Neftaly Human Capital Non-Disclosure Management Policy, Procedures, Processes, Templates, Documents and Forms NeftalyP321

Document Code: NeftalyP321
Approved By: Chief Executive Officer (CEO)

Date Approved: 30 October 2025

Review Date: 29 November 2026

Policy Owner: Neftaly Chief Human Human Capital, NeftalyCHCR

NeftalyP321-1 Policy Statement

NeftalyP321-1-1 Neftaly is committed to maintaining the highest standards of confidentiality, trust, and integrity within its Human Capital operations. The Neftaly Human Capital Non-Disclosure Management Policy (NeftalyP321) establishes the framework for protecting confidential, proprietary, and sensitive information belonging to Neftaly, its partners, Human Capital, clients, and stakeholders.

NeftalyP321-1-2 This policy ensures that all Human Capital and representatives of Neftaly understand their legal and ethical obligations regarding the handling, sharing, and safeguarding of information obtained during the course of their work.

NeftalyP321-2 Purpose

NeftalyP321-2-1 The purpose of this policy is to:

NeftalyP321-2-1-1 Protect Neftaly’s intellectual property, business data, and sensitive information from unauthorized disclosure or misuse.
NeftalyP321-2-1-2 Define procedures for managing Non-Disclosure Agreements (NDAs) with Human Capital, contractors, partners, and stakeholders.
NeftalyP321-2-1-3 Ensure compliance with applicable data protection and confidentiality laws.
NeftalyP321-2-1-4 Build a culture of accountability and integrity across all Neftaly operations.

NeftalyP321-3 Scope

NeftalyP321-3-1 This policy applies to:

NeftalyP321-3-1-1 All Neftaly Royals, Deputy Chiefs, Officers, and Human Capital.
NeftalyP321-3-1-2 All contractors, consultants, suppliers, and partners engaged by Neftaly.
NeftalyP321-3-1-3 Any person or entity accessing or handling Neftaly’s confidential information.

NeftalyP321-4 Definitions

NeftalyP321-4-1 Confidential Information: Any non-public information related to Neftaly’s operations, financials, programs, strategies, or stakeholders.
NeftalyP321-4-2 Non-Disclosure Agreement (NDA): A legally binding contract prohibiting the sharing of confidential information without authorization.
NeftalyP321-4-3 Authorized Personnel: Individuals permitted by the Chief Human Capital Officer or Chief Executive Officer to access specific information.
NeftalyP321-4-4 Breach of Confidentiality: Any unauthorized access, disclosure, duplication, or distribution of confidential or sensitive data.
NeftalyP321-4-5 Secure Storage: The approved method of storing information, whether physical (locked storage) or digital (encrypted systems).

NeftalyP321-5 Guiding Principles

NeftalyP321-5-1 Confidentiality: All information must be protected according to its classification and importance.
NeftalyP321-5-2 Integrity: Human Capital must handle information with honesty and professionalism.
NeftalyP321-5-3 Accountability: Each individual is responsible for the proper handling of sensitive information.
NeftalyP321-5-4 Security: Appropriate safeguards must be in place to prevent unauthorized access or disclosure.
NeftalyP321-5-5 Compliance: All activities must comply with NeftalyP108 (Confidentiality Management Policy) and relevant data protection laws.

NeftalyP321-6 Roles and Responsibilities

Role	Responsibilities
Chief Executive Officer (CEO)	Approves all Non-Disclosure policies, agreements, and high-level exceptions.
Chief Human Capital Officer (CHCO)	Oversees NDA management, compliance monitoring, and enforcement.
Royal Directors	Ensure NDAs are implemented and adhered to within their divisions.
Deputy Chiefs	Support Royal Directors in managing confidentiality adherence.
Officers	Facilitate NDA execution and maintain secure document records.
Human Capital	Sign NDAs and strictly comply with confidentiality rules.
Governance Office	Maintains NDA logs, archives, and compliance reports.

