Information Security Summary

At BB Energy, we recognise the critical importance of information security in maintaining trust, supporting operations, and delivering value to our stakeholders. As part of our commitment to secure, uninterrupted service, we have implemented an Integrated Management System (IMS) aligned with ISO/IEC 27001:2022.

Our objectives are to:

• • Safeguard the confidentiality, integrity, and availability of all information we manage.

• • Ensure the continuity of security operations and minimize the impact of potential incidents.

• • Maintain compliance with applicable legal, regulatory, and contractual obligations.

To support these goals, we have established a framework to:

• • Define and periodically review information security objectives,

• • Allocate roles, responsibilities, and resources for effective implementation,

• • Promote employee competence through ongoing training, and

• • Drive continuous improvement based on risk assessments, audits, and stakeholder feedback.

Governance of information security at BB Energy extends to all areas and third parties within the defined scope of our IMS. We regularly assess risks, monitor performance, and maintain certification to ISO/IEC 27001:2022 as part of our proactive and responsible approach to security.

This policy reflects our unwavering focus on information security, fostering effective risk management and operational trust.