IZO Information Security Policy
SYSTEM S.A.U.

‍

Izo System S.A.U. (hereinafter”IZO SYSTEM” or “IZO”) believes that the information, in particular
that relating to your customers, and the different information systems used for their treatment are
critical assets that must be adequately protected, whatever their form and means
storage, to ensure the proper functioning of IZO SYSTEM, safeguarding the
operation of your business and the right service to your customers.

‍
The security policy (hereinafter, the “Policy”) seeks to ensure proper management of
elements and information systems based on three basic pillars, which are key:

‍
• Your confidentiality, ensuring your accessibility in a unique and controlled way to
authorized people, processes or systems, preventing a disclosure from taking place
unauthorized of the same.
• Its integrity, preventing it from being manipulated by unauthorized third parties
malicious;
• Its availability, through authorization and its recovery in the event of incidents of
security that cause their loss or corruption.

‍
To achieve the established objectives in the area of Information Security, the
Policy establishes a series of procedures and actions, complying with the different
applicable rules and requirements in force at all times and maintaining a balance between
levels of risk and the efficient use of resources using proportionality criteria.

‍
The policy applies to all members of IZO SYSTEM and is established at the level of
group in Spain. In addition, this Policy will be extended to directly involved third parties
or indirectly with the correct operation of the services involved in IZO SYSTEM
establishing fundamental principles to develop the express commitment of IZO SYSTEM
in the continuous improvement of the information security management system.

‍

This policy was reviewed by the Security Committee and approved by the Senior Management of the
Information about IZO SYSTEM as of December 12, 2023.

‍