At GKC, we prioritize the security of your systems, including the GKC services and deliverables that you access and use (together, “your systems”). We encourage you to properly manage all user IDs, unique names, passwords, authentication credentials, Public Key Infrastructure (PKI) keys, API keys, other access keys, and other sensitive or confidential authentication data (“Secrets”).

Customer-Managed Secrets: You (the customer) agree to maintain and manage all Secrets required for access to and use of your systems. Without limiting the previous sentence, you must:

• not permit any other person to use your Secrets, including not disclosing or providing your Secrets to any other person; and

• immediately notify GKC if you become aware of any disclosure or unauthorised use of your Secrets.

Provision of Access: You must store, maintain and manage your Secrets by means of secure credential management solutions such as Azure Key Vault, 1Password, or any other industry-recognized password management tool. You are responsible for ensuring that these solutions are configured and maintained according to best practices and best security standards.

Best Practices: You must follow industry best practices for credential management and review and update your security policies regularly to mitigate risks associated with the handling and storage of Secrets.

Temporary Storage of Secrets: In cases where it is unavoidable for GKC to temporarily store any Secrets on your behalf (which GKC will only do if it agrees to that storage), GKC uses commercially reasonable efforts to secure these Secrets within GKC’s password management systems. GKC personnel access to stored Secrets is restricted based on role and necessity, and all access is regularly audited. You must use best efforts to minimise the use of this temporary storage.

Liability Waiver: Despite GKC’s commercially reasonable efforts to secure temporarily stored Secrets, you agree that GKC will not be liable or responsible for any damages or losses resulting from, or connected to, any breaches or unauthorized access to these Secrets.

Indemnification: You indemnify and hold harmless GKC from or in connection with any and all claims, damages, losses, or expenses (including legal fees on a solicitor and own client basis) arising out of or in connection with any breach of security, unauthorized access, or misuse of Secrets, including where those Secrets are managed or temporarily stored by GKC except in cases of gross negligence or wilful misconduct by GKC in respect of those Secrets.

By understanding and adhering to these terms, you help ensure the highest level of security and accountability in GKC’s partnership with you. For more detailed terms, please refer to GKC’s comprehensive Terms of Trade which apply to your use of GKC’s services and deliverables.