Quality and Information Security Policy

THE COMPANY has as one of its objectives to try to safeguard the Quality and Security of Information, whether personal or not, and for this purpose establishes a system of Quality and Security of Information in order to ensure the reduction of risks associated with it and cybersecurity, that the information is accessible only by those users who have a legitimate need to perform their functions, that it is protected, available and used for the purposes for which it was obtained. For this purpose, THE COMPANY defines the following strategic objectives:

• Minimize the risks of loss of confidentiality, integrity and availability of the information received, generated, processed and stored by THE COMPANY.
• Support the areas of the company in securing the information assets that support business operations and information with personal data.
• Raise employee awareness of the quality and security of information in the performance of their duties.
• Maintain a Quality and Information Security and Cybersecurity program that supports the organization’s strategic objectives and new business projects.
• Compliance with legal requirements, commitments acquired with customers and suppliers and all other regulations, internal standards or guidelines to which the company is subject.
• Continuously improve the Quality and Information Security system.
• Promote awareness and training in Information Quality and Security.
• Ensure the capacity to respond to emergency situations, restoring the operation of critical services in the shortest possible time.

The Information Quality and Security Policy concerns all users and must be applied to all information created, processed or used by THE COMPANY, regardless of the medium, format, presentation or place where it is located. All Quality and Security measures adopted are aimed at protecting the information and the information systems that support it, including applications, operating system resources, telecommunications networks and media, and computer equipment, whether managed by THE COMPANY or by those companies or personnel expressly authorized for this purpose, such as those who have signed a contract for the provision of services or data processing with THE COMPANY or legally authorized assignees. The Quality and Information Security and Cybersecurity Policy is focused on trying to ensure the following three major scenarios:

• Confidentiality compliance, which implies that critical, sensitive, private or personal information managed by the organization is not stolen or accessed by unauthorized persons.
• Minimize the impact on availability, where services provided by the organization are inaccessible or unusable.
• Ensure the integrity of information systems, avoiding the corruption of data or systems of the organization that affect the accuracy or integrity of information and processing, and that could also affect the availability of services.

The Quality and Information Security Policy will be developed through quality and security regulations that address specific aspects and will be reviewed at least once a year and whenever there are relevant changes in the organization, in order to ensure that it is appropriate to the strategy and needs of the organization itself. This policy is applied in all work centers of THE COMPANY, being implemented in a framework of Quality and Information Security in accordance with ISO 9001:2015 and ISO 27001:2022.