COMMUNICATION OF INFORMATION SECURITY POLICY

Noray Bioinformatics, S.L., in line with the Sustainable Development Goals (SDGs) defined by the United Nations, expresses its firm commitment to ensure:

• The protection of personal data.
• The preservation of the confidentiality, integrity and availability of the information managed.

Our aim is to deploy the necessary technical, human, material and organisational resources:

• To ensure adequate information security management.
• To reduce the possibility of materialised threats.
• And, while the existence of security incidents is inevitable, to detect them, to deal with them in time to mitigate a serious impact on the information managed or the services provided, and to enable the recovery of the affected information.

We strive to comply with:

• GDPR/LOPDGDD (Personal Data Protection Regulation).
• National Security Scheme (ENS) and ISO 27001.
• The requirements of our customers.
• Our own information security standards, based on stakeholder expectations.

We monitor our supply chain, ensuring that their commitments are aligned with ours.

We manage information security in the development of our digital products and the delivery of our support services.

In order to apply the principles of continuous improvement in our information security management:

• We conduct systematic reviews.
• We implement preventive measures.
• We train and raise awareness among all members of the organisation.

This statement is based on the Information Security Policy document and the LOPDGDD Policy for staff, with more detail on the aspects mentioned above.

Approved by the Direction on 18 September 2024.