vulnerable and Outdated Components
   • Automated dependency scanning
   • Regular security updates
   • Vulnerability monitoring and patching
7. Identification and Authentication Failures
   • Microsoft Entra ID exclusive authentication
   • No credential storage in workload
   • Session management via Fabric SDK
8. Software and Data Integrity Failures
   • Code signing for all releases
   • Subresource Integrity (SRI) for CDN assets
   • Integrity validation for packages
9. Security Logging and Monitoring Failures
   • Comprehensive audit logging
   • Security event monitoring
   • Correlation IDs for incident investigation
10. Server-Side Request Forgery (SSRF)
    • URL validation and allowlisting
    • Network segmentation
    • No arbitrary URL processing

5.3 Content Security Policy (CSP)

Strict CSP Headers:

Content-Security-Policy:
  default-src 'self';
  script-src 'self' 'unsafe-inline' https://alcdn.msauth.net https://alcdn.msftauth.net;
  style-src 'self' 'unsafe-inline' https://res-1.cdn.office.net;
  connect-src 'self' https://*.fabric.microsoft.com https://*.analysis.windows.net;
  img-src 'self' data: https:;
  font-src 'self' https://res-1.cdn.office.net;
  frame-ancestors 'self' https://*.fabric.microsoft.com;

Additional Security Headers:

• X-Frame-Options: SAMEORIGIN
• X-Content-Type-Options: nosniff
• X-XSS-Protection: 1; mode=block
• Referrer-Policy: strict-origin-when-cross-origin
• Permissions-Policy: geolocation=(), microphone=(), camera=()

5.4 Frontend Security

React Application Security:

• React 18+ with latest security patches
• No dangerouslySetInnerHTML usage
• XSS prevention through automatic escaping
• Component-level security boundaries
• Secure state management

Fluent UI v9 Security:

• Microsoft-maintained component library
• Regular security updates
• Accessibility and security best practices
• No known CVEs in dependencies

5.5 Dependency Management

Third-Party Dependencies:

• Regular vulnerability scanning (npm audit, Dependabot)
• Automated security updates for critical vulnerabilities
• Dependency review process for new packages
• License compliance verification

Current Security Posture:

• Zero high-severity vulnerabilities
• Zero medium-severity vulnerabilities in production
• All dependencies from trusted sources

---

6. Infrastructure Security

6.1 Azure Static Web Apps Security

Platform Security Features:

• DDoS protection (Azure DDoS Protection Standard)
• Web Application Firewall (WAF) ready
• Automatic HTTPS certificate management
• Global CDN with edge security
• Built-in authentication integration

Infrastructure Hardening:

• No direct server access
• Automated patching and updates
• Network isolation and segmentation
• Azure Monitor integration

6.2 Network Security

HTTPS Enforcement:

• Automatic HTTP to HTTPS redirect
• HSTS (HTTP Strict Transport Security) enabled
• TLS 1.2 minimum, TLS 1.3 preferred
• Strong cipher suite configuration

Firewall Protection:

• Azure Front Door WAF (optional)
• DDoS mitigation at edge locations
• Rate limiting and throttling
• Geographic access restrictions available

6.3 Secrets Management

No Secrets in Workload:

• Zero API keys stored in application
• Zero connection strings in code
• Zero credentials in configuration
• All authentication via Microsoft Entra tokens

Development Secrets:

• Azure Key Vault for build-time secrets
• Environment variables for configuration
• No secrets in source control
• Secret rotation procedures

---

7. Compliance and Certifications

7.1 Security Certifications

SOC 2 Type II:

• Annual attestation audit
• Trust Service Criteria: Security, Availability, Confidentiality
• Report available to customers under NDA
• Continuous monitoring and control testing

ISO 27001:2013:

• Information Security Management System (ISMS) certified
• Annual surveillance audits
• Comprehensive security controls
• Risk management framework

Azure Compliance Inheritance:

• SOC 1, SOC 2, SOC 3
• ISO 27001, ISO 27017, ISO 27018
• FedRAMP, DoD IL2
• HIPAA/HITECH, PCI DSS ready

7.2 Data Protection Regulations

GDPR (General Data Protection Regulation):

• Privacy by design and default
• Data minimization principles
• Right to access, rectification, erasure
• Data portability support
• Breach notification procedures
• Data Processing Agreement (DPA) available

CCPA (California Consumer Privacy Act):

• No sale of personal information
• Right to know what data is collected
• Right to deletion
• Right to opt-out
• Non-discrimination for exercising rights

HIPAA/HITECH:

