Security Policy

Information Security Policy

1. Declaration

Westudyaway (WESTUDYAWAY LTD, hereinafter referred to as “The Company”) considers the correct management of information a very important factor, therefore declares the Information Security Policy a practice to which all its procedures will respond, will comply with it the rules, as well as the rules included in the Privacy Policy, in order to ensure that its customers can take advantage of the related services in total safety.

2.Purpose and scope of application

This Policy protects the information of all commercial and financial activities under the control of the Company (including personal information), the information on offices and employees (regular, under contract, temporary, part-time, trainees, and interns), is applied to all people who use any of our resources, including contracting third parties.

3. Applicable Laws and Jurisdiction

The Company will comply with various laws and ordinances concerning information security and other guidelines and norms established by the Government.

4. Information Security Regulations

The Company will establish information security rules stating the basic requirements that are necessary in order to determine which actions and judgments should abide by the information security measures.

5.Information Security Management System

The company will develop an Information Management System and implement it in a unified and uniform way.

6.Security Incidents and Accidents

It is unlikely that an information security problem will occur, however, in the event the Company will respond promptly in order to minimize the damage. It will also undertake to take the necessary measures to prevent the inconvenience from occurring again.

7.Information Security Education and Training

The Company will instruct and train executives, employees and contracting third parties to know the importance of information security in order to ensure that it is managed appropriately.

8. Evaluation of information security measures implementation status and continuous improvement

In order to confirm that the information security policy and regulations are being complied, the Company will evaluate periodically the status of information security implementation and will aim for continuous improvement.

9.Revision or Abolition of Documents

The revision or abolition of this policy is drafted by the Information Security Committee and requires the approval of the Board of Directors.

Date of enactment: 15thSeptember, 2019