The Management and the entire organization of GESTPLAST INGENIERÍA CONSULTING S.L. apply and manage Information Security criteria in the activity of DEVELOPMENT, IMPLEMENTATION, AND MAINTENANCE OF SOFTWARE FOR SOURCING PROCESS MANAGEMENT AND DIGITAL AUCTION MANAGEMENT IN SAAS MODALITY (SOFTWARE AS A SERVICE) INDUSTRIAL, preserving information from any external or internal threat that poses a potential or actual risk to the confidentiality, integrity, or availability of the information, basing the Information Security policy on:

• Compliance with Requirements

Compliance with the requirements established in the ISO 27001:2022 standard, legal and regulatory requirements, criteria established by our customers and by our ISMS, as well as compliance with the requirements of our relevant stakeholders.

• Continuous Improvement

From the Company’s Information Security Management System, with a focus on the protection and preservation of information, promoting the “active participation and involvement of our staff” and providing them with the necessary resources to advance the continuous improvement of the Company’s ISMS.

• HR Knowledge

Manage and increase knowledge of ISMS management, applicable regulations and legislation, as well as awareness-raising actions focused on the preservation of Company Information, through the innovation of new information management systems.

• Innovation

Technological innovation in our IT developments, enhancing the security and accessibility of information, as well as the efficiency of information management. This Information Security Policy is planned by Management and deployed in Objectives by the Organization, with the necessary resources being allocated for its implementation.

MANAGEMENT

November 13, 2024