• Business Associate Agreement (BAA) available
• Technical safeguards implemented
• Administrative safeguards documented
• Physical safeguards (Azure infrastructure)
• PHI handling capabilities (with BAA)

7.3 Industry Standards

PCI DSS Compliance:

• No credit card data processing in workload
• Secure payment processing through third parties
• PCI DSS Level 1 service provider (Azure)

NIST Cybersecurity Framework:

• Identify: Asset management, risk assessment
• Protect: Access control, data security
• Detect: Continuous monitoring, anomaly detection
• Respond: Incident response planning
• Recover: BCDR procedures

---

8. Vulnerability Management

8.1 Vulnerability Scanning

Continuous Scanning:

• Automated dependency scanning (daily)
• Static Application Security Testing (SAST) on every commit
• Dynamic Application Security Testing (DAST) weekly
• Infrastructure vulnerability scanning (weekly)
• Container image scanning (if applicable)

Scanning Tools:

• GitHub Dependabot for dependency vulnerabilities
• SonarQube for code quality and security
• OWASP ZAP for dynamic testing
• Azure Security Center for infrastructure

8.2 Patch Management

Security Update Process:

• Critical vulnerabilities: Patched within 24 hours
• High-severity vulnerabilities: Patched within 7 days
• Medium-severity vulnerabilities: Patched within 30 days
• Low-severity vulnerabilities: Patched in next release

Update Deployment:

• Zero-downtime deployment process
• Automated rollback capabilities
• Staged rollout for major changes
• Customer notification for breaking changes

8.3 Penetration Testing

Annual Penetration Testing:

• Conducted by independent third-party security firms
• Comprehensive application and infrastructure testing
• Social engineering assessment
• Remediation tracking and verification

Scope:

• Frontend application security
• API security and authorization
• Authentication and session management
• Infrastructure configuration
• Data protection mechanisms

---

9. Incident Response

9.1 Security Incident Response Plan

Incident Response Team:

• 24/7 security operations center (SOC)
• Dedicated incident response team
• Executive escalation procedures
• External security consultant engagement

Response Process:

1. Detection: Automated monitoring and alerting
2. Analysis: Severity classification and impact assessment
3. Containment: Immediate threat containment
4. Eradication: Root cause elimination
5. Recovery: Service restoration and validation
6. Lessons Learned: Post-incident review and improvement

9.2 Breach Notification

Customer Notification:

• Initial notification within 72 hours of discovery
• Detailed incident report within 5 business days
• Remediation status updates
• Regulatory notification assistance

Notification Includes:

• Nature of the security incident
• Data and systems affected
• Number of impacted users/records
• Actions taken to contain and remediate
• Steps customers should take
• Contact information for questions

9.3 Communication Channels

Security Incident Reporting:

• Email: security@assuranceeservices.com
• Phone: +1 (469) 664-5313 (24/7 hotline)
• Web Form: https://assuranceeservices.com/security/report-incident
• PGP Key: Available at https://assuranceeservices.com/security/pgp-key

---

10. Business Continuity and Disaster Recovery

10.1 Service Availability

High Availability Architecture:

• 99.9% uptime SLA commitment
• Multi-region deployment capability
• Automatic failover mechanisms
• Load balancing and traffic distribution
• Health monitoring and auto-healing

Recovery Objectives:

• Recovery Time Objective (RTO): 4 hours
• Recovery Point Objective (RPO): 15 minutes
• Maximum Tolerable Downtime (MTD): 8 hours

10.2 Backup and Recovery

Data Backup Strategy:

• Customer data in OneLake (automatic versioning)
• Application code in Git repositories
• Infrastructure as Code (IaC) in version control
• Configuration backups in Azure Key Vault

Disaster Recovery Procedures:

• Regular DR testing (quarterly)
• Documented recovery procedures
• Alternate site availability
• Data restoration validation

Full BCDR documentation: https://assuranceeservices.com/bcdr-policy

---

11. Security Monitoring and Auditing

11.1 Continuous Monitoring

24/7 Security Monitoring:

• Security Information and Event Management (SIEM)
• Intrusion detection and prevention
• Anomaly detection and behavioral analysis
• Automated threat intelligence integration

Monitored Events:

• Failed authentication attempts
• Unauthorized access attempts
• Unusual data access patterns
• Configuration changes
• Security policy violations
• Performance anomalies

11.2 Audit Logging

Comprehensive Logging:

• User authentication and authorization events
• Data access and modification
• Configuration changes
• Administrative actions
• Security events and alerts
• Performance metrics

Log Retention:

