Wonest has defined an Information Security Policy with the aim of establishing the minimum requirements and basic rules for managing information security. This ensures that all Information Systems supporting consultancy services for companies, aiding workers in achieving well-being and balancing personal and professional life across all organizational areas, are securely executed, protecting the confidentiality, integrity, and availability of both proprietary and third-party information.

This Policy adheres to the recommendations of best practices in Information Security compiled in the International Standard ISO/IEC 27001:2022, as well as compliance with current legislation on personal data protection and regulations that, within the realm of Information Security, may affect Wonest.

The organization establishes the following basic principles as fundamental guidelines of information security that must always be considered:

• Frame Information Security within the culture and management of the organization. Information security must have the commitment and support of all executive levels so that it is coordinated and integrated with the other strategic initiatives of the organization.
• Ensure the confidentiality, availability, and integrity of the organization’s information to meet both its business objectives and its contractual and legal commitments.
• Establish a clear and efficient information management methodology.
• Ensure access to information in a secure and fully trustworthy manner.
• Reduce the risk of malicious use of information.
• Demand the establishment of measurable security objectives and a criterion of continuous improvement for them.
• Control the risks associated with information security by identifying them, implementing controls for their mitigation, and establishing regular procedures for their reevaluation.
• Ensure compliance with the laws regarding information management.
• Raise awareness within the organization about the importance of information security.

The Management of Wonest, aware of the importance of information security for successfully achieving its business objectives, commits to:

• Promote within the organization the functions and responsibilities in the field of information security.
• Provide the appropriate resources to achieve the information security objectives.
• Promote the dissemination and awareness of the Information Security Policy among its employees.
• Demand compliance with the Policy and current legislation in the field of information security.
• Consider information security risks in decision-making.

As Information Security concerns all Wonest personnel, this Policy must be known, understood, and assumed by all its employees.

Madrid, December 16, 2024.