INFORMATION SECURITY POLICY KOC js fully committed to an effective Information Security Management System (ISMS) that facilitates secure business operations to support KOC’s mission and strategic objectives in managing and improving core business operations. KOC is committed to implementing information security industry leading practices in alignment with regulatory obligations, and that this policy is communicated, understood, implemented and maintained by relevant KOC Teams and regularly reviewed for continual improvement KOC will achieve this through 1. Implementing appropriate controls to protect Confidentiality, Integrity and Availability of all information and all supporting systems, applications and business processes; 2. Designing, operating, and managing its Information Security Management System (ISMS) to demonstrate effective Information Security controls and promote secure business environment; 3. Restricting & monitoring physical and logical access to Information & Information Processing facilities to authorized users only; 4. Assigning clear roles and responsibilities for all employees, providing necessary training, emphasizing the belief that Information Security is everyone's responsibility and empowering all employees to maintain security of Information; 5. Providing Information Security awareness to all KOC’s employees & contractors periodically; 6. Ensuring compliance with all relevant legal and regulatory requirements that are relevant to information security; 7. Evaluating and monitoring ISMS performance, investigating and learning from incidents, and proactively respond through periodic management reviews for continually improving the Information Security Policy, Management System, its implementation and Information Security performance. Top Management mandates all KOC employees and stakeholders to abide by the Information Security Policy. The line management and staff are responsible for the implementation of this Information Security Policy and accountable for their respective Information Security performance. MARCH, 2016 STATE OF KUWAIT a Jamal A\ Jaafar Chief Executl ve Officer