Shalion's Security Policy reflects the concepts, principles, responsibilities, and objectives related to security, ensuring the company the necessary freedom of action.

The objective of Shalion's Comprehensive Security is to protect the people working in the company, the confidentiality of its communications, and the integrity of its information. It also safeguards other assets that make up the company's wealth, such as facilities and all kinds of content.

Comprehensive Security encompasses traditional concepts of physical security and logical (technological) security to maintain business continuity in the face of any adverse circumstances.

An increase in the "security culture" among company personnel will provide clear benefits by enhancing the security of systems and procedures, while minimizing the risk of potential malicious actions.

It is essential that all information related to security matters flows through appropriate channels to the company's decision-making bodies.

The principles that underpin our external security policy are:

• Integration: Global Security is an integrated process aligned with the business, involving the entire company.
• Profitability: Security is guided by business criteria, considering the relationship between expenditure and investment. Its guidelines are set centrally, leveraging any existing synergies. This management approach enables an overall reduction in costs and better performance of efforts applied to security.
• Continuity: Security must be present throughout its entire work cycle: protection, prevention, detection, response, and recovery.
• Adaptability: The means employed must be adapted to the business environment. Factors such as competition with other companies, social, political, and economic disruptions, and amateur or professional hacking are highlighted for their impact on the business and organizational security levels.

The ultimate responsibility for security lies with the management team, which is directly responsible for managing its development and implementation.

The management team will analyze security risks and vulnerabilities that may affect the business's proper functioning and propose the necessary policies, tools, and measures to minimize them    .

All personnel within the organization must take responsibility for maintaining the security of the assets under their charge by adhering to the security standards implemented by the management team.

• Achieve and maintain the required level of security to adequately guarantee business continuity, even in adverse situations.
• Enhance the integration and mutual support between the physical and logical aspects of security.
• Collaborate in managing other security disciplines, including labor and environmental aspects, in line with criteria that promote Corporate Social Responsibility.
• Establish the corporate security structure defined by the organization’s decision-making bodies and create appropriate communication channels among all parties involved.
• Comply with official security regulations and other requirements.
• Develop and implement Security Training and Awareness Plans to improve personnel training.
• Express commitment to continuous improvement.
• Integrate the company’s various departments into a security management system that, under common criteria, leverages synergies and achieves consistency in resources and actions.

All Shalion personnel will be aware of and apply the regulations developed under this Security Policy.