This Information Security Policy (the "Policy") establishes the principles, objectives and governance framework for the protection of information processed by i-Technologies (the "Company").

The Company has implemented an Information Security Management System ("ISMS") with the objective of ensuring an adequate and effective level of protection of information assets, in accordance with applicable legal, regulatory and contractual requirements, as well as recognised international standards.

1. Objectives of the ISMS

The ISMS is established to achieve the following objectives:

• to ensure the protection of information against unauthorised access, disclosure, alteration or destruction;
• to ensure the confidentiality, integrity, and availability of information processed by the Company;
• to ensure that all personnel receive appropriate and proportionate information security awareness and training;
• to ensure the identification, recording and management of all information security incidents;
• to ensure that information security incidents and vulnerabilities are promptly identified, reported, assessed and investigated, and that appropriate corrective and preventive actions are implemented;
• to ensure that business continuity and disaster recovery plans are established, maintained and periodically tested to support the continuity of critical operations;
• to ensure the continuous improvement of the ISMS and the overall level of information security.

2. Mission and Strategic Intent

The Company's mission is to strengthen its market competitiveness and ensure sustainable business growth through the delivery of services that meet high standards of information security.

The Company is committed to maintaining existing client relationships and acquiring new clients, while simultaneously improving its financial and operational performance.

3. Implementation and Compliance Framework

The Company shall achieve its strategic objectives through:

• maintaining and continually improving a management system compliant with PN-ISO/IEC 27001:2022, ensuring conformity across all applicable areas of the Company's operations;
• consistently meeting applicable legal, regulatory and contractual obligations, as well as evolving client requirements and expectations;
• maintaining reliable and secure infrastructure and implementing modern technological solutions within operational processes;
• ensuring the continuous development of employees' professional competencies relevant to information security.

4. Scope and Purpose

The purpose of this Policy is to ensure the protection of all information processed by the Company against internal and external threats, whether intentional or accidental.

The effective implementation of this Policy is intended to support the Company's long-term development and enhance its ability to operate in a dynamic and evolving IT environment.

5. Governance and Responsibility

The Management Board of the Company bears ultimate responsibility for the establishment, approval, implementation, and continual improvement of this Policy and the ISMS.

The Management Board commits to:

• providing adequate resources necessary for the implementation and maintenance of the ISMS;
• establishing an organisational environment that promotes awareness, accountability and active participation of all employees in achieving information security objectives;
• ensuring that roles, responsibilities and authorities related to information security are clearly defined and communicated;
• supporting the ongoing development and improvement of the ISMS and the processes defined within the Company's Process Framework.

All employees and relevant stakeholders are required to comply with this Policy and all supporting information security procedures and controls.