The procedures and principles set out herein must be followed at all times by the Company and all its employees, agents, contractors, consultants, temporary staff, casual or agency staff, or other suppliers or data processors (hereafter referred to as “Staff”) working for or on behalf of the Company.

Staff are required to read and attest to all the Company’s Information Security policies applicable to them.

Upon hire Staff will be provided with details of all the policies that the Company has determined are relevant to their role and are expected to read and attest to each of those policies.

Policies are reviewed by the Company periodically to ensure they remain relevant and fit for purpose. In order for Staff to maintain an understanding of the policies they are required to review and re-attested each policy on a periodic basis.

All staff have an obligation to help protect the:

• confidentiality of information, which means only authorised people have the right to access certain information;
• integrity of information, which means that only authorised people can change the information, and
• availability of information, which means information must be accessible to the authorised people whenever it is needed.

As conveyed throughout the Company’s Information Security policies, successful protection of the Company’s assets requires Staff to work as a team and follow the processes and procedures outlined. Underpinning the policies are key activities that Staff must follow:

• Report suspicious activity - Examples of suspicious activity may include, but are not limited to, an email request from an unidentified party to initiate a wire transfer, a slow or lagging computer when prompted to open a file or document, an account password was changed without your knowledge, inability to access a Company account, hostile employee behaviour, etc.
• Adhere to the policies - The policies are there to protect the Company, it’s Staff and our stakeholders. Where there are legitimate reasons to depart from the procedures outlined within a policy, request approval as detailed in the policy, if in doubt ask your manager.
• If you are unsure ask - Ask questions about Information Security policies or procedures if you are unsure how they should be applied. All policies include details of who to contact if you have any questions.
• Report Company policy violations - Do not be afraid to report violations or suspected violations of Company policies to your immediate manager or, if more comfortable, to a member of the senior management team. The Company will take all reasonable steps to ensure that no person under their control victimises the whistleblowing individual. Violations can be reported anonymously if preferred.

At the Company’s discretion, the Information Security policies will be amended. This is likely to be a result of a change to:

• the law
• regulation
• industry best practice
• the nature of Enterprise Data Insight’s business

Any material changes made to Company policies will be communicated to the relevant Staff. Staff will be asked to read and attest to the updated policy.

If the Company determines that a member of Staff has violated a Company Information Security policy or policies, disciplinary action may be taken, including, but not limited to, termination. The Company reserves the sole and absolute right to determine the appropriate disciplinary action.

This does not impact Staff’s right to appeal. The Company will treat appeals fairly, consistently, and in a timely fashion.

Responsibility for the Information Security Enforcement Policy rests with Tina Sharma. Duties include, but are not limited to:

• Ensuring that all staff in scope and appropriate external parties have read and confirmed their acceptance of the latest version of this policy
• Monitoring for legal, regulatory or industry best practice developments in relation to this policy
• Coordinate with senior management, IT, and legal counsel to communicate and review issues related to this policy
• Review and update this policy at least every 3 months, in order that it remains fit for purpose

This policy has been approved by senior management and is effective from 01-Jan-2025.

If you have questions or comments about this policy, email us at privacy@edatainsight.com or by post to:

Enterprise Data Insight.

71-75 Shelton Street, Convent Garden, London, WC2H 9JQ

If we change our policies and procedures, we will post those changes on this page. If we make any changes to this Policy that materially change how we treat your personal information, we will endeavour to provide you with reasonable notice of such changes, to your email address of record, and where required by law, we will obtain your consent or give you the opportunity to opt out of such changes.