Information Security

Policy

1.0 Purpose

NOATUM adopts the following Information Security Policy (“Policy”) as a measure to protect the confidentiality, integrity and availability of corporate information, as well as any other information stored, processed or transmitted.

2.0 Scope

This policy applies to all employees or subcontracted staff of NOATUM, or any subsidiaries thereof, who access, process or store corporate data.

3.0 Policy

3.1 NOATUM’s Commitment
NOATUM is aware of the importance of information security to our company in order to protect our assets and ensure the continuity of business, compliance with applicable regulations and an optimum degree of competitiveness in the current market.

For this reason, NOATUM has developed this Information Security Police and the corresponding standards and guidelines to guarantee the confidentiality, integrity and availability of information.

With this policy, NOATUM’s management seeks to define the most suitable policy and procedures for NOATUM to launch a process of improvement of the information security, convinced that it will result in increased efficiency and reliability of NOATUM’s business processes.

This information security policy is included in the Information Security Management System implemented by NOATUM, which represents NOATUM’s management commitment to a continual improvement process that guarantees the proper development of the organization concerning information security and compliance with all applicable requirements in this respect.

The final aim of the present document is to provide the best service to our customers, protect sensible and personal information, align with the group’s polices and improve our processes.

For the above reasons, NOATUM’s management wishes to reflect explicitly its awareness and approval of all polices conatined herein so that all members of the staff should know and adopt them as part of their working duties.

To make this possible, the company will allocate any tools or resources required to appropriately develop the measures contained herein, both during implementation and during any subsequent stages.

3.2 Information Security Policy
All corporate data shall be protected during their entire life span in the manner that NOATUM deems reasonable and appropriate in accordance with the sensibility, value and significance of the information. To that end, this policy is supported by the new Information Classification Policy, which identifies and defines in detail the different levels to be applied in accordance with the nature and contents of the information, thus serving as guideline or reference.

4.0 Policy Enforcement

Any employee who contravenes this policy may be subject to disciplinary proceedings.

5.0 Definitions

TERMS AND DEFINITIONS

Availability
Ensure that any authorized users can access the information and any related assets when needed.

Confidentiality
Ensure that the information can be accessed only by those who are authorized to do so.

Corporate Data
Can be defined as any data, or information derived from such data, owned by NOATUM.

Information Systems
Any electronic system that stores, processes or transmits information.

Integrity
Safeguard the accuracy and completeness of the information and of the data processing methods.