1. CONTENT

At Synopsis, we recognize that information is a fundamental asset for ensuring the continuity, reliability, and quality of the services we provide as Information Technology Service Providers. Therefore, we establish this commitment to protect the confidentiality, integrity, and availability of information through the implementation and continuous improvement of our Information Security Management System (ISMS), in accordance with the ISO/IEC 27001:2022 standard.

Our commitments are:

1.1. COMPLIANCE WITH THE ISMS AND ITS GUIDELINES

To ensure that 100% of the services delivered to our clients strictly comply with the policies, guidelines, and requirements defined in the ISMS, ensuring trust and quality in every delivery.

1.2. STAFF TRAINING AND AWARENESS

To ensure that 100% of Synopsis staff receive information security training by the end of the first quarter of 2026, guaranteeing a minimum learning level of 85%, fostering a proactive and responsible security culture.

1.3. RISK MANAGEMENT

Conduct an annual ISMS risk assessment to identify, analyze, and address internal and external threats that may affect the security of information assets, ensuring effective protection measures.

1.4. LEGAL AND REGULATORY COMPLIANCE

Maintain 100% compliance with applicable legal, contractual, and regulatory requirements, ensuring evidence of conformity during annual internal and external audits, as appropriate.

1.5. CONTINUOUS IMPROVEMENT

Periodically review the effectiveness of the ISMS in senior management meetings, promoting innovation and continuous improvement of controls, processes, and staff competencies. This document will remain in effect indefinitely from the date of approval and must be updated at least once a year or whenever significant changes occur in internal processes or applicable regulations. General Management assumes the responsibility of driving these commitments, ensuring that information security is an integral part of our organizational culture and strategic decisions.