SECURITY & COMPLIANCE POLICY

Last Updated: January 07, 2026

PURPOSE

This Security & Compliance Policy outlines how Rolling Hills Holdings Group Inc, doing business as Rolling Hills Communications & Security (“Company,” “we,” “us,” or “our”), approaches information security, risk management, and regulatory considerations when delivering services to our clients.

This policy is intended to describe our general security posture and guiding principles. It does not constitute a guarantee of security, compliance, or regulatory adherence.

SECURITY PHILOSOPHY

We recognize that no system, network, or environment can be made completely secure. Security is an ongoing risk management process, not a fixed state.

Our approach emphasizes:

  • Risk awareness and mitigation

  • Defense-in-depth strategies

  • Operational resilience

  • Continuous improvement

Security controls and recommendations are implemented based on business context, risk tolerance, technical feasibility, and contractual scope.

FRAMEWORK ALIGNMENT (GUIDANCE ONLY)

Our internal practices and client recommendations are informed by, but not limited to, guidance from recognized cybersecurity and risk management frameworks, including:

  • CISA cybersecurity and critical infrastructure guidance

  • CIS Critical Security Controls and CIS Benchmarks

  • NIST Cybersecurity Framework (CSF) principles

Alignment with these frameworks is used as a reference and guide, not as a representation of certification, formal compliance, or regulatory approval.

We do not represent that our services result in compliance with any specific law, regulation, or standard unless expressly agreed to in a written contract.

INDUSTRY & REGULATORY AWARENESS

Where applicable, we may consider industry-specific requirements such as healthcare, municipal, public safety, financial, or other regulated environments.

However:

  • Clients remain solely responsible for determining their own legal, regulatory, and compliance obligations.

  • Our services do not constitute legal, regulatory, or compliance advice.

  • Compliance requirements vary by organization, jurisdiction, and use case.

Any references to regulatory frameworks are informational and operational in nature only.

CLIENT RESPONSIBILITIES

Effective security is a shared responsibility. Clients are responsible for:

  • Maintaining accurate asset inventories

  • Providing timely access, approvals, and information

  • Enforcing internal policies and acceptable use

  • Training staff on security awareness where applicable

  • Maintaining compliance with applicable laws and regulations

Security outcomes may be affected by factors outside of our control, including third-party vendors, legacy systems, unsupported software, and delayed client actions.

LIMITATIONS & NO GUARANTEE

While we implement commercially reasonable safeguards and best-practice recommendations:

  • We do not guarantee the prevention of security incidents, breaches, data loss, or service interruptions.

  • We do not warrant uninterrupted availability, absolute security, or regulatory compliance.

  • Threat landscapes, vulnerabilities, and attack methods evolve continuously.

All services are provided on an “as-is” and “as-available” basis, subject to contractual terms.

CONTINUOUS IMPROVEMENT

We periodically review and refine our internal practices to reflect evolving threats, technologies, and industry guidance. Security controls and recommendations may change over time as part of this process.

QUESTIONS OR CONCERNS

If you have questions regarding this Security & Compliance Policy or wish to discuss security considerations related to your services, please contact:

Rolling Hills Holdings Group Inc
dba Rolling Hills Communications & Security
882 Church St
Logan, OH 43138
United States
📧 support@rollinghillscommunications.com
📞 (740) 777-1035