Information Security Policy

The Management of WOCAP S.A. affirms its commitment to the continuous improvement and effective implementation of the Information Security Management System (ISMS), in alignment with the international standard ISO/IEC 27001:2022.

Safeguarding information is considered a critical factor for the achievement of the Company’s strategic objectives and for ensuring the confidentiality of the data entrusted to its care.

To this end, WOCAP has established and applies an Information Security Policy, which is designed to:

• Ensure the confidentiality, integrity, and availability of all information under its management.
• Guarantee the secure and reliable operation of its information systems.
• Provide for the timely and effective response to incidents that may threaten business operations
• Ensure full compliance with applicable legal, regulatory, and contractual requirements.
• Promote the continuous enhancement of the Company’s overall Information Security posture.

For this purpose:

• Technical measures are defined for the control and restriction of access to information and information systems.
• Organizational structures are established to monitor matters related to Information Security.
• A classification methodology is determined to categorize information according to its importance and value.
• The necessary measures are described for safeguarding information during processing, storage, and transmission.
• Procedures are established for the awareness and training of employees and external partners on Information Security matters.
• Methods are defined for the handling and resolution of Information Security incidents.
• Measures are described to ensure the secure continuity of the Company’s business operations in the event of information system failures or disasters.

The Company conducts regular risk assessments related to Information Security and implements the necessary measures for their mitigation. It applies a framework for evaluating the effectiveness of Information Security processes, which includes the definition of performance indicators, the methodology for their measurement, and the generation of periodic reports reviewed by Management with the aim of continuously improving the system.

The Information Security Officer is responsible for monitoring and controlling the policies and procedures related to Information Security, as well as for taking the necessary initiatives to eliminate any factors that may threaten the availability, integrity, and confidentiality of the Company’s information.

All Company employees and partners with access to Company information and information systems are responsible for complying with the requirements of the Information Security Policy in force.

The Company is committed to the continuous monitoring of and compliance with all applicable legal and regulatory requirements, and to the ongoing implementation and improvement of the effectiveness of the Information Security Management System.

This Policy is available to all interested parties.

Petros Patronis, Founder & CEO