The General Information Security Policy defines the guidelines and rules for managing information security in an organization/business. Its purpose is to establish the requirements for protecting the confidentiality, integrity, and availability of information by allocating appropriate resources and ensuring compliance with legal and regulatory requirements. It includes the responsibilities of personnel and the measures that must be taken for the prevention and mitigation of threats.

The management of WALLBID is committed to ensuring the confidentiality, integrity, and availability of all physical and digital informational assets across the organization, in order to maintain its competitive advantage, profitability, legal and contractual compliance, and corporate image. The requirements for Information Security will continue to align with the organization's objectives, and the Information Security Management System (ISMS) is intended to serve as a mechanism for reducing information-related risks to acceptable levels.

All WALLBID employees are required to comply with this policy and the ISMS that implements it. Certain third parties, as defined within the ISMS, will also be required to comply with it. We have provided adequate resources and expertise to ensure that our ISMS is continuously improved to meet WALLBID's requirements. This policy will be reviewed whenever deemed necessary and at least on an annual basis.

The objective of the General Information Security Policy is to protect informational assets and personal data against all internal, external, intentional, or unintentional threats. This policy aims to ensure:

• The continuous protection of information and personal data from any unauthorized access.
• The confidentiality, integrity, and availability of information, IT resources, and personal data related to the company, its clients, partners, and suppliers.
• The business continuity of the organization by addressing and minimizing risks arising from security incidents.
• The establishment of responsibilities and accountability for information security at all levels of the company.
• Compliance with relevant legislative, regulatory, and contractual obligations.