Exhibit 11.2
JBDI HOLDINGS LIMITED
CYBERSECURITY POLICY
Effective as of October 1, 2024
The Board of Directors (the “Board”) of JBDI Holdings Limited (the “Company”) believes that it is in the best interests of the Company and its shareholders to adopt this Cybersecurity Policy (the “Policy”) to ensure that cybersecurity risk management remains a meaningful priority in our business strategy and operations. This Policy is designed to comply with and shall be interpreted to ensure compliance Item 16(K) of Form 20F to allow our shareholders and investors to ascertain our cybersecurity practices with sufficient detail to understand our cybersecurity risk profile.
| 1. | Administration |
Except as specifically set forth herein, this Policy shall be administered by the Board or, if so designated by the Board, a committee thereof (the Board or such committee charged with administration of this Policy, the “Administrator”). The Administrator is authorized to interpret and construe this Policy and to make all determinations necessary, appropriate, or advisable for the administration of this Policy. Any determinations made by the Administrator shall be final and binding on all affected individuals and need not be uniform with respect to each individual covered by the Policy. In the administration of this Policy, the Administrator is authorized and directed to consult with the full Board, or such other committees of the Board as may be necessary or appropriate as to matters within the scope of such other committee’s responsibility and authority. Subject to any limitation at applicable law, the Administrator may authorize and empower any officer or employee of the Company to take any and all actions necessary or appropriate to carry out the purpose and intent of this Policy (other than with respect to any recovery under this Policy involving such officer or employee).
| 1 |
| 2. | Cybersecurity Oversight Responsibility |
| a. | Establish and maintain a management strategy for cybersecurity which includes: |
| 1. | Identification: Proactively identify the manners in which our business could be materially impacted by cybersecurity risks, including: |
| 1. | Cybersecurity Incidents – an unauthorized occurrence on or conducted through its information system that jeopardizes the confidentiality, integrity, or availability of its information systems or any information residing therein | |
| 2. | Cybersecurity Threats – any potential occurrence that may result in an unauthorized effort to adversely affect the confidentiality, integrity, or availability of its information systems or any information residing therein. |
| 2. | Assessment: Periodically assess our risks relating to cybersecurity threats, including risks relating to our reliance on third parties, considering the likelihood and impact that could result from the manifesting of such risks, together with the sufficiency of existing policies, procedures, systems, and safeguards in place to manage such risks, including evaluating and if available obtaining cyber liability insurance, and aligning such cyber-risk management policies with the Company’s business needs by integrating cyber-risk analysis into significant business decisions. | |
| 3. | Management: Determine and implement reasonable safeguards to address any identified gaps in our existing processes and procedures, including annual cybersecurity awareness training emphasizing the use of strong passwords on all systems and aligning cyber-risk management policies with the Company’s needs by integrating cyber-risk analysis into significant business decisions and ensuring that the Company’s organization structure supports such cybersecurity goals. | |
| 4. | Evaluation: If a cybersecurity breach occurs, the Audit Committee will determine whether the Incident or Threat is “material” (.i.e. is there a substantial likelihood that a reasonable shareholder would consider it important in making an investment decisions or if it would have significantly altered the “total mix” of information made available?), assessing among other factors potential or actual financial impacts, reputational damage, and operational disruptions. | |
| 5. | Report: Establish and monitor an incident response approach requiring our Chief Financial officer to report to us, the full Board of Directors and legal counsel any cybersecurity concerns or events. | |
| 6. | Disclosure: To ensure compliance with SEC requirements and maintain overall stakeholder confidence in the Company, all material and known facts regarding the cybersecurity breach will be recorded, including their nature, scope, and financial implications, and a Form 6-K will be prepared and filed within four (4) business days after the determination that a “material” cybersecurity incident has occurred. |
| b. | Engage third parties to assist with evaluating the effectiveness of our risk-management and cybersecurity practices. |
| 3. | Effective Date; Retroactive Application |
This Policy shall be effective as of October 1, 2024 (the “Effective Date”).
| 4. | Amendment; Termination |
The Board may amend, modify, supplement, rescind or replace all or any portion of this Policy at any time and from time to time in its discretion, and shall amend this Policy as it deems necessary to comply with applicable law or any rules or standards adopted by a national securities exchange on which the Company’s securities are listed.
| 5. | Exhibit Filing Requirement |
A copy of this Policy and any amendments thereto shall be posted on the Company’s website and filed as an exhibit to the Company’s annual report on Form 20-F
| 2 |