Arvana is committed to the integrity and security of the sensitive data that it collects, maintains, and transmits across its computer systems. Over the ordinary course of our business, Arvana and its third-party service providers, such as charter booking services, collect, maintain, and transmit sensitive data including proprietary or confidential business information (such as operational data and personal information). The secure maintenance of this information is critical to our business and reputation.

Despite our efforts to implement robust security measures, in reliance on administrative, technical, and physical safeguards, our risk management strategies, and practices for protecting sensitive data are subject to certain limitations. A variety of factors give rise to these limitations including the evolving nature of cyber threats, resource constraints, and the inherent risks associated with the technologies we and third-party service providers employ. Arvana relies on third parties, including cloud vendors and consultants, for various business functions. Many of our third-party service providers have access to our information systems and data, and we rely on such third parties for the operation of our business. We oversee third-party service providers by conducting vendor diligence. Vendors are generally assessed for risk based on the nature of their service, access to data and systems and supply chain risk.

Arvana’s current risk management strategy may not fully account for or mitigate the risks posed by emerging technologies or the potential impact of these limitations on our business. Financial liabilities, damage to our reputation, and erosion of customer trust could negatively affect our business operations and financial condition.

We have adopted a cybersecurity governance structure to identify, assess, and manage material risks from cybersecurity threats that include a framework to respond to and assess internal and external threats to the security, confidentiality, and integrity of Arvana’s data and information systems. Under which framework management is responsible for assessing and managing material risks that arise from cybersecurity threats. We have not engaged third-party qualified contractors or claim any management expertise from which to draw in the event of cybersecurity threats.

When identified by management, cybersecurity threats are to be immediately reported to Arvana’s Audit Committee. The Audit Committee has primary responsibility for oversight of cybersecurity threats once a cybersecurity threat has been reported to it by management. Matters to be considered by the Audit Committee include management risks relating to data privacy, technology, and information security. The Audit Committee must also consider Arvana’s cyber security measures and the back-up of information systems, along with what steps Arvana has taken to monitor and control cybersecurity exposure. Further, the Audit Committee is tasked with the responsibility for conferring with management and Arvana’s auditors as to the adequacy and effectiveness of information safeguards, cybersecurity policies, and internal controls that impact information security. The Audit Committee will be briefed on any material cybersecurity incidents that might adversely affect our business at least once each year, such brief will include topics such as risk assessment, risk management, control decisions, service provider arrangements, security incidents, responses with recommendations for changes or updates to policies and procedures.

While Arvana has not experienced cybersecurity incidents in the past, it cannot guarantee that our cybersecurity safeguards will prevent breaches or breakdowns of our third-party service providers’ information technology systems, particularly in the face of continually evolving cybersecurity threats and increasingly sophisticated threat actors.

A cybersecurity incident could materially affect our business, results of operations, financial condition, and reputation, in addition to potentially subjecting us to government investigations, litigation, fines or damages.