NeftalyP321-7 Procedures

NeftalyP321-7-1 Non-Disclosure Agreement Execution

NeftalyP321-7-1-1 All new Human Capital, contractors, or partners must sign a Non-Disclosure Agreement (NeftalyF321-01) before accessing confidential information.
NeftalyP321-7-1-2 The CHCO or authorized Officer ensures proper completion and signature of the NDA.
NeftalyP321-7-1-3 Executed NDAs are stored in the Confidential Archive Register (NeftalyD321-01).
NeftalyP321-7-1-4 Digital copies must be encrypted and stored in approved systems only.

NeftalyP321-7-2 Information Classification

NeftalyP321-7-2-1 Information must be classified into one of the following categories:
- Public: Information available to the public.
- Internal: Information limited to Neftaly Human Capital.
- Confidential: Sensitive information requiring authorized access.
- Highly Confidential: Critical information restricted to executive-level access.

NeftalyP321-7-2-2 Each document or data file must be labeled accordingly before distribution.

NeftalyP321-7-3 Information Handling and Access

NeftalyP321-7-3-1 Confidential data must only be shared through authorized and secure channels.
NeftalyP321-7-3-2 All storage devices, folders, and communication systems must have access controls.
NeftalyP321-7-3-3 Hard copies must be stored in secure, lockable storage units within Royal offices.
NeftalyP321-7-3-4 Unauthorized copying, downloading, or transferring of data is strictly prohibited.

NeftalyP321-7-4 Breach Management

NeftalyP321-7-4-1 Any suspected or confirmed breach of confidentiality must be reported immediately to the CHCO using the Confidential Breach Report Form (NeftalyF321-02).
NeftalyP321-7-4-2 The CHCO will initiate an investigation, assess the impact, and recommend corrective actions.
NeftalyP321-7-4-3 Disciplinary measures may include written warnings, suspension, termination, or legal proceedings.
NeftalyP321-7-4-4 The Governance Office will log and track all incidents in the Breach Register (NeftalyD321-02).

NeftalyP321-7-5 Exit Process and Termination

NeftalyP321-7-5-1 Upon resignation or termination, all departing Human Capital must return or destroy any confidential information in their possession.
NeftalyP321-7-5-2 The Exit Non-Disclosure Declaration Form (NeftalyF321-03) must be signed to confirm compliance.
NeftalyP321-7-5-3 The Governance Office ensures all access rights are revoked and documents are archived.

NeftalyP321-8 Processes

Stage	Action	Responsible Party	Output
Onboarding	Execute NDA	Officer / Human Capital	Signed NDA
Classification	Label and secure data	CHCO / Officer	Classified Records
Access Control	Assign access levels	Royal Director / Governance Office	Access List
Monitoring	Track compliance	CHCO / Governance Office	Compliance Report
Incident Handling	Investigate breaches	CHCO / Royal Director	Breach Report
Exit Process	Collect data and revoke access	Officer / Governance Office	Exit Declaration

NeftalyP321-9 Templates, Documents, and Forms

Code	Document Name	Purpose
NeftalyF321-01	Non-Disclosure Agreement Form	Formal agreement for confidential data protection.
NeftalyD321-01	Confidential Archive Register	Logs all signed NDAs and their retention periods.
NeftalyF321-02	Confidential Breach Report Form	Used to report and investigate breaches.
NeftalyD321-02	Breach Register	Maintains record of all confidentiality breaches.
NeftalyF321-03	Exit Non-Disclosure Declaration Form	Confirms return or destruction of confidential data.

NeftalyP321–10 Compliance

NeftalyP321-10-1 All Neftaly Royals, Officers, and Human Capital are required to adhere to this policy.
NeftalyP321-10-2 Violation of confidentiality obligations may result in termination of engagement and/or legal action.
NeftalyP321-10-3 All data handling must comply with NeftalyP137 (Data Management Procedure) and applicable national laws.

NeftalyP321-11 Monitoring and Review

NeftalyP321-11-1 The CHCO and Governance Office will review this policy annually to ensure alignment with Neftaly’s operational framework and evolving data protection standards. Any amendments must be approved by the CEO before enforcement.

NeftalyP321-12 Approval

Policy Owner:
Neftaly Chief Human Capital Officer (CHCO)

Approved By:
Neftaly Malatjie
Chief Executive Officer