Effective date: December 31, 2025

VYKN is committed to maintaining the confidentiality, integrity, and availability of information entrusted to us. Information security is a core component of our governance framework and supports our mission to deliver trusted regulatory technology and learning services.

This Information Security Statement outlines the principles and controls that underpin VYKN’s approach to protecting information assets.

1. Scope and Applicability

This Statement applies to:

· VYKN’s website and digital platforms

· Learning management systems and related services

· Information processed on behalf of clients, partners, and users

· Employees, contractors, and authorized third parties

It covers all forms of information, including personal data, confidential business information, and proprietary content.

2. Governance and Accountability

VYKN maintains clear accountability for information security through defined governance arrangements. Senior management is responsible for oversight of information security risks and ensuring that appropriate policies, procedures, and controls are implemented and maintained.

Information security responsibilities are assigned based on role and access requirements, following the principle of least privilege.

3. Risk Based Security Approach

VYKN adopts a risk based approach to information security. Security controls are designed and implemented based on:

· The sensitivity and criticality of information

· Legal and regulatory requirements

· Threat and vulnerability assessments

· Business and operational needs

Risks are reviewed periodically and controls are adjusted as required.

4. Technical and Organizational Measures

VYKN implements appropriate technical and organizational measures to protect information, which may include:

· Access controls and authentication mechanisms

· Role based access management

· Encryption of data in transit and, where appropriate, at rest

· Network security controls and monitoring

· Secure system configuration and patch management

· Logging, monitoring, and incident detection

· Segregation of environments where appropriate

Controls are reviewed regularly to ensure continued effectiveness.

5. Data Protection and Privacy Alignment

Information security controls are aligned with applicable data protection and privacy obligations. Measures are designed to support compliance with laws and regulations governing the protection of personal data and confidential information.

Access to personal data is restricted to authorized individuals who require such access to perform their duties.

6. Third Party and Supplier Security

VYKN conducts appropriate due diligence on third party service providers that may process or have access to information. Third parties are required to implement security measures appropriate to the nature of the services provided and are subject to contractual confidentiality and security obligations.

7. Incident Management

VYKN maintains procedures to identify, respond to, and manage information security incidents. This includes:

· Incident detection and reporting mechanisms

· Containment and remediation processes

· Assessment of impact and root cause

· Notification obligations where required by law or contract

Security incidents are reviewed to support continuous improvement.

8. Business Continuity and Resilience

VYKN takes reasonable steps to ensure the resilience and availability of its systems and services. Measures may include:

· Data backup and recovery processes

· Redundancy where appropriate

· Business continuity and disaster recovery planning

These measures are designed to minimize disruption and protect service availability.

9. Awareness and Training

Individuals with access to VYKN systems and information receive appropriate guidance on information security responsibilities. Awareness and training activities are designed to promote a security conscious culture and reduce the risk of human error.

10. Continuous Improvement

Information security is an ongoing process. VYKN regularly reviews and improves its security controls, policies, and procedures to address emerging threats, regulatory developments, and changes to business operations.

11. Statement Updates

This Information Security Statement may be updated periodically to reflect changes in legal requirements, technology, or business practices. The current version will be made available on VYKN’s website.

12. Contact

Questions relating to information security or this Statement may be directed to:

VYKN Email: contact@vykn.com