GENERAL INFORMATION SECURITY POLICY

Vocé Group has decided to define, implement, operate and continuously improve an Information Security Management System (ISMS), supported by clear guidelines focused on business needs and regulatory and normative requirements.

The protection of information seeks to reduce the impact generated on the assets, the risks are identified systematically in order to maintain a level of exposure that allows to respond for the integrity, confidentiality and availability of this.

Finally, it is very helpful to include the general description of other relevant policies to comply with the objectives set out in the Information Security Management System, since these are the support on which it is developed; they must be described in a simple, timely and very effective manner.

GENERAL OBJECTIVES

1. Understand and address operational and strategic information security risks so that they remain at acceptable levels for the organization.
2. Establish, maintain and improve the management system with security measures aimed at the protection of information assets, with a focus on preserving the integrity and confidentiality of information belonging to the organization, its clients and customers.
3. Maintain the availability of the services essential to support the operation of the
4. Implement a security incident management plan to efficiently detect, respond to and mitigate any breach or threat to the organization’s information.
5. Strengthen the information security culture in directors, managers, collaborators and third parties.

COMPLIANCE AND REVIEW

An annual review of this policy will be conducted and updated as necessary during such review. Its approval shall require the endorsement of senior management or its designee.

Any violation of the General Safety Policy or associated policies may result in sanctions as established in the internal work regulations.

As a record of the foregoing, it is approved on September 25, 2023.