We have a robust set of security and privacy policies that we maintain and all employees are required to review relevant policies at least annually. We continuously monitor all of our infrastructure, identity providers, HR tools, and version control systems to ensure our policies and procedures are followed.  Using an automated monitoring and alerting system we work to quickly resolve any issues noted. Annual SOC 1 Type II and SOC 2 Type II audits are completed annually with the audit periods ending in February.

At least annually we perform an internal risk assessment reviewing many possible risks of many types, ranging from topics such as physical security to AI Safety measures. After reviewing those risks we determine treatment plans for any high risk categories that would also have an elevated likelihood.

Scalar’s Information Security Policy aims to protect information from unauthorized access, modification, or loss. The policy applies to all Scalar personnel and entities accessing company networks, outlining security objectives, roles, and responsibilities. It mandates annual policy reviews, security training for all personnel, and a clean desk policy to safeguard sensitive information.

Computer workstations must be locked when not in use and shut down at the end of the day. Sensitive information must be securely stored, and passwords should not be written down. Remote access tools must comply with specific security requirements, including multi-factor authentication and strong encryption.

Scalar will maintain proof of ownership for licenses and ensure only licensed software is installed. New hires will sign a confidentiality agreement, and all employees will adhere to security policies, including a progressive discipline process for policy violations. Scalar reserves the right to monitor employee activities to ensure compliance with these policies.

Scalar’s Incident Response Plan outlines procedures for detecting, reporting, and responding to security incidents. The plan applies to all users and requires reporting of vulnerabilities and incidents within 24 hours. The plan includes roles and responsibilities, incident severity levels, and procedures for investigation, containment, resolution, and communication.

To request a full copy of Scalar’s policies, contact your account manager or fill out our confidential report access request and let us know that you are needing a copy of this report.

Scalar’s Business Continuity Plan outlines procedures for recovering from disruptions, including system and data backup and recovery. The plan is tested annually, with security controls maintained throughout. Response teams, led by the CEO, COO, and CTO, are responsible for personnel safety, business operations, and technical recovery, respectively. To request a full copy of Scalar’s Business Continuity Plan or Disaster Recovery Plan, contact your account manager or fill out our confidential report access request and let us know that you are needing a copy of this report.

Scalar’s Code of Conduct outlines expectations for ethical behavior, safety, and harassment prevention. Employees and contractors are expected to act with integrity, follow policies, and report violations. The code prohibits discrimination, harassment, and drug use, and emphasizes a safe, violence-free workplace.

Scalar requires all employees to protect nonpublic information according to its sensitivity and legal requirements. Employees are responsible for using Scalar’s resources properly, including following information security policies, protecting intellectual property, and ensuring financial integrity. Compliance with the Code of Conduct is mandatory, with violations subject to disciplinary action, and annual acknowledgment is required. The Code of Conduct is reviewed by management at least annually and all personnel are required to agree to the Code of Conduct upon hire and after any material changes to the policy.

To request a full copy of Code of Conduct, contact your account manager or fill out our confidential report access request and let us know that you are needing a copy of this report.

Scalar employs traditional valuation methods in determining the fair value of your portfolio companies including market, income, and cost valuation approaches. Specifically, Scalar will analyze the most current valuations of publicly comparable companies, valuation of comparable private acquisition and investment transactions, secondary transactions, and the discounted cash flow valuation approach. Scalar will also consider commonly accepted allocation methods in determining the final value of your holdings including the Current Value Method, Probability Weighted Expected Return Method, Common Stock Equivalent and the Option Pricing Method.

Scalar maintains a policy of independence and objectivity in accordance with AICPA Professional Standards. While we welcome client dialogue regarding the inputs used in our analysis, we do not adjust valuation conclusions based solely on client preference.

Scalar’s valuation team evaluates whether the provided data constitutes a valid valuation input. Changes to the fair value are made only when the data objectively necessitates a change in assumptions or methodology. We review client feedback to identify and correct any factual errors regarding the subject company’s capitalization, rights, preferences, or financial history.

Due to the volume of companies and investors Scalar serves annually, it is possible that we may have a professional relationship with parties adverse to you in other matters. While we maintain strict confidentiality regarding our client list, we are committed to transparency regarding active disputes.

If you become involved in a legal dispute regarding a valuation and notify us of this matter, we will immediately verify whether we serve the counterparty. If a relationship exists, we will consult with your management team to determine the best path forward. To preserve our independence and your interests, we will either withdraw from the assignment or, if appropriate, proceed only upon your signature of a Conflict of Interest Waiver.

Additionally, all personnel must agree to Scalar’s Insider Trading policy, Scalar’s policy prohibits the misuse of material nonpublic information obtained during employment. Employees are strictly forbidden from trading securities based on MNPI and must maintain confidentiality of all MNPI, even after leaving Scalar. Unauthorized use or disclosure of MNPI may result in disciplinary action and legal consequences.

To request a full copy of Scalar’s Insider Trading Policy, contact your account manager or fill out our confidential report access request and let us know that you are needing a copy of this report.

Scalar’s valuation methods adhere to the guidelines set forth in the AICPA Accounting and Valuation Guide: Valuation of Portfolio Company Investments of Venture Capital and Private Equity Funds and Other Investment Companies. This guide serves as a comprehensive framework that informs Scalar’s approach to selecting and applying various valuation methods. By leveraging these methodologies, Scalar ensures a rigorous and systematic process to arrive at the most accurate and reliable valuations. The guide’s principles help maintain consistency, transparency, and alignment with industry best practices.