This Information Security Policy outlines the measures that our company, Cognavi India Private Limited (“Cognavi”) will undertake to protect the confidentiality, integrity, and availability of our website available at www.cognavi.com and the information available on our website. The policy is designed to ensure that we comply with all applicable laws and regulations governing information security in India, including Information Technology Act, 2000, and the rules and regulations made thereunder.

This policy applies to all employees, contractors, vendors, temporary staff, third-party entities, individuals that have access to our website or any information associated with it.

Our Information Security Policy is designed to achieve the following goals:

• Protect the confidentiality of our website and associated information.
• Ensure the integrity of our website and associated information.
• Maintain the availability of our website and associated information.
• Comply with all applicable laws and regulations governing information security in India, including the Information Technology Act 2000 and the rules and regulations made thereunder.
• Continuously improve our information security practices.

All employees, contractors, vendors, temporary workers, third-party entities, and individuals that have access to our website or any information associated with it are responsible for:

• Being aware of all the requirements under this Information Security Policy.
• Complying with this Information Security Policy on a day-to-day basis.
• Highlight any perceived risks where information security practices could be improved and report any suspected security breaches to the designated security officer.
• Cooperating with security investigations and audits.
• Ensuring that their activities do not compromise the security of our website or associated information.
• Ensure that any information it receives while accessing Cognavi’s website which can be deemed confidential is protected and kept in confidence.

Information Classification:

All information associated with our website will be classified based on its sensitivity and criticality. The following classifications will be used:

• Public: Information that can be freely distributed to the public without any restrictions.
• Internal: Information that is not intended for public release and should only be shared with authorized personnel.
• Confidential: Information that is sensitive and should only be shared on a need-to-know basis.
• Top Secret/ Highly Confidential: Information that is extremely sensitive and should only be shared with the highest level of clearance.

All employees, contractors, vendors, temporary workers, third-party entities, and individuals having access to our website must abide by the information classification detailed above and must ensure that the same is not breached under any circumstances.

Security Measures:

Our website and associated information will be protected using the following security measures:

• Firewall protection.
• Encryption of confidential information.
• Regular vulnerability assessments and penetration testing.
• Backup and recovery procedures.
• Antivirus software.
• Incident response procedures.
• Regular security awareness training for all personnel.

Incident Response:

In the event of a security breach or a security breach, Cognavi will ensure compliance with the security incident reporting requirements as prescribed under the directions issued by Government of India, Ministry of Electronics and Information Technology, Indian Computer Emergency Response Team (CERT-In) dated April 28, 2022. Further, we will follow our incident response procedures to minimize the impact of such a security breach or security incident.

Review and Update:

This Information Security Policy will be reviewed and updated as needed to ensure that it remains effective and compliant with all applicable laws and regulations governing information security in India including the Information Technology Act, 2000 and the rules and regulations made thereunder. Our company is committed to maintaining the confidentiality, integrity, and availability of our website and associated information. All personnel having access to our website are required to comply with this Information Security Policy to ensure that our website and associated information are protected against unauthorized access, disclosure, or modification.

Exceptions and exemptions

Any exceptions and exemptions to the policy must be approved by the chief technology officer (CTO) of Cognavi in advance.

Non-Compliance

Any employees, contractors, vendors, temporary workers, third-party entities, and individuals violating this policy may be subject to disciplinary action or appropriate legal action, as may be determined by Cognavi.