The following statement is the Information Security Policy Statement for Utmost Holdings Isle of Man Limited and its subsidiaries (Utmost Limited, Utmost Trustee Solutions Limited, Utmost Administration Limited and Utmost Services Limited), referred to below as ‘we’, ‘us’ or ‘our’. We have committed to implementing and maintaining an Information Security Management System, in accordance with the requirements of ISO 27001:2013. This covers the security of processed and stored information concerning customers, financial advisers and business partners associated with the provision of wealth management products and services. We handle information assets which can take various forms including, but not limited to, data printed or written on paper, stored electronically, transmitted by electronic means, stored on electronic media and spoken in conversations. Information assets may include personal data. Information will be protected from loss of confidentiality, integrity, and availability. Information relating to business partners, financial advisers, and customers must have adequate safeguards in place to protect it and to ensure compliance with the various applicable regulations, along with protecting our reputation and that of our business partners. We are committed to respecting the privacy of all our customers, protecting any customer data from outside parties, and ensuring that their requirements are met, unless otherwise required to do so by law. To this end, Management is committed to maintaining a secure environment in which to control and process confidential information. We are also committed to the overall continual improvement of the Information Security Management System, including Management setting and reviewing security objectives. The policy will be reviewed and updated by Management on an annual basis, or when relevant to include newly developed security standards in the policy, and re-distributed to all employees and contractors where applicable. This policy statement is communicated to all employees and is displayed on the website for external interested parties to access. This information security policy statement was approved by the Management Committee and is issued under the signature of the Chief Executive Officer (CEO).