1. Purpose

The purpose of this Business Continuity Policy is to ensure that Score Financial Pte. Ltd. can continue to operate critical business functions during and after a disruptive event. This policy establishes the framework for identifying threats, assessing risks, and implementing strategies to protect personnel, assets, and services.

2. Scope

This policy applies to all employees, departments, systems, and operations of Score Financial Pte. Ltd. across all locations. It includes, but is not limited to: a. Natural disasters (e.g., earthquakes, floods) b. Technological incidents (e.g., system failures, cyberattacks) c. Human-caused events (e.g., terrorism, sabotage) d. Pandemic or public health emergencies

3. Policy Statement

Score Financial Pte. Ltd. is committed to: a. Maintaining and reviewing a Business Continuity Management System (BCMS) b. Identifying critical business processes and recovery time objectives (RTOs) c. Establishing and testing business continuity and disaster recovery plans d. Ensuring timely resumption of services with minimal impact e. Meeting applicable legal, regulatory, and contractual requirements

4. Roles and Responsibilities

Executive Management a. Provide oversight and strategic direction for business continuity efforts b. Approve continuity plans and allocate necessary resources Compliance Team a. Develop, implement, and maintain the BCMS b. Conduct business impact analysis (BIA) and risk assessments c. Coordinate training, awareness, and testing activities All Employees a. Participate in training and awareness programs b. Follow instructions during continuity events and drills

5. Business Impact Analysis (BIA)

BIA shall be conducted to: a. Identify and prioritize business functions b. Determine the impact of disruptions c. Define RTOs and recovery point objectives (RPOs)

6. Risk Assessment

Regular risk assessments will be performed to: a. Identify internal and external threats b. Evaluate the likelihood and impact of these threats c. Inform the development of mitigation strategies

7. Plan Development and Maintenance

The organization shall maintain: a. Business Continuity Plans (BCPs) for each critical function b. Disaster Recovery Plans (DRPs) for IT systems c. Emergency Response Plans (ERPs) for immediate incident response. Plans will be reviewed and updated at least annually or after any significant change.

8. Training and Awareness

All employees shall receive: a. Business continuity awareness training upon hire and annually thereafter b. Role-specific training as required c. Participation in simulation exercises and drills

9. Testing and Exercises

BCPs and DRPs will be tested at least annually to ensure effectiveness and readiness. Types of tests may include: a. Tabletop exercises b. Simulation drills c. Full operational recovery tests

10. Compliance and Review

This policy shall be: a. Reviewed annually and updated as needed b. Audited periodically to ensure compliance with internal policies and external requirements c. Supported by continuous improvement initiatives

11. Exceptions

Any exceptions to this policy must be approved in writing by Executive Management.