Effective Date: 1 January 2025
Version: 2.0 — Ultra-Final (Djenie Edition)

1. INTRODUCTION

This Corporate Governance Statement outlines the governance structures, ethical standards, accountability systems, and compliance frameworks used by In Delay There Lies No Plenty Pty Ltd ACN 162 881 138 ATF Future Thinking Family Trust t/a Djenie ABN 98 399 797 036 (“Djenie”) to ensure responsible, transparent, and lawful management of its operations.
Djenie develops and maintains membership-management systems (including SMS v2), digital learning infrastructure, custom software, and consulting services across Australia and select international markets.

2. GOVERNANCE FRAMEWORK

Djenie maintains a robust governance framework structured around clear leadership and accountability:

Chief Executive Officer (CEO):

  • Provides strategic direction and corporate leadership
  • Ensures governance, compliance, and ethical operations

Data Protection Lead:

  • Oversees privacy compliance, cross-border transfers, and regulatory obligations
  • Maintains records of processing, DPIAs, and privacy-by-design

Security & Compliance Lead:

  • Oversees ISO-aligned security practices
  • Manages risk registers, supplier assurance, and incident response
  • Coordinates annual internal reviews and independent assessments

Technology Leadership:

  • Responsible for secure architecture design
  • Implements DevSecOps, secure development lifecycle (SDLC), and operational integrity

Board/Advisory Consultation:

  • External advisors may be consulted for legal, financial, and compliance oversight

3. ETHICAL CONDUCT

Djenie maintains an ethical culture underpinned by:

  • Code of Conduct
  • Whistleblower Policy
  • Responsible Disclosure Policy
  • Modern Slavery Statement
  • Anti-Bribery & Corruption commitments
  • Fair treatment, non-discrimination, and professional conduct standards

Employees, contractors, and partners must avoid conflicts of interest and comply with legal, operational, and contractual obligations.

4. RISK MANAGEMENT

Djenie operates an enterprise-wide risk management framework covering:

  • information security
  • privacy and personal data protection
  • operational reliability
  • cyber resilience
  • supplier and subprocessor oversight
  • financial misconduct and governance risks
  • business continuity and disaster recovery
    Risk controls follow:
  • ISO/IEC 27001:2022
  • ISO 22301 (Business Continuity)
  • NIST Cybersecurity Framework
  • Australian Privacy Act (APPs)
  • GDPR/UK GDPR
  • CPRA and PIPL requirements

High-risk suppliers undergo enhanced due diligence and regular reviews.

5. INFORMATION SECURITY GOVERNANCE

Security governance follows the Data Security & Protection Policy and includes:

  • encryption at rest and in transit
  • RBAC and MFA
  • secure SDLC
  • vulnerability management and patching
  • continuous logging and monitoring
  • incident response and breach-notification workflows
  • supplier security assessment and contractual controls

6. PRIVACY & DATA GOVERNANCE

Djenie manages Personal Data in accordance with:

  • Australian Privacy Act & APPs
  • GDPR / UK GDPR
  • China PIPL
  • CPRA
  • LATAM privacy frameworks
    Data governance includes:
  • lawful basis assessments
  • data minimisation
  • rights management for individuals
  • secure international data transfers
  • DPIAs and risk assessments
  • subprocessor oversight and transparency

7. STAKEHOLDER ENGAGEMENT

Djenie engages with:

  • customers and member organisations
  • regulators and external auditors where relevant
  • suppliers and technology partners
  • system users and administrators

Major governance changes and policy updates are communicated transparently through support and official communication channels.

8. ESG & SOCIAL RESPONSIBILITY

Djenie maintains ESG-aligned commitments, including:

  • accessible and inclusive digital design
  • ethical supply chains and modern slavery prevention
  • sustainable operational practices
  • diversity, fairness, and worker protection
  • responsible and safe use of AI consistent with OECD and NIST frameworks

9. CONTINUOUS IMPROVEMENT

Djenie continuously enhances governance by:

  • conducting internal reviews and audits
  • updating policies and controls following legal or technological changes
  • capturing lessons learned from incidents and assessments
  • engaging external advisors where beneficial

ANNEX A — DEFINITIONS

Governance: Processes ensuring accountability, transparency, and lawful conduct.
Risk Management: Identification, assessment, and treatment of risks.
Personal Data: Information about an identifiable individual under applicable laws.
Subprocessor: Third party engaged by Djenie to process Customer Data.
ESG: Environmental, Social, and Governance principles guiding responsible business practice.

VERSION CONTROL & GOVERNANCE

Version: 2.0 — Djenie Edition
Effective Date: 1 January 2025
Approval: Chief Executive Officer, Djenie
Change Summary: Rewritten from Cushi version; governance structure aligned with Djenie’s services, privacy and risk frameworks expanded, ESG integration reinforced.
Review Cycle: Annual or earlier as required.