Cyber Incident Response Plan (IRP)

1. Purpose and Goals

The purpose of this cyber incident response plan ("IRP") is to provide a structured and systematic incident response process for all information security incidents (as defined in Section 4.3) that affect any of Energy Marketplace, LLC's ("Energy Marketplace") information technology ("IT") systems, network, or data, including Energy Marketplace's data held or IT services provided by third-party vendors or other service providers.

1.1 Goals

Specifically, Energy Marketplace's goals for this IRP include to:

• Define Energy Marketplace's cyber incident response process and provide step-by-step guidelines for establishing a timely, consistent, and repeatable incident response process.
• Assist Energy Marketplace and any applicable third parties in quickly and efficiently responding to and recovering from different levels of information security incidents.
• Mitigate or minimize the effects of any information security incident on Energy Marketplace, its users, customers, employees, or others.
• Help Energy Marketplace consistently document the actions it takes in response to information security incidents.
• Reduce overall risk exposure for Energy Marketplace.
• Engage stakeholders and drive appropriate participation in resolving information security incidents while fostering continuous improvement in Energy Marketplace's information security program and incident response process.

1.2 Legal Compliance

Energy Marketplace developed and maintains this IRP as may be required by applicable laws and regulations.

2. Scope

This IRP applies to all Energy Marketplace business groups, divisions, and subsidiaries, if any; their employees, contractors, officers, and directors; and Energy Marketplace's IT systems, network, data, and any computer systems or networks connected to Energy Marketplace's network.

2.1 Other Plans and Policies

Energy Marketplace may, from time to time, approve and make available more detailed or location or work group-specific plans, policies, procedures, standards, or processes to address specific information security issues or incident response procedures. Those additional plans, policies, procedures, standards, and processes are extensions to this IRP.

3. Accountability

Energy Marketplace has designated Alex MacDonald to implement and maintain this IRP (the "information security coordinator").

3.1 Information Security Coordinator Duties

Among other information security duties, as defined in Energy Marketplace's information security policy ("ISP"), the information security coordinator shall be responsible for:

• Implementing this IRP.
• Coordinating activities, including developing, maintaining, and following appropriate procedures to respond to, appropriately escalate, make decisions regarding, and document identified information security incidents (see Section 6).
• Conducting post-incident reviews to gather feedback (if any) on information security incident response procedures and address any identified gaps in security measures (see Section 6.5).
• Reviewing this IRP at least annually, or whenever there is a material change in Energy Marketplace's business practices that may reasonably affect its cyber incident response procedures (see Section 7).

3.2 Enforcement

Violations of or actions contrary to this IRP may result in disciplinary action, in accordance with Energy Marketplace's information security policies and procedures and human resources policies.

4. Definitions

The terms defined below apply throughout this IRP:

4.1 "Confidential Information"

Confidential information means information as defined in Energy Marketplace's ISP, available upon contacting Alex MacDonald, that may cause harm to Energy Marketplace or its users, employees, or other entities or individuals if improperly disclosed, or that is not otherwise publicly available.

4.2 "Personal Information"

Personal information means any information relating to an identified or identifiable natural person/individually identifiable information as defined in Energy Marketplace's ISP, available upon contacting Alex MacDonald, that Energy Marketplace owns, licenses, or maintains and that is from or about an individual including, but not limited to:

• First and last name;
• Home or other physical address, including street name and name of city or town;
• Email address or other online information, such as a user name and password;
• Telephone number;
• Government-issued identification or other number;
• Financial or payment card account number;
• Date of birth;
• Health information, including information regarding the individual's medical history or mental or physical condition, or medical treatment or diagnosis by a health care professional, created or received by Energy Marketplace; and
• Any information that is combined with any of (a) through (h) above.

