The MISSION of TECNOLOGIA E INNOVACION SA and TEIN GROUP SPA (TEIN) is to provide and operate technological infrastructure solutions and services with a high degree of innovation and technical operation, delivering excellent service quality and added value to the customer, respecting the environment and acting with community responsibility.

**QUALITY POLICY**

• Attend to customers, acting with a service-oriented mindset, facilitating the use of acquired tools, and providing comprehensive and professional assistance for incidents and technical emergencies.

Seek the continuous improvement of the Quality Management System to enhance the effectiveness and satisfaction of our clients with the services offered.

• Comply with all applicable requirements related to our functions, including legal and regulatory requirements as well as any voluntary ones that the company chooses to adhere to.

**MANAGEMENT IS COMMITTED TO COMPLYING WITH THIS POLICY TO CONTINUALLY IMPROVE THE EFFECTIVENESS OF THE QUALITY MANAGEMENT SYSTEM.**

Information is a critical and valuable asset in the organization. Decisions are made daily based on it, and it represents us to our clients, colleagues, collaborators, suppliers, shareholders, and the general public. Because of this, information plays a fundamental role in achieving our business objectives, which is why we must protect its Integrity, Availability, Confidentiality, and Resilience, regardless of the medium in which it exists, whether in digital format, on paper, verbally, or in the knowledge of individuals.

To achieve our objectives and goals, it is the commitment of this management to implement a Management System that allows us to manage both Cybersecurity and Business Continuity, all aligned with the ISO 27.001, ISO 27701, and ISO 22301 standards, carrying out a Risk Management process that enables us to mitigate those real or potential threats that may jeopardize the achievement of the organization's business objectives through the following actions:

- Establecer un adecuado marco de control que permita medir el nivel de riesgo al que se está expuesto, determinar el nivel aceptable de estos riesgos y definir las medidas de mitigación adecuadas sobre las amenazas que puedan atentar contra la Ciberseguridad y la Resiliencia.

- Promover la definición de Roles y Responsabilidades en materia de Ciberseguridad y Resiliencia garantizando de esta manera involucrar a los referentes de cada una de las Áreas de Negocios, a todos los empleados y a los proveedores que formen parte de la cadena de suministro.

- Asignar la responsabilidad por el logro de los objetivos de la Ciberseguridad y la Resiliencia a las Áreas de Negocios, individuos, grupos de trabajo u organización relacionada.

- Otorgar los recursos necesarios para garantizar la adecuada gestión de la Ciberseguridad y Resiliencia.

- Asegurar las competencias y calificación profesional de los recursos humanos que integran la organización mediante el desarrollo de planes adecuados de entrenamiento y concientización.

- Impulsar el proceso de Análisis de Riesgos y validar sus conclusiones de manera regular al menos una vez por año.

- Establecer un proceso de mejora continua aplicable al Sistema de Gestión de Ciberseguridad y Continuidad del Negocio.

Our policy must guide us in every action to ensure the accurate assessment of exposure to Cybersecurity and Business Continuity threats by providing the elements for the development of effective and efficient protection strategies based on risk analysis.

Only then can we operate even during sophisticated threats and attacks, accepting service disruptions with security and strength, increasing our customers' trust and enhancing value for shareholders.

Within our organization, leaders will be required to communicate its importance and manage its implementation, ensuring that all collaborators contribute to the success of this approach.