• Security logs: 90 days minimum (customer-controlled)
• Audit logs: 7 years for compliance
• Correlation IDs for incident investigation
• Immutable log storage (OneLake)

Log Access:

• Customers have full access to their logs in OneLake
• Exportable for SIEM integration
• Searchable through Fabric interfaces
• API access for programmatic retrieval

11.3 Security Metrics and Reporting

Key Security Metrics:

• Authentication success/failure rates
• Unauthorized access attempts
• Vulnerability remediation time
• Incident response time
• Patch deployment time
• Security training completion

Reporting:

• Monthly security dashboard for enterprise customers
• Quarterly security review meetings
• Annual security assessment reports
• Real-time security alerts for critical events

---

12. Third-Party Security

12.1 Vendor Security Assessment

Vendor Selection Criteria:

• Security certification requirements (SOC 2, ISO 27001)
• Data protection and privacy compliance
• Security incident history review
• Financial stability assessment
• Regular security assessments

Key Vendors:

• Microsoft Azure: SOC 2, ISO 27001, FedRAMP certified
• Microsoft Fabric: Enterprise-grade security and compliance
• GitHub: Secure code repository and CI/CD

12.2 Supply Chain Security

Software Supply Chain:

• Signed commits and releases
• Dependency verification and validation
• Vulnerability scanning for all dependencies
• License compliance verification
• No untrusted third-party code

12.3 No Third-Party Data Sharing

Zero Third-Party Analytics:

• No Google Analytics or similar tools
• No third-party tracking pixels
• No advertising or marketing cookies
• No external data processors
• All telemetry stored in customer’s OneLake

---

13. Privacy and Data Protection

13.1 Privacy by Design

Core Privacy Principles:

• Data minimization: Collect only what’s necessary
• Purpose limitation: Use data only for stated purposes
• Transparency: Clear communication about data practices
• User control: Customers control their data
• Security: Robust protection for all data

13.2 Personal Data Handling

Data Collected:

• User identity from Microsoft Entra ID (name, email, user ID)
• Workspace and item access context
• Usage telemetry (feature usage, performance metrics)
• Error logs and diagnostic information

Data NOT Collected:

• No browsing history outside the workload
• No personal information beyond Fabric context
• No financial or payment information
• No location data (beyond region selection)
• No device identifiers or biometrics

13.3 Data Subject Rights

GDPR Rights Support:

• Right to Access: Full data export capabilities
• Right to Rectification: In-place data editing
• Right to Erasure: Complete data deletion
• Right to Portability: Standard export formats
• Right to Object: Opt-out mechanisms
• Right to Restrict Processing: Processing controls

CCPA Rights Support:

• Right to know what data is collected
• Right to deletion of personal information
• Right to opt-out of sale (N/A – no data sale)
• Right to non-discrimination

Full Privacy Policy: https://assuranceeservices.com/privacy-policy

---

14. User Security Best Practices

14.1 Recommended Security Practices

For Administrators:

• Enable Microsoft Entra Conditional Access policies
• Enforce Multi-Factor Authentication (MFA) for all users
• Implement least privilege access principles
• Regular review of user permissions and access
• Enable audit logging and monitoring
• Configure data retention policies
• Implement sensitivity labels for confidential data

For End Users:

• Use strong, unique passwords for Microsoft accounts
• Enable MFA on all accounts
• Don’t share credentials or access tokens
• Report suspicious activities immediately
• Keep browsers and extensions up to date
• Use corporate-managed devices when possible
• Be cautious of phishing attempts

14.2 Secure Configuration

Workspace Security Settings:

• Configure appropriate workspace roles
• Limit Admin role assignments
• Use groups for access management
• Enable workspace-level auditing
• Configure data loss prevention policies
• Implement network security restrictions (if available)

Item-Level Security:

• Apply sensitivity labels appropriately
• Review and limit sharing permissions
• Use workspace-level defaults for new items
• Regular access reviews
• Remove access for departed employees

---

15. Security Training and Awareness

15.1 Internal Security Training

Employee Training Program:

• Security awareness training for all employees (quarterly)
• Secure coding training for developers (annual)
• Phishing simulation exercises (monthly)
• Incident response drills (quarterly)
• Privacy and compliance training (annual)

Security Culture:

• Security champions program
• Bug bounty program (planned)
• Security knowledge sharing sessions
• Security-first mindset in development

15.2 Customer Security Resources

Security Documentation:

• This security documentation
• Deployment security guides
• Configuration hardening checklists
• Security best practices
• Compliance guides

Training Materials:

