Information Security Policy

The purpose of the following high-level policy is to define the objective and direction for information security management, providing a framework for all those involved in the ISMS (Botech employees, customers, shareholders and suppliers who wish to know about it):

“Botech's employees are committed to ensuring the confidentiality, integrity and availability of information as the main security objectives aligned with the applicable legal, regulatory and contractual requirements, continuously improving the level of security through the Information Security Management System.”

It is Botech's policy that:

• Objectives are established annually in relation to Information Security.
• A risk analysis process is developed and according to its result, the corresponding actions are implemented in order to address the risks that are considered unacceptable, according to the methodology established for this purpose.
• Business, legal and regulatory requirements and contractual security obligations are met.
• Information security awareness and training is provided to all personnel.
• The necessary means are established to ensure the continuity of the company's business.
• Any violation of this policy and any ISMS policy or procedure is sanctioned.
• The understanding and involvement of all personnel in achieving the objectives of the Information Security Management System is guaranteed.
• All Botech employees, as well as employees of its suppliers, contractors and contractors in their daily activities and within their work environment, are obligated to protect the Confidentiality, Integrity and Availability of information for the benefit and security of the unit, the ISMS, personnel, users and suppliers.
• Every employee is responsible for recording and reporting confirmed or suspected security breaches.

To carry out this policy, Botech has established procedures, instructions, documents and templates that are available to all personnel and are mandatory, as well as to third parties that supply goods and services to Botech.

Finally, Botech's management is committed to continuously improving the information security management system through security objectives, analysis of security indicators defined for monitoring and measuring ISMS performance, risk management, audit programs and the handling of observations, opportunities for improvement and nonconformities detected, analysis of the causes of nonconformities and the establishment of corrective actions, analysis of incidents and potential security incidents, management of vulnerabilities and periodic security awareness programs for all employees.

The Information Security Management System Manager.

In Spain, 07 February 2025.