Information Security Policy

PURPOSE AND SCOPE

The Information Security Policy of Primex ehf. (“the Company”) outlines the emphasis of the Company’s management on information protection and data security. The Company's information assets must be protected against all threats, internal and external, deliberate or accidental. Professional and standardized practices are the key to success, and this policy has been established to demonstrate that commitment. The implementation and execution of the policy are vital to ensure that the Company's operations and services are as secure as possible and that proper working procedures are followed.

 

The Information Security Policy of Primex ehf. applies to the security of the Company's information assets and to all forms of information, regardless of format or medium. The policy covers the handling, management, and storage of data, as well as all work processes related to services and operations at all Company sites.

 

The Information Security Policy also applies to the facilities and equipment where information is processed or stored, as well as to employees and contractors who have access to the Company's information or sites.

POLICY

Primex shall promote the security of its information assets through organized procedures that support business continuity and minimize operational risk.

OBJECTIVES

The objectives of Primex ehf. with this Information Security Policy are to:

1. Ensure maximum security of information assets and information systems owned or managed by the Company.

2. Protect information assets from unauthorized access, inappropriate use, disclosure, or destruction of important and sensitive data.

3. Protect information assets from unauthorized access, inappropriate use, disclosure, or destruction of important and sensitive data.

4. Establish and maintain active awareness of information security among employees, management, and those who access information assets as part of their work for the Company.

5. Maintain a continuous and systematic effort within the Company to promote improvement and regularly assess risk to determine whether improvements to information security are needed.

MEANS TO ACHIEVE OBJECTIVES

The Company's methods for achieving these objectives are to:

• Maintain an inventory of information assets and classify them by their importance to the Company's operations.

• Regularly, through formal risk assessments, identify the value, sensitivity, and potential threats to information assets.

• Regularly, through formal risk assessments, review access to the Company's facilities and assets, their vulnerabilities, and the threats that could endanger them.

• Ensure employees and service providers receive training and education on information security and their responsibilities in this regard.

• Comply with all contracts related to information security to which the Company is a party.

• Prepare, maintain, and test business continuity plans as far as practicable.

• Report and investigate deviations, breaches, or suspected weaknesses in information security.

• Ensure that risk arising from the handling and storage of information remains within defined risk limits.

RESPONSIBILITY

Responsibility for implementing and maintaining this Information Security Policy is divided as follows:

• The Executive Management of Primex is responsible for the policy and its review.

• The Executive Management of Primex is responsible for the execution of the policy and for applying the appropriate procedures and processes to do so.

• The Executive Management of Primex is responsible for ensuring that contracts are made with contractors and suppliers to ensure compliance with this policy.

• Division managers are responsible for the information assets generated within their operating unit and for ensuring that employees follow the applicable rules and guidelines on information security.

• Company managers set the rules governing employee and contractor access to Company facilities.

• All employees of Primex are responsible for following the procedures and processes that ensure the implementation of this policy.

• Employees of Primex shall ensure that the implementation of access rules for customers, contractors, and suppliers to Company facilities is conducted in such a way that compliance with this policy is maintained.

• All employees must comply with this Information Security Policy. They must report security deviations and weaknesses relating to information security. Those who deliberately compromise the information security of Primex or its clients are subject to prosecution or other appropriate legal action.