CYBERSECURITY POLICY

CONEXCON GROUP considers that the information and associated systems are critical assets that must be protected to ensure the proper functioning of the company. The Cybersecurity Policy is aimed at effectively managing the security of the information processed by the company's computer systems, as well as the assets that participate in its processes. This Policy aims to guarantee the confidentiality, integrity, availability and privacy of the information, and to comply with the Laws and Regulations in force at all times, maintaining a balance between risk levels and efficient use of resources, with proportionality criteria. This cybersecurity policy is applicable to all employees, managing directors and administrators of CONEXCON GROUP.

Basic principles

For this, the following basic principles are established:
- It guarantees that the Information and Telecommunications Systems available to CONEXCON GROUP possess the appropriate level of cybersecurity and resilience.

- It sensitizes all employees, contractors and collaborators about cybersecurity risks and guarantees that they have the knowledge, skills, experience and technological capabilities necessary to support the cybersecurity objectives of CONEXCON GROUP

- Strengthens prevention, detection, reaction, analysis, recovery, response, investigation and coordination capabilities in the face of new threats.

- Promotes the existence of adequate cybersecurity and resilience mechanisms for systems and operations managed by third parties that provide services to the Company.

- It is equipped with procedures and tools that allow it to adapt with agility to the changing conditions of the technological environment and to new threats.

- Collaborates with relevant government bodies and agencies for the improvement of the company's cybersecurity, compliance with current legislation and contributes to the improvement of cybersecurity in the international arena.

Management model

CONEXCON GROUP has a management model applicable to cybersecurity based on international and national regulations, so that it facilitates, by all means at its disposal and in proportion to the threats detected, the resources necessary for the organization to have an environment aligned with business objectives and established cybersecurity objectives.

The model defined by CONEXCON GROUP it's based on:
- A framework for the management of applicable cybersecurity measures through the establishment of a risk methodology approved by the management in which the objectives and goals of cybersecurity are set, as well as the principles of cybersecurity aligned with the strategy and the business objectives and consistent with the context where the company's activities take place.
- Mechanisms to align cybersecurity objectives and goals with compliance with legislative, regulatory and contractual requirements.
- Mechanisms to react to incidents that occur both in the management of the system and in the operating procedures that depend on it.
- The existence of a set of functions and responsibilities in terms of cybersecurity clearly defined and assigned in the corporate organization chart.
- Mechanisms for the global treatment of cybersecurity threats, including all appropriate activities for the treatment of security.
- A process of review and continuous updating of the cybersecurity management model to adapt it at all times to the cyber threats that arise and may affect CONEXCON GROUP.