• Video tutorials on security features
• Webinars on security best practices
• Documentation portal: https://assuranceeservices.com/docs/security
• Knowledge base articles: https://assuranceeservices.com/kb/security

---

16. Responsible Disclosure

16.1 Vulnerability Disclosure Policy

We Welcome Security Researchers:
Assurance eServices encourages responsible disclosure of security vulnerabilities. We commit to:

• Acknowledge receipt of vulnerability reports within 24 hours
• Provide status updates every 5 business days
• Work with researchers to understand and validate findings
• Credit researchers (if desired) in security advisories
• No legal action against good-faith security research

16.2 Reporting Security Vulnerabilities

How to Report:

• Email: security@assuranceeservices.com
• PGP Encrypted: Use our PGP key (https://assuranceeservices.com/security/pgp-key)
• Web Form: https://assuranceeservices.com/security/report-vulnerability

Please Include:

• Detailed description of the vulnerability
• Steps to reproduce
• Potential impact assessment
• Proof of concept (if available)
• Your contact information (for follow-up)

Response Timeline:

• Initial response: Within 24 hours
• Severity assessment: Within 3 business days
• Fix timeline: Based on severity (see Section 8.2)
• Public disclosure: Coordinated with researcher

16.3 Out of Scope

Please Do NOT:

• Conduct testing on production systems without permission
• Access or modify customer data
• Perform social engineering attacks on employees
• Conduct physical security testing
• Test third-party services (Microsoft Fabric, Azure)

---

17. Contact Information

17.1 Security Contacts

Security Team:

• General Security Inquiries: security@assuranceeservices.com
• Vulnerability Reports: security@assuranceeservices.com
• Security Incidents: security@assuranceeservices.com
• Phone (24/7): +1 (469) 664-5313

Compliance and Privacy:

• Compliance Inquiries: compliance@assuranceeservices.com
• Privacy Questions: privacy@assuranceeservices.com
• Data Protection Officer: dpo@assuranceeservices.com

Customer Support:

• General Support: support@assuranceeservices.com
• Support Portal: https://assuranceeservices.com/support
• Documentation: https://assuranceeservices.com/docs

17.2 Office Locations

Headquarters:

• Assurance eServices Inc.
• 804 Morningside Trl,
• Murphy, TX – 75094.
• United States

Mailing Address:

• Assurance eServices Inc.
• 804 Morningside Trl,
• Murphy, TX – 75094.
• United States

---

18. Related Documentation

Security and Compliance:

• Privacy Policy: https://assuranceeservices.com/privacy-policy
• Terms of Service: https://assuranceeservices.com/terms-of-service
• BCDR Policy: https://assuranceeservices.com/bcdr-policy
• Compliance Attestation: https://assuranceeservices.com/fabric-workload-compliance-attestation
• Service Level Agreement: https://assuranceeservices.com/sla

Technical Documentation:

• Product Documentation: https://assuranceeservices.com/docs/aes-etl-control-panel
• API Reference: https://assuranceeservices.com/docs/api
• Deployment Guide: https://assuranceeservices.com/docs/deployment
• Configuration Guide: https://assuranceeservices.com/docs/configuration

Support and Status:

• Support Portal: https://assuranceeservices.com/support
• Knowledge Base: https://assuranceeservices.com/kb
• Service Status: https://status.assuranceeservices.com
• Compliance Portal: https://assuranceeservices.com/compliance

---

19. Document Control

Version History:

Version	Date	Changes	Author
1.0	April 28, 2026	Initial release	Security Team

Document Review:

• Review Frequency: Quarterly
• Next Review Date: July 28, 2026
• Document Owner: Chief Information Security Officer (CISO)
• Approval Authority: Executive Leadership Team

Document Distribution:

• Classification: Public
• Distribution: Available on public website
• Controlled Copy: This is an uncontrolled copy

---

20. Attestation

Assurance eServices Inc. attests that the information contained in this security documentation is accurate and complete to the best of our knowledge as of the date of publication. We are committed to maintaining and continuously improving our security posture to protect our customers and their data.

For Questions or Verification:
Contact our compliance team at: compliance@assuranceeservices.com

---

Document Classification: Public
Document Version: 1.0
Publication Date: April 28, 2026
Effective Date: April 28, 2026
Next Review: July 28, 2026

---

© 2026 Assurance eServices Inc. All rights reserved.

Confidential and Proprietary Information
This document contains confidential and proprietary information of Assurance eServices Inc. The information is provided for informational purposes only and may not be reproduced, distributed, or used for competitive purposes without prior written consent.