NEO

Information Security Policy

Due to the importance of information systems, Neo Group implements through its management the following fundamental principles of security of information.

Regulatory compliance

All information systems shall comply with any applicable law, regulation and business’ industry requirements, that affect information security, especially those related to the protection of personal data, IT systems, data, electronic communications and services

Risk management

Risks must be minimised to acceptable levels and security controls must be adequate and coherent with the nature of the information. Security’s objectives must be established, reviewed, and be consistent with information security requirements.

Training and awareness

Training programs and awareness campaigns shall be organised for all users with access to information, in connection with the field of information security.

Availability, integrity and confidentiality:

The availability of information must be guaranteed, ensuring the continuity of business processes through contingency plans.

The integrity of the information with which any user works on daily basis must be ensured, so that it is concise and precise, emphasising the accuracy of both its content and the processes involved.

The confidentiality of the information must be guaranteed, in such a manner that only authorised persons have access to it.

Proportionality

Assets security risk must be managed by seeking a balance between security measures, the nature of the information and the risk.

Responsibility

All employees of Neo are responsible for their conduct and actions regarding information security and must comply with the established rules and controls.

Continuous improvement

The degree of effectiveness of the security controls implemented in the organisation will be reviewed periodically to ensure the capacity to adapt them to the constant evolution of risk and the technological environment and context of the organisation.

Consistent with the responsibility assumed and convinced that information security management is essential for the future and excellence of the organisation, Neo team management is committed to provide the necessary resources to comply with this policy.

In accordance with this policy, security objectives are established at all levels, monitoring the degree of compliance, so that we can measure the improvement.

Neo team management periodically reviews the Information Security Management System (ISMS) with the commitment to ensure the correct and effective development, continuous improvement, and that it adapts to new applicable legal, regulatory and business requirements.

Approved: September 2024