Information Security Policy

OPIE Manufacturing Group Pty Ltd (“OPIE”, “we”, “our”, “us”) is committed to protecting the confidentiality, integrity and availability of the information entrusted to us by our customers, distributors, suppliers, employees and business partners.

This Information Security Policy outlines the principles used to safeguard information across the OPIE Platform, including our websites, ecommerce stores, customer portals, distributor portals and internal business systems.

This policy applies to:

• OPIE websites and online stores;
• customer and distributor portals;
• product configurators;
• AI-powered platform services;
• employees and contractors;
• third-party service providers acting on our behalf.

Our information security program is based on the following principles:

• Confidentiality
• Integrity
• Availability
• Least Privilege
• Defence in Depth
• Secure by Design
• Continuous Improvement

Access to systems and information is granted only to authorised users who require access to perform legitimate business functions.

Where appropriate we implement:

• role-based access controls;
• authentication measures;
• privileged access management;
• periodic access reviews; and
• prompt removal of unnecessary access.

We implement reasonable administrative, technical and organisational measures to protect information from unauthorised access, disclosure, alteration or destruction.

These measures may include:

• encrypted communications;
• secure authentication;
• secure backup processes;
• logging and monitoring;
• vulnerability management;
• secure software development practices.

Specific security controls may change over time as technology and threats evolve.

We engage carefully selected service providers to support our operations.

Where third parties process information on our behalf, we take reasonable steps to ensure appropriate contractual and security obligations are in place.

We monitor our systems to help:

• detect suspicious activity;
• identify security incidents;
• protect customer information;
• maintain platform availability;
• investigate suspected misuse.

Monitoring is conducted in accordance with applicable laws and our Privacy Policy.

OPIE maintains procedures for responding to suspected information security incidents.

These procedures are designed to:

• investigate incidents;
• contain threats;
• minimise disruption;
• restore services;
• notify affected parties where required by law;
• improve future resilience.

Users of the OPIE Platform also play an important role in protecting information.

Users should:

• protect account credentials;
• use strong passwords;
• report suspected compromise promptly;
• maintain appropriate device security;
• comply with our Acceptable Use Policy.

See our Acceptable Use Policy.

Information security is an ongoing process.

We periodically review our policies, technologies and procedures to respond to evolving threats, business requirements and regulatory expectations.

Security enquiries may be directed using the contact details published in the OPIE Platform Trust Centre.

Security enquiries: security@opiegroup.com.au

Suspected vulnerabilities should be reported in accordance with our Vulnerability Disclosure Policy.