Cybersecurity & Data Protection Policy – The Right Method, LLC

The Right Method, LLC (“The Right Method”) is committed to safeguarding information assets and protecting the confidentiality, integrity, and availability of data entrusted to us in the performance of federal contracts.

1. Alignment with Federal Standards

The Right Method implements safeguards consistent with federal requirements, including:

• The Federal Information Security Modernization Act (FISMA);
• NIST SP 800-171 controls for the protection of Controlled Unclassified Information (CUI);
• Applicable obligations under the Defense Federal Acquisition Regulation Supplement (DFARS);
• Preparation for compliance with the Cybersecurity Maturity Model Certification (CMMC) as required under DoD guidance.

2. Safeguards

We employ layered administrative, physical, and technical safeguards, including encryption of sensitive data, role-based access controls, continuous monitoring, and secure data transfer protocols.

3. Subcontractors & Partners

All subcontractors, including SkillSprint, Inc. (our exclusive technology partner), are required to adhere to equivalent cybersecurity standards and to comply with flow-down requirements contained in applicable contracts.

4. Incident Response

The Right Method maintains an incident response plan consistent with federal guidance. In the event of a cybersecurity incident, we will follow required notification and reporting procedures to contracting officers and designated government officials.