Information Security Policy

Last Updated: January 30, 2024

EXPERT SOFTWARE APPLICATIONS S.R.L. understands the importance of information security, and we acknowledge that the integrity, confidentiality, and availability of information and data retrieved, created, maintained, and hosted by us and our suppliers are vital for the success of our business and also for the confidentiality and success of our client's business. In this regard, we make every effort to ensure that the information held is protected by preventing and reducing the impact of information security and confidentiality incidents.

To protect the information resources within our organization from all threats, whether internal or external, deliberate or accidental, and also to ensure the effectiveness of our controls and demonstrate our commitment to the security and confidentiality of our customers' information, EXPERT SOFTWARE APPLICATIONS S.R.L., has developed and applies an information security management system, according to ISO 27001:2018 and ISO 27701:2019 standards, as a logical and systematic approach to the management of operating processes, which allows it to achieve the following objectives:

• Ensuring the confidentiality, integrity and availability of customer and organisational data;
• Protecting information assets from unauthorized access, misuse, destruction or alteration;
• Increase satisfaction and trust of all stakeholders;
• Compliance with national legislation and all relevant information security regulations applicable to products and services provided by EXPERT SOFTWARE APPLICATIONS S.R.L.;

We are committed to complying with and meeting all applicable information security requirements, including those of the applicable standards SR EN ISO/IEC 27001:2018 and SR EN ISO/IEC 27701:2021.

We will allocate the necessary resources and implement appropriate measures to ensure continued compliance with these requirements.

We are committed to promoting continuous improvement of our information security management system by constantly evaluating and updating our security processes, procedures and measures. We will periodically assess risks, regularly monitor the performance of our security system, implement corrective actions and consider all opportunities to improve the effectiveness and efficiency of our information security management system.

I take responsibility for the definition, implementation and maintenance of this policy in EXPERT SOFTWARE APPLICATIONS S.R.L. and will provide all necessary resources and means for its implementation and continuous improvement of the information security management system. It is the responsibility of each employee of EXPERT SOFTWARE APPLICATIONS S.R.L. to adhere to this policy and to act to implement it.

Timisoara, Romania, January 30, 2024 - CEO Zoltan Lorincz