Information Security
Policy

TThe Management of ONBOARD PLC, represented by the Managing Director, officially declares the Company’s Information Security Policy.

The Policy is documented, communicated and understood by all employees who have access to company information and information systems of Onboard PLC. The policy has been approved by the Management and implemented within the organization. The Policy is communicated to stakeholders.

It is the Company’s Policy to ensure the security of all corporate and customer databases, know- how, software platforms , information and documentation of Onboard PLC’s project implementation related to Telemarketing & Telesales; Inbound & Outbound Calls; Lead Generation; Sales Channel Development; Customer Acquisition and Retention; Mystery Shopping; Database building, analysis, cleansing & profiling and CRM-platform services in line with the relevance statement (version 2) of 1 September, 2013.

This Information Security Policy sets the framework for a system of measures aiming to:

1. Ensure company and customer information confidentiality by implementing agreed upon restrictions on access to and disclosure of information;
2. Secure information integrity by protecting against unauthorized modification or destruction thereof;
3. Provide timely and reliable access to the information;
4. Ensure business process continuity by:

• minimizing the risks to information security that may cause any loss or damage to the Company, its customers, partners and other stakeholders;
• minimizing the extent of loss or damage caused by potential information security breaches;
• providing the necessary resources for implementing an effective management system;
• informing employees of their responsibilities and obligations in terms of the Company’s information security Policy;
• securing compliance with normative and contractual requirements.

The Management of the Company will apply the following fundamental principles for the development, implementation and maintenance of the regulation system.

From a legal point of view:

• compliance with regulatory and professional requirements for confidentiality;
• data protection and privacy;
• maintenance and preservation of the organization’s archives;
• protection of business information and intellectual property rights (know-how, databases).

By generally accepted best practices for information security:

• development of an information security policy;
• allocation of responsibilities for information security;
• information security training;
• reporting security related incidents;
• work continuity management;
• disciplinary measures following violations of the security policy.

The Information Security Policy is distributed to all third parties who have access to the Company’s information and its information systems. The Information Security Policy is continuously reviewed based on the process established in the Management Review. The Information Security Policy is revised as to take account of changing circumstances. Any employee who is found to have violated this Policy shall be a subject to disciplinary measure. All employees and external experts working on Onboard PLC’s projects shall comply with the implemented regulations in line with the Information Security Policy as described in the procedures, instructions and other documents of the Management System.

The Management of ONBOARD PLC declares full commitment to the processes of development, maintenance and improvement of the Quality Management System and Information Security.

Managing Director: Lozan Stefanov
Date: 1 September, 2013