INFORMATION SECURITY POLICY STATEMENT

BAI Communications designs, builds and operates highly available communications networks – broadcast, radio,
cellular, Wi-Fi, digital – for our customers across the globe.

The objective of this Information Security Policy Statement is to ensure that BAI Communications (BAI) and its
companies deliver a consistently high level of information security throughout its business groups. BAI is committed to
implementing and maintaining compliance with ISO 27001, and to continuous, practical improvement of our
information security practices. This will help maintain our reputation in the industry and meet our legal/regulatory and
customers’ requirements.

BAI Communications commits to:

• Clearly understanding the requirements and expectations of our customers and relevant regulatory authorities
• Working closely with our customers and suppliers to deliver services in a security conscious fashion
• Ensuring every employee shares responsibility for effective information security
• Protecting its people, information, intellectual property, assets, activities and facilities against misuse, loss,
damage, disruption, interference, espionage, or unauthorised disclosure. It is also critical that we retain the
confidence of those who entrust sensitive information to BAI Communications.
• Developing and maintaining security policies and controls designed to meet the requirements of ISO 27001. The
policy statements contained in our Information Security Policy (ISP), procedures, guidelines, and standards, reflect
the minimum requirements necessary to maintain an acceptable standard for protecting our information assets
and, at the same time, our reputation.
• Implement an Information Security Management System (ISMS) and ensure it is maintained, continually
improved, and supported with adequate resources to achieve the objectives set in this Policy Statement.

Our approach to achieving these objectives is to enhance information security through investment in technology,
processes, and employee skills. This will improve the way we both manage our business and deliver services to our
customers. Underpinning our approach to information security is the Group Risk Management Framework which
allows the business to present threats, risks, and opportunities for management review. This allows the BAI leadership
team (including the Audit and Risk Committee and the Board) to ensure the risk profile of the business is accurate and
that risk mitigation efforts are focused on appropriately supporting strategic outcomes.

This policy statement shall be easily accessible to all staff and available on the BAI Communications intranet. It is also
available for public viewing on the web at www.baicommunications.com. Each member of staff is asked to take
particular care in their approach to security and to accept the important role they play in maintaining an effective
information security program throughout BAI Communications.

Effective: 30th day of June 2017

Jim Hassell
Group Chief Executive Officer, BAI Communications

BAI Communications comprises:

BAI Communications Pty Limited ABN 99 086 048 562
BAI Critical Communications Pty Limited ACN 133 800 129
_________________________________________________________________________________________________________________________________________________
bai communications | Information Security Policy Statement