CYBER-RESILIENCE AND INFORMATION MANAGEMENTValeura has established a cyber-resilience management system aligned with the Centre for Internet Security (CIS) Critical Security Controls framework. This system is reviewed quarterly to ensure it remains consistent with updates to the CIS standards and evolving threat landscapes. The Company%u2019s cyber-resilience management system encompasses policies, procedures, and dedicated services, such as a Network Operation Centre (NOC), Cyber-Security Operation Centre (SOC), and Cyber-Incident Response Plan. The system proactively identifies vulnerabilities-including unpatched software, phishing attempts, and suspicious activities-while assessing potential threats to business operations. When high-risk threats emerge, the system enables swift updates to address gaps. Performance is regularly monitored and reported to the management, with foundational work underway in 2024 to enable automation and the implementation of an AI-enhanced platform in 2025.To safeguard sensitive and confidential information, the Company enforces its Personal Data Protection Policy and Information Management Policy, which is aligned with legal requirements including Thailand%u2019s Personal Data Protection Act. A designated Data Protection Officer (DPO) and Personal Data Protection Committee (PDPC) oversee compliance, promote a culture of data protection, and report any privacy breaches.Valeura%u2019s Board oversees the Company%u2019s approach to cyber-resilience as part of the enterprise risk management process.CYBER-RESILIENCE AWARENESS PROGRAMMEObjective: Promoting Cyber-Resilience Awareness and KnowledgeValeura is committed to strengthening cyber-resilience through continuous education and awareness across the organisation. Cybersecurity training in 2024 covered practical topics on how to safeguard against cyber threats %u2013 whether at work, while travelling, or at home. Key areas included malware and ransomware protection, identifying insider threats, secure remote working practices, and Wi-Fi and mobile device security.As part of the programme, Valeura conducted regular phishing simulations to reinforce cybersecurity awareness. Mock phishing emails were circulated quarterly to all personnel %u2013 including the Board, executives, employees, and contractors %u2013 to cultivate vigilance and embed a cybersecurity-focused culture and raise awareness at every level of the organisation.Leveraging TechnologyValeura%u2019s approach to ensuring cyber-resilience and embracing innovation has broad-reaching benefits for the organisation at large, as highlighted in these examples:Zerosubstantiated complaints of breaches to data privacyin 2023 and 2024VALEURA ENERGY INC. 091