INFORMATION SECURITY POLICY

Sitrack’s Management promotes and disseminates at all levels of the Company this Policy and Objectives for the management of information security.

The information generated and managed by Sitrack, is a strategic asset to ensure business continuity. In this context, the Information Security Policy is focused on protecting: information throughout its life cycle (creation, dissemination, modification, storage, preservation and disposal), the means that enable this cycle and the people who access the information and / or manipulate it, in order to ensure its integrity, availability and confidentiality.

MANAGEMENT’S STATEMENT OF INTENT

Sitrack protects information resources and technology used for its processing of internal or external threats, deliberate or accidental; in order to ensure compliance confidentiality, integrity, availability, legality and reliability of information. In order to ensure the continuity of the information systems, minimize risks of damage and ensure the efficient compliance of its strategic objectives.

INFORMATION SECURITY PRINCIPLES

1. Promote an organizational culture oriented to information security.
2. Commit Sitrack’s highest authorities in the dissemination, consolidation and compliance of policy.
3. Keep policies, regulations and procedures updated, in order to ensure its validity and level of effectiveness.
4. Comply with legal, regulatory and organizational requirements and continuous improvement.

INFORMATION SECURITY MANAGEMENT OBJECTIVES

The organization establishes the following information security objectives:

1. Protect information assets, based on criteria of confidentiality, integrity and availability.
2. Manage information security risks to keep them at acceptable levels, according to the risk classification.
3. Manage the technological infrastructure, in order to provide the adequate rendering of services, implementing contingency plans and continuity of operations.
4. Implement, operate and periodically review controls established in the Statement of Applicability.
5. Establish and maintain the Information Security Policies Management System, as well monitor compliance.
6. Communicate and keep company staff informed of these objectives.

SCOPE OF THE INFORMATION SECURITY POLICY

General Scope

1. Sitrack´s Management establishes its commitment to the establishment, implementation, maintenance and continuous improvement of an Information Security Management System (ISMS) within the context of the organization, the scope of which corresponds to: Software development and operation services in cloud infrastructure.
2. This policy must be known and complied by all Sitrack staff.

DEFINITION OF INFORMATION ASSETS

They are all those relevant elements in the production, issuance, storage, communication, display and retrieval of information of value to Sitrack, in which three levels are distinguished:

1. The Information itself, in its multiple formats (paper, digital, text, image, audio, video, etc.).
2. The Equipment/Systems/Infrastructure that support this information.
3. The People who use the information, and who have knowledge of the company’s processes.

GENERAL FRAMEWORK OF SITRACK’S SECURITY POLICIES

General Aspects

The Information Security Policy has been elaborated in accordance with the applicable legislation of the Country.

Sitrack’s Management is committed to carry out the actions within its reach to allow operational continuity to counter interruptions in business activities and to protect critical processes from the effects of major failures or disasters in information systems and ensure their timely resumption.

Approval of the Policy

This information security policy is approved by Senior Management, clearly reflecting their commitment, support and interest in the development of an information security culture at Sitrack.

Policy Dissemination

Information security policies are communicated to all Sitrack staff and third parties providing services to the organization, as well as to relevant external entities.

Policy Review

The Information Security Policy is reviewed annually in order to keep it updated. May also any necessary modification will be made according to possible changes that may affect its definition, such as: technological changes; impact of security incidents; structural changes in Sitrack; changes in conditions and/or legal requirements; at the request of Sitrack´s senior Management.

The modification of this document is in charge of Information Security and is approved by the Sitrack’s senior Management.