Cyber Incident Response Plan (IRP)

1. Purpose and Goals

The purpose of this cyber incident response plan ("IRP") is to provide a structured and systematic incident response process for all information security incidents that affect any of TreasureHub's information technology ("IT") systems, network, or data, including TreasureHub's data held or IT services provided by third-party vendors or other service providers.

1.1 Specifically, TreasureHub's goals for this IRP include to:

• Define TreasureHub's cyber incident response process and provide step-by-step guidelines for establishing a timely, consistent, and repeatable incident response process.
• Assist TreasureHub and any applicable third parties in quickly and efficiently responding to and recovering from different levels of information security incidents.
• Mitigate or minimize the effects of any information security incident on TreasureHub, its users, customers, employees, or others.
• Help TreasureHub consistently document the actions it takes in response to information security incidents.
• Reduce overall risk exposure for TreasureHub.
• Engage stakeholders and drive appropriate participation in resolving information security incidents while fostering continuous improvement in TreasureHub's information security program and incident response process.

2. Scope

This IRP applies to all TreasureHub business groups, divisions, and subsidiaries; their employees, contractors, officers, and directors; and TreasureHub's IT systems, network, data, and any computer systems or networks connected to TreasureHub's network.

3. Accountability

TreasureHub has designated Alex MacDonald to implement and maintain this IRP (the "information security coordinator").

3.1 Information Security Coordinator Duties

Among other information security duties, the information security coordinator shall be responsible for:

• Implementing this IRP.
• Coordinating activities, including developing, maintaining, and following appropriate procedures to respond to, appropriately escalate, make decisions regarding, and document identified information security incidents.
• Conducting post-incident reviews to gather feedback on information security incident response procedures and address any identified gaps in security measures.
• Reviewing this IRP at least annually, or whenever there is a material change in TreasureHub's business practices that may reasonably affect its cyber incident response procedures.

4. Definitions

4.1 "Confidential Information"

Confidential information means information that may cause harm to TreasureHub or its users, employees, or other entities or individuals if improperly disclosed, or that is not otherwise publicly available.

4.2 "Personal Information"

Personal information means any information relating to an identified or identifiable natural person that TreasureHub owns, licenses, or maintains and that is from or about an individual including, but not limited to:

• First and last name
• Home or other physical address, including street name and name of city or town
• Email address or other online information, such as a user name and password
• Telephone number
• Government-issued identification or other number
• Financial or payment card account number
• Date of birth
• Health information, including information regarding the individual's medical history or mental or physical condition, or medical treatment or diagnosis by a health care professional, created or received by TreasureHub
• Any information that is combined with any of the above

4.3 "Information Security Incident"

Information security incident means an actual or reasonably suspected:

• Loss or theft of confidential or personal information
• Unauthorized use, disclosure, acquisition of or access to, or other unauthorized processing of confidential or personal information that reasonably may compromise the privacy or confidentiality, integrity, or availability of confidential or personal information
• Unauthorized access to or use of, inability to access, loss or theft of, or malicious infection of TreasureHub's IT systems or third party systems that reasonably may compromise the privacy or confidentiality, integrity, or availability of confidential or personal information or TreasureHub's operating environment or services

5. Incident Response Personnel

The incident response personnel consists solely of Alex MacDonald at this moment, and he is responsible for responding to information security incidents. Alex MacDonald is also considered the information security coordinator for the purposes of this IRP.

5.1 Responsibilities

Alex MacDonald is responsible for:

• Addressing information security incidents in a timely manner, according to this IRP.
• Managing internal and external communications regarding information security incidents.
• Reporting findings to applicable authorities, as appropriate.
• Reprioritizing other work responsibilities to permit a timely response to information security incidents on notification.

6. Incident Response Procedures

6.1 Detection and Discovery

TreasureHub shall develop, implement, and maintain procedures to detect, discover, and assess potential information security incidents through automated means and individual reports.

• Automated Detection: TreasureHub shall develop, implement, and maintain automated detection means and other technical safeguards.
• Reports from Employees: Employees shall immediately report any actual or suspected information security incident to Alex MacDonald.
• Reports from External Sources: External sources who claim to have information regarding an actual or alleged information security incident should be directed to Alex MacDonald.

6.2 Containment, Remediation, and Recovery

TreasureHub shall develop, implement, and maintain procedures to contain any data or cybersecurity breaches, and remediate and recover the data if possible.

6.3 Communications and Notifications

For each identified information security incident, Alex MacDonald shall determine and direct appropriate internal and external communications and any required notifications.

• Authorities: Notify applicable regulators, law enforcement, or other authorities.
• Affected Individuals: If an applicable breach of personal information occurs, prepare and distribute notifications to affected individuals.
• Cyber Insurance Carrier: Notify TreasureHub's cyber insurance carrier according to the terms and conditions of its current policy.
• Others: Notify users or business partners according to current agreements.

6.4 Post-Incident Review

At a time reasonably following each identified information security incident, the information security coordinator shall assess the incident and TreasureHub's response, including monitoring and coordinating completion of any follow-up actions.

7. Plan Review

TreasureHub will review this IRP at least annually, or whenever there is a material change in TreasureHub's business practices that may reasonably affect its cyber incident response procedures. Plan reviews will also include feedback collected from post-incident reviews and training and testing exercises. The information security coordinator must approve any changes to this IRP and is responsible for communicating changes to affected parties.

8. Contact Information

Send any suggested changes or other feedback on this IRP to Alex MacDonald.