Information security policy

The Safety Policy of TECCO AUTOMOTIVE, SA reflects the principles and objectives regarding
information security, the results of which allow our company to ensure adequate
processing of information —guaranteeing and regulating its confidentiality, integrity and
availability—to achieve its goal of achieving the greatest satisfaction of its customers and the rest
of stakeholders, such as employees, shareholders, or suppliers. Additionally, it allows
gain the trust of future clients, with the certainty that their information will be treated in a
secure environment by applying all appropriate measures to guarantee its confidentiality and integrity.

By developing, communicating and maintaining this policy, TECCO Management
AUTOMOTIVE, SA shows its commitment to protect the confidentiality of information with the
that operates in the provision of its services, guarantee its integrity in all processes of
treatment carried out, as well as the availability of the information systems involved in
these treatments.
To this end, the Management has defined and implemented a Safety Management System.
Information (ISMS) that allows the company to ensure that the information systems and the
information that is created, collected, stored and processed complies with:

• Security in Human Resources Management, before, during and after employment.
• Adequate asset management that involves the classification of information and
manipulation of the media, and the establishment of a robust logical access control to
your systems and applications, managing user permissions and privileges.
• Protection of facilities and the physical environment, through the design of work areas
safe and the security of the equipment.
• Ensuring operational security through software protection
malicious, making backup copies, establishing logs and their
supervision. control of the software in operation.
• The management of technical vulnerabilities and the choice of appropriate techniques for the
Systems audit.
• Communications security, protecting networks and information exchange.
• Ensuring safety in the acquisition and maintenance of security systems
information, limiting and managing change.
• Carrying out secure software development, separating the development and
production, and performing appropriate functional acceptance tests
• Control of relationships with suppliers, contractually demanding the
compliance with relevant safety measures and acceptable levels in their
services.
• Effective management of security incidents, establishing appropriate channels
for your notification, response and timely learning.
• The implementation of a business continuity plan that protects the availability of the
services during a crisis or disaster.
• The identification and compliance with applicable regulations, placing special emphasis on the
intellectual property and the protection of personal data.
• The periodic review and continuous improvement of our safety management system
information to ensure compliance and effectiveness of these requirements.

All staff of the organization have the duty to comply with this policy, for which the Management
provides the necessary means and sufficient resources for its fulfillment, and assumes the
responsibility to communicate it and keep it accessible to all interested parties.

SGSI-D-01_Information Security Policy Rev.01