The Company maintains a cyber safety and security policy to declare its commitment to protect critical (safety and security) cyber assets at all relevant locations where activities are undertaken. Furthermore, the Company ensures that an information security policy is established for all personnel at all relevant locations where activities are undertaken. 

Company shall assess risk and identify threats and vulnerabilities for sensitive information technology aspects and operational cyber security risks and shall ensure that all persons involved understand how it’s being protected. 

The Company aims to: 

1. Prevent actions of people, or lack of action, taken by people either deliberately or accidentally that impact cyber security. 
2. Ensure that regulatory and legislative requirements are met.  
3. Prevent systems and technology failures of hardware, software, and information systems. 
4. Prevent failed internal processes and problems in the internal business processes that impact the ability to implement, manage, and sustain cyber security, such as process design, execution, and control. 
5. Ensure that external events and issues often outside the control of the Company such as disasters, legal issues, business issues, and service provider dependencies are identified and properly infused into the system to respond and recover. 

To fulfil these objectives, the Management is committed to the following approach: 

Top Management has approved the Cyber Safety and Security Policy. It is the Policy of the Company to ensure that: 

1. Information and Systems identified as vulnerable to cyber-attacks will be protected from the loss of confidentiality (note b), integrity (note b) and availability (note d). 
2. Regulatory and legislative requirements are to be met. 
3. Cyber Security Contingency Plans have been produced for support (note e). 
4. Cyber Security training will be available to all staff. 
5. All breaches of information security, actual or suspected, will be reported and investigated.  
6. Guidance and procedures have been produced to support this policy. These include incident handling, information backup, system access, virus controls, passwords and encryption. 
7. The role and responsibility of the Chief Information Officer is to manage information security and to provide advice and guidance on implementation of the Cyber Safety and Security Policy. 
8. All managers are directly responsible for implementing this Policy within their departments. 
9. It is the responsibility of each employee / crew member to adhere to the Cyber Safety and Security Policy. 

NOTES 

1. Information takes many forms and includes data printed or written on paper, stored electronically, transmitted by post or using electronic means, stored on tape or video, spoken in conversation. 
2. Confidentiality: ensuring that information is accessible only to authorized individuals. 
3. Integrity: safeguarding the accuracy and completeness of information and processing methods. 
4. Availability: ensuring that authorized users have access to relevant information when required. 
5. This will ensure that information and vital services are available to users whenever they need them. 

This policy shall be review at least annually to ensure its validation and effectiveness for all company’s premises and locations. Top Management shall review all authorized deviations or exemptions and shall document the extension or revocation of any reviewed authorized deviation or exemption. Documentation of any deviations or exemptions authorized by the current senior management official responsible for the cyber security program shall be maintained.