4.3 "Information Security Incident"

Information security incident means an actual or reasonably suspected:

• Loss or theft of confidential or personal information;
• Unauthorized use, disclosure, acquisition of or access to, or other unauthorized processing of confidential or personal information that reasonably may compromise the privacy or confidentiality, integrity, or availability of confidential or personal information; or
• Unauthorized access to or use of, inability to access, loss or theft of, or malicious infection of Energy Marketplace's IT systems or third party systems that reasonably may compromise the privacy or confidentiality, integrity, or availability of confidential or personal information or Energy Marketplace's operating environment or services.

5. Incident Response Personnel

The incident response personnel consists solely of Alex MacDonald at this moment, and he is responsible for responding to information security incidents. Alex MacDonald is also considered the information security coordinator for the purposes of this IRP.

5.1 Responsibilities

Alex MacDonald is responsible for:

• Addressing information security incidents in a timely manner, according to this IRP.
• Managing internal and external communications regarding information security incidents.
• Reporting his findings to applicable authorities, as appropriate.
• Reprioritizing other work responsibilities to permit a timely response to information security incidents on notification.

6. Incident Response Procedures

6.1 Overview

Energy Marketplace shall develop, maintain, and follow incident response procedures as defined in this Section 6 to respond to and document identified information security incidents.

• Energy Marketplace recognizes that following initial escalation, the information security incident response process is often iterative, and the steps defined in Sections 6.2 through 6.5 may overlap or Alex MacDonald may revisit prior steps to respond appropriately to a specific information security incident.
• Energy Marketplace may, from time to time, approve and make available more specific procedures for certain types of information security incidents. Those additional procedures and checklists are extensions to this IRP.

6.2 Detection and Discovery

Energy Marketplace shall develop, implement, and maintain procedures to detect, discover, and assess potential information security incidents through automated means and individual reports.

• Automated Detection. Energy Marketplace shall develop, implement, and maintain automated detection means and other technical safeguards.
• Reports from Employees or Other Internal Sources. Employees, or others authorized to access Energy Marketplace's IT systems, network, or data, shall immediately report any actual or suspected information security incident to Alex MacDonald. Individuals should report any information security incident they discover or suspect immediately and must not engage in their own investigation or other activities unless authorized.
• Reports from External Sources. External sources who claim to have information regarding an actual or alleged information security incident should be directed to Alex MacDonald. Employees who receive emails or other communications from external sources regarding information security incidents that may affect Energy Marketplace or others, security vulnerabilities, or related issues shall immediately report those communications to Alex MacDonald and shall not interact with the source unless authorized.
• Assessing Potential Incidents. Energy Marketplace shall assign resources and adopt procedures to timely assess automated detection results, screen internal and external reports, and identify actual information security events. Energy Marketplace shall document each identified information security incident with initial details.

6.3 Containment, Remediation, and Recovery

Energy Marketplace shall develop, implement, and maintain procedures to contain any data or cybersecurity breaches, and remediate and recover the data if possible.

6.4 Communications and Notifications

For each identified information security incident, Alex MacDonald shall determine and direct appropriate internal and external communications and any required notifications.

(a) Notifications. While Alex MacDonald may choose to authorize discretionary communications, certain laws, regulations, and contractual commitments may require Energy Marketplace to notify various parties of some information security incidents. If applicable to a specific information security incident, as required Alex MacDonald shall:

• Authorities. Notify applicable regulators, law enforcement, or other authorities.
• Affected Individuals. If an applicable breach of personal information occurs, prepare and distribute notifications to affected individuals.
• Cyber Insurance Carrier. Notify Energy Marketplace's cyber insurance carrier according to the terms and conditions of its current policy, including filing a claim, if appropriate.
• Others. Notify users or business partners according to current agreements.

6.5 Post-Incident Review

At a time reasonably following each identified information security incident, the information security coordinator, or a designate, shall assess the incident and Energy Marketplace's response.

(a) Follow-Up Actions. The information security coordinator shall monitor and coordinate completion of any follow-up actions.

7. Plan Review

Energy Marketplace will review this IRP at least annually, or whenever there is a material change in Energy Marketplace's business practices that may reasonably affect its cyber incident response procedures. Updates are communicated to all relevant personnel.

8. Reporting Security Incidents

To report a security incident or concern, contact us immediately: