IDONIKA aims to safeguard the security of information, whether personal or not, and for this purpose, establishes an Information Security system with the objective of ensuring the reduction of associated risks and cybersecurity, that information is accessible only to those users who have a legitimate need to perform their functions, that it is protected, available, and used for the purposes for which it was obtained. To achieve this, IDONIKA defines the following strategic objectives:

• Minimize the risks of loss of confidentiality, integrity, and availability of information received, generated, processed, and stored by IDONIKA.
• Support the company’s areas in ensuring the security of information assets that support business operations and information with personal data.
• Achieve awareness among employees regarding information security in the execution of their functions.
• Maintain an Information Security and Cybersecurity program that supports the organization’s strategic objectives and new business projects.
• Compliance with legal requirements, commitments made to clients and suppliers, and any regulations, internal rules, or guidelines to which the company is subject.
• Continuously improve the Information Security system.
• Promote awareness and training in information security.
• Ensure the ability to respond to emergency situations, restoring the operation of critical services as quickly as possible.

The Information Security Policy concerns all users and must be applied to all information created, processed, or used by IDONIKA, regardless of the medium, format, presentation, or location in which it is found. All security measures taken are aimed at protecting the information and the information systems that support it, including applications, operating system resources, telecommunications networks and media, and computer equipment, whether managed by IDONIKA or by companies or individuals expressly authorized for this purpose, such as those who have signed a service provision or data processing agreement with IDONIKA or legally authorized assignees. The Information Security and Cybersecurity Policy is focused on attempting to ensure the following three main scenarios:

• Compliance with confidentiality, which implies that critical, sensitive, private, or personal information managed by the organization is not stolen or accessed by unauthorized individuals.
• Minimize disruptions to availability, where the services provided by the organization are inaccessible or unusable.
• Ensure the integrity of information systems, avoiding data or system corruption within the organization that affects the accuracy or integrity of information and processing, and could also affect the availability of services.

The Information Security Policy will be developed through security regulations that address specific aspects and will be reviewed at least once a year and whenever there are relevant changes in the organization, to ensure that it aligns with the organization’s strategy and needs. This policy applies to all IDONIKA workplaces and is implemented within an Information Security framework in accordance with the ISO 27001:2013 standard.

Revision 1: February 22, 2023
Signed by Management