SPYRAL LABS SAS, focuses its experience and leadership, as well as its efforts and highly qualified team, to permanently ensure compliance with the requirements and expectations of stakeholders and improve their satisfaction by obtaining mutual benefits, through the provision of services and supply of products in the field of Information Security Technologies, and understanding the importance of proper management of information for organizations, its Information Security Management System is based to identify, treat risks and preserve the basic components of security, applied to the information of stakeholders, such as: confidentiality, integrity and availability, through the implementation of controls and monitoring mechanisms that ensure compliance with applicable legal, regulatory, contractual and organizational requirements for all personnel.

As part of the commitment to the Information Security Management System, SPYRAL LABS SAS allocates the necessary resources and promotes training, awareness and generation of culture within the organization for continuous improvement.

The general objectives for the Information Security Management System in SPYRAL LABS SAS are as follows:

1. Ensure appropriate levels of integrity, availability and confidentiality of information owned and/or managed by SPYRAL LABS SAS, users, customers, suppliers and other entities and persons related to the company.
2. Establish and periodically review policies, standards and continuous improvement plans.
3. Ensure continuous improvement in the implementation, maintenance or improvement of controls to protect information against new threats.
4. Develop training and awareness activities as an integral part of corporate governance.
5. To ensure compliance with applicable legal requirements.

This GENERAL INFORMATION SECURITY AND CYBER SECURITY POLICY is included within the corporate strategy to maintain Information Security and regulatory compliance by SPYRAL LABS SAS, establishing the essential principles and bases in the safe use of information systems and telecommunications. This policy has been approved by the company’s management in September 2021.