MEDIOS Y SERVICIOS TELEMÁTICOS, S.A. has, as one of its objectives, to safeguard Information Security, whether personal in nature or not. To this end, it establishes an Information Security system aimed at reducing the risks associated with it and with Cybersecurity, ensuring that information is accessible only to those users with a legitimate need to perform their duties, that it is protected and available, and that it is used for the purposes for which it was obtained. To this end, MEDIOS Y SERVICIOS TELEMÁTICOS, S.A. defines the following strategic objectives:

• To minimize the risks of loss of confidentiality, integrity, and availability of the information received, generated, processed, and stored by MEDIOS Y SERVICIOS TELEMÁTICOS, S.A.
• To support the company’s areas in ensuring the information assets that support business operations and information containing personal data.
• To raise employees’ awareness regarding information security and Cybersecurity in the performance of their duties.
• To maintain an Information Security and Cybersecurity program that supports the organization’s strategic objectives and new business projects.
• Compliance with legal requirements, commitments made to customers and suppliers, and any regulations, internal standards, or operating guidelines to which the company is subject.
• To continuously improve the Information Security system.

The Information Security and Cybersecurity Policy concerns all users and must be applied to all information created, processed, or used by MEDIOS Y SERVICIOS TELEMÁTICOS, S.A., regardless of the medium, format, presentation, or location. All security measures adopted are intended to protect the information and the information systems that support it, including applications, operating system resources, telecommunications networks and media, and IT equipment, whether managed by MEDIOS Y SERVICIOS TELEMÁTICOS, S.A. or by those companies or personnel expressly authorized for this purpose, such as those who have entered into a service provision agreement or a data processing agreement with MEDIOS Y SERVICIOS TELEMÁTICOS, S.A., or legally authorized assignees. The Information Security and Cybersecurity Policy is focused on seeking to ensure the following three main scenarios:

• Confidentiality compliance, which implies that critical, sensitive, private, or personal information managed by MEDIOS Y SERVICIOS TELEMÁTICOS, S.A. is not stolen or accessed by unauthorized persons.
• To minimize impacts on availability, whereby the services provided by MEDIOS Y SERVICIOS TELEMÁTICOS, S.A. become inaccessible or unusable.
• Integrity, preventing the corruption of data or systems of MEDIOS Y SERVICIOS TELEMÁTICOS, S.A. that affects the accuracy or integrity of information and processing, and that could also affect service availability.

The Information Security Policy will be developed through security regulations addressing specific aspects and will be reviewed at least once a year, and whenever there are relevant changes in the organization, in order to ensure that it is aligned with the organization’s strategy and needs.