FIVECOMM, a company dedicated to the innovation, design, development, integration and commercialization of systems, solutions and products that make use of 5G, either with public or private networks, has decided to implement an Information Security Management System based on the ISO 27001 standard with the aim of preserving the confidentiality, integrity and availability of information, protecting it from a wide range of threats and aimed at ensuring the continuity of business lines, minimizing damage and maximizing return on investment and opportunities business and continuous improvement.
FIVECOMM Management is aware that information is an asset that has a high value for the Organization and therefore requires adequate protection.

The FIVECOMM Management establishes the following as basic objectives, starting point and support for the objectives and principles of information security:

• The protection of personal data and the privacy of individuals
  Safeguard organization records.
• Protection of intellectual property rights
• Information security policy documentation
• Assignment of security responsibilities
• Information Security Education and Training
• Security incident log
• Business continuity management
• The management of changes that could occur in the company related to security

The FIVECOMM Management, through the development and implementation of this Information Security Management System, acquires the following commitments:

• Develop products and services in accordance with legislative requirements, identifying the laws applicable to the business lines developed by the organization and included in the scope of the Information Security Management System.
• Establishment and fulfillment of contractual requirements with the interested parties.
• Define the security training requirements and provide the necessary training in this matter to interested parties, by establishing training plans.
• Prevention and detection of viruses and other malicious software, through the development of specific policies and the establishment of contractual agreements with specialized organizations.
• Business continuity management, developing continuity plans in accordance with internationally recognized methodologies.
• Establishment of the consequences of violations of the security policy, which will be reflected in the contracts signed with the interested parties, suppliers and subcontractors.
• Act at all times within the strictest professional ethics.

This Policy provides the reference framework for the continuous improvement of the Information Security Management System, as well as for the establishment and review of the objectives of the Information Security Management System, being communicated to the entire Organization and to interested parties being reviewed for its adequacy when special situations and/or substantial changes occur in the Information Security Management System.

March 9, 2023