Security Policy

Last updated: 1 January 2026

1. Information Security Commitment

Kennis Wiser Capital Ltd (“Kennis Capital”) is committed to protecting the confidentiality, integrity, and availability of all information assets under its control. This Security Policy establishes the framework by which we safeguard the data of our investors, partners, employees, and other stakeholders. Our approach to information security is aligned with industry best practices and the regulatory expectations of the Jersey Financial Services Commission.

2. Technical Security Measures

Kennis Capital employs a comprehensive suite of technical controls to protect information assets:

• Encryption: All data classified as Confidential or Restricted is encrypted at rest using AES-256 and in transit using TLS 1.3.
• Access controls: Role-based access control is enforced across all systems, with the principle of least privilege applied to all user accounts and service credentials.
• Multi-factor authentication: MFA is required for all access to production systems, investor portals, and administrative functions.
• Network security: Production environments are protected by firewalls, intrusion detection systems, and network segmentation to isolate sensitive workloads.
• Vulnerability management: Regular vulnerability assessments and penetration testing are conducted by qualified third parties. Critical and high-severity vulnerabilities are remediated within defined timescales.

3. Organisational Security Measures

• All staff and contractors undergo background checks and receive security awareness training upon onboarding and at regular intervals thereafter.
• Access to information systems is granted on a need-to-know basis and reviewed quarterly by management.
• Confidentiality and non-disclosure obligations are incorporated into all employment and contractor agreements.

4. Incident Reporting and Response

Kennis Capital maintains a documented incident response plan to address security incidents promptly and effectively. The plan covers:

• Identification and classification of security incidents according to severity.
• Immediate containment and remediation procedures to minimise impact.
• Notification to affected parties, including investors and regulatory authorities, where required under the Data Protection (Jersey) Law 2018 or other applicable legislation.
• Post-incident review and implementation of corrective measures to prevent recurrence.

To report a security concern or suspected incident, please contact security@kenniscapital.com.

5. Compliance and Standards

Our information security practices are designed to align with internationally recognised standards, including ISO 27001 and the NIST Cybersecurity Framework. We engage independent auditors to assess our security posture on an annual basis. Compliance with this Security Policy is monitored by the Compliance function, and any material deviations are reported to the Board of Directors.

6. Business Continuity

Kennis Capital maintains business continuity and disaster recovery plans that are tested and updated at least annually. These plans ensure that critical systems and data can be restored within acceptable timescales in the event of a disruption.

7. Contact

For questions regarding this Security Policy, please contact security@kenniscapital.com.