Information Security Policy

1.5 INFORMATION SECURITY POLICY

Information Security is set as top priority for ISD S.A., in order to:

• Ensure full business compliance with relevant legal and regulatory requirements.

• Protect the company’s interests and those who deal with it and trust it for the use and distribution of their confidential data.

• Ensure the availability, integrity and confidentiality of the data produced, received and distributed.

• Maximize reliability of business information resources.

To achieve the above, ISD S.A. has implemented an Information Security Management System according to the ISO/IEC 27001 standard.

The implementation of the System aims at the following:

• To protect the stored files, computing resources and the information distributed at business services from every threat, internal or external, intentional or accidental

• To systematically assess and evaluate risks concerning information, ensuring their proper and on time management.

• Secure data filing, avoiding viruses and external invasions, access control on systems, recording every information security incident and managing unexpected events.

• Continuously informing management and personnel on Information Security and Data Protection issues.

The Chief Information Security Officer has the responsibility to control and monitor the system’s operation, as well as informing all involved personnel of the Information Security Policy.

All personnel involved in the described activities and procedures concerning Information Security are responsible for the application of the Policies and Procedures of the system.

The Management is committed to the achievement of the company's targets and to the observance of the principles related to Information Security and to continuous improvement of the Information Security Management System.