Cyber Security Policy

Pleavin Power Ltd This cyber security policy outlines our guidelines and provisions for preserving the security of our data and technology infrastructure. The more we rely on technology to collect, store, and manage information, the more vulnerable we become too severe security breaches. Human error, hacker attacks and system malfunctions could cause  great financial damage and may jeopardise our company’s reputation. For this reason, we have  implemented a number of security measures. We have also prepared instructions that may  help mitigate security risks. We have outlined both provisions in this policy. 

Scope 

This policy applies to all our employees, contractors and anyone who has permanent or  temporary access to our information, systems, and IT provisions. 

Confidential Data 

Confidential data is secret and valuable to our business. Examples of confidential information  include: 

• Unpublished financial information. 
• Data of customers, partners, suppliers, and employees (existing and prospective). 
• Data entrusted to our company by external parties. 
• Pricing, marketing, objectives, and other undisclosed strategies. 
• Documents and processes explicitly marked as confidential. 
• Unpublished goals, forecasts and initiatives marked as confidential. 

All employees are obliged to protect this data. When new employees are onboarded, each will  receive a copy of our company handbook providing further information for responsible use of IT  provisions, including email, internet, and social media use. In this policy, we will give our  employees instructions on how to avoid security breaches. 

Protect Personal and Company Devices 

When employees use their digital devices to access company emails or work use software  accounts, they introduce security risk to our data.  

All employees are advised to keep both their personal and any company issued devices secure.  This can be achieved by: 

• Keeping all devices password protected. 
• Ensuring that devices are not left exposed or unattended. Device screens should be locked  when logging off and leaving desks for an extended period of time to prevent prying and  unauthorised use.

• Having recognised antivirus, malware, firewall software installed, kept updated and  operational using two step authentication (whenever possible) and ensuring that security  updates of browsers and systems are installed as soon as updates are available. 
• Only logging into company systems and work accounts through secure and private Wi-Fi  networks. 
• Do not install or download software onto work devices unless authorised by the company.  • Employees are to refrain from accessing company emails or work use software accounts  from other people’s devices or lending their own devices to others. 

Where employees are provided with company-issued devices or equipment they will receive  instructions for: 

• Password set up and management. 
• Installation of antivirus/anti-malware software. 

Keep Emails Safe 

Emails often host scams and malicious software. To avoid virus infection or data theft, we  instruct employees to: 

• Avoid opening attachments and clicking on links when the content is not adequately  explained (e.g., “watch this video, it’s amazing”). 
• Be suspicious of clickbait titles (e.g., offering prizes, notifying of moneys owed to the  recipient). 
• Check email and names of people they receive a message from to ensure they are  legitimate. 

• Look for inconsistencies or give-aways (e.g., grammar mistakes, capital letters, excessive  number of exclamation marks). 
• If an employee isn’t sure that an email, they received is safe, this should referred to their  direct manager before opening, responding to, or actioning any requests. 

Manage Passwords Properly 

Password leaks are dangerous since they can compromise our entire infrastructure. Not only  should passwords be secure so they won’t be easily hacked, but they should also remain  secret. For this reason, we advise our employees to: 

• Choose passwords with at least eight characters (including capital and lower-case letters,  numbers, and symbols) and avoid information that can be easily guessed (e.g., birthdays). • Remember passwords instead of writing them down. If employees need to write their  passwords, they are obliged to keep the paper or digital document confidential and destroy  it when their work is done. 
• Exchange credentials only when absolutely necessary. When exchanging them in-person  isn’t possible, employees should prefer the phone instead of email, and only if they personally recognise the person they are talking to. 

• Change their passwords every two months.
• Use the services of a password management tool to generates and store passwords  securely.  

Transfer and Share Data and Information Securely 

Transferring data/information introduces security risk. Employees must: 

• Avoid transferring sensitive data (e.g., customer information, employee records) to other  devices or accounts unless absolutely necessary. When mass transfer of such data is needed, we request employees to ask their direct manager who can approach our IT  provider for help. 

• Share confidential data over the company network/system and not over public Wi-Fi or  private connection. 
• Ensure that the recipients of the data are properly authorised people or organisations and  have adequate security policies. 
• Report scams, privacy breaches and hacking attempts. 

We need to know about scams, breaches, and malware so that we can better protect our  infrastructure. For this reason, we advise our employees to report perceived attacks, suspicious emails, or phishing attempts as soon as possible to us, so that our IT provider can investigate promptly, resolve the issue and send a companywide alert when necessary. 

We encourage our employees to reach out to us or our IT provider with any questions or  concerns. 

Additional Measures 

To reduce the likelihood of security breaches, we also instruct our employees to: 

• Report stolen or damaged equipment as soon as possible to their direct manager. 
• Change all account passwords at once when a device is stolen. 
• Report a perceived threat or possible security weakness in company systems. 
• Avoid accessing suspicious websites. 
• We also expect our employees to comply with our social media and internet usage policies. 

We Will: 

• Provide and assist with install of anti-virus, firewall, anti-malware software for work issued  devices. 
• Provide training on information security training to all employees. 
• Inform employees regularly about new scam emails or viruses and ways to combat them.
• Investigate security breaches thoroughly. 
• Follow this policy’s provisions as other employees do. 
• Have and maintain physical and digital shields to protect information.

Remote Employees 

Remote employees must follow this policy’s instructions too. Since they will be accessing our  company’s information and systems from a distance, they are obliged to follow all data encryption, protection standards and settings and ensure their private network is secure. We encourage them to seek advice from our IT Provider. 

Disciplinary Action 

We expect all our employees to always follow this policy and those who cause security breaches may face disciplinary action. 

• First-time, unintentional, small-scale security breach: We may issue a verbal warning and  train the employee on security. 
• Intentional, repeated, or large-scale breaches (which cause severe financial or other  damage): We will invoke more severe disciplinary action up to and including termination.  We will examine each incident on a case-by-case basis. 

Additionally, employees who are observed to disregard our security instructions will face  progressive discipline, even if their behaviour hasn’t resulted in a security breach. 

Take Security Seriously 

Everyone, from our customers, suppliers and partners to our employees and contractors,  should feel that their data is safe. We must proactively protect our information, systems and  databases and can all contribute to this by being vigilant and keeping cyber security a top  priority.