August 20, 2021 To whom it may concern: This letter confirms that A-LIGN conducted an ISO/IEC 27001:2013 recertification assessment for Menlo the week of August 2, 2021. The scope of the examination included Menlo’s compliance with all ISO/IEC 27001:2013 clauses and relevant annex controls as outlined in the statement of applicability. The assessment covered all in scope personnel at Menlo’s locations as outlined in the scope of registration. Please don’t hesitate to contact me if you have any questions. Regards,

Steve Simmons, CISSP, CISA, CIA EVP Compliance Services A-LIGN Compliance and Security Inc. www.A-LIGN.com steve.simmons@a-lign.com Tel. 1-888-702-5446 ext. 103 Fax 1-888-273-0230

This is to certify that the Information Security Management System of:

CERTIFICATE OF REGISTRATION

ISO/IEC 27001: 2013

Information Security Management System

Menlo Security, Inc.2300 Geng Road, Suite 200Palo Alto, California 94303U.S.A.

Issued by:

This certificate was issued electronically and is bound by the terms and conditions set forth in the agreement. Further clarification regarding the scope of this certificate and applicability to the ISO/IEC 27001: 2013 standard may be obtained at www.a-lign.com.A-LIGN Headquarters: 400 N. Ashley Dr. Suite 1325 Tampa, Florida 33602 Tel: 888-702-5446

Issue Date: 08/23/2018

Certificate Number: SEC1683 v1.5 Statement of Applicability: 1.3 (08/13/2018)Expiry Date: 08/23/2021

Conforms with the requirements of ISO/IEC 27001: 2013 for the scope listed below:

This Information Security Management System (ISMS) manual addresses the security and risk management measures Menlo Security put in place for preserving and maintaining the confidentiality, integrity, and availability of information. Menlo’s Security team performs monitoring and review of its services and operations, handles ISMS internal audits, risk assessments, monitors corrective actions implementation, and controls documents for the secure and dependable operation of the Menlo Security Isolation Platform.

Page 1 of 2

Re-Issue Date: 08/30/2019

EVP, Compliance Services

CERTIFICATE OF REGISTRATION

ISO/IEC 27001: 2013

Information Security Management System

This certificate was issued electronically and is bound by the terms and conditions set forth in the agreement. Further clarification regarding the scope of this certificate and applicability to the ISO/IEC 27001: 2013 standard may be obtained at www.a-lign.com.A-LIGN Headquarters: 400 N. Ashley Dr. Suite 1325 Tampa, Florida 33602 Tel: 888-702-5446

Additional Locations: Registered Activities Included: Inspired, Easthampstead RoadBracknell, RG12 1YQ United Kingdom

Page 2 of 2

This is to certify that the Information Security Management System of:

Secondary Office Location

Issue Date: 08/23/2018

Certificate Number: SEC1683 v1.5 Statement of Applicability: 1.3 (08/13/2018)Expiry Date: 08/23/2021

Re-Issue Date: 08/30/2019