KEY MANAGEMENT POLICY

MYBITSTORE TECHNOLOGIES LIMITED.

October 2023.
1. Introduction

The Companies block chain account key is a valuable asset to the company and access to it must
be managed with care to ensure that confidentiality, integrity, and availability are maintained.
Restriction on its access helps mitigate the risk of unauthorized disclosure and tampering. It also
ensures that access to Company assets is only granted to those with authorization. This policy
sets out the principles and rules relating to when and how Company block chain keys are
accessed.

2. Scope.

The policy covers the application of keys to its crypto account.

3. Objectives.

The purpose of this policy is to establish specific minimum standards and responsibilities for
authorization and access to the company block chain keys. This policy is designed to ensure that
the Company manages its blockhain keys in a consistent manner and to appropriately safeguard
access to all its Company keys.

4. Responsibilities

It is the responsibility of persons who have access to the keys to keep same confidential and to
not disclose same except in accordance with this policy.

5. Cryptographic Keys

I. The Cryptographic keys are required to access data and systems on the company’s blockhain
account. The Company takes the following approach in the management of these keys:

a) The first six keys shall be released to the Operation Manager and in his absence the keys shall
be disclosed to an officer acting in his absence.

b. the second part of the key shall be released to the Chief Technology Officer and in his
absence shall be disclosed and left in the custody of the officer acting in his absence.
c. The third part of the key shall be released to the Company’s Legal Counsel and in his/her
absence the key shall be disclosed to the officer acting in her absence.

d. The last part of the key shall be in the custody of the chief Executive Officer.

e. All four parts of the keys shall be required in accessing the block chain account of the
Company. An initiation of access shall require notice to all officers aforementioned in
paragraphs a, b,c,d. A release of the keys by these officers shall cumulatively grant access to the
Company’s account.

II. Access to cryptographic keys must be restricted to authorized staff with administration rights
only Procedures must be followed to ensure that requests for cryptographic keys can be
appropriately authorized, provided in a timely manner and appropriately recorded.

III. Cryptographic keys must be securely managed and protected though their whole lifecycle.
This includes protection against modification, loss, unauthorized access/use, or disclosure.
Cryptographic key lengths and use must be in accordance with all relevant Company policies,
procedures and in accordance with professional best practices. In the event of a cryptographic
key being compromised notice of same shall be immediately communicated to the CEO and
CTO. In the event of a compromise on their part, notice of same shall be made to the Chairman
of the board.

6. Policy Compliance.

I. Compliance with this policy will be continually verified through on-going monitoring and
internal and external audits. Exemptions to this policy may be applied where there is a clear
business/technical need, where risks are appropriately managed and when the exemption is
approved by a relevant and authorized party.

II. Policy Implementation The implementation of this policy will be supported by ongoing
training and dedicated systems and controls. The Company will ensure that this policy is
appropriately implemented through the continuous monitoring and management. All authorized
officers with parts of the keys in their custody are responsible for ensuring that this policy is
adhered to.