BeePlanet Factory has made the decision to manage information systems using international best practices, in accordance with the ISO/IEC 27001:2023 standard. For this purpose, a Information Security Policy, which establishes detailed guidelines for safeguarding the confidentiality, integrity and availability of the organization's information and services. This policy was approved by Management on January 20, 2023, with the following structure:

Introduction and Objective: recognizes BeePlanet Factory's dependence on ICT systems to meet its objectives and services. Its primary purpose is to protect these systems against damage, both accidental and deliberate, that could compromise the availability, integrity, or confidentiality of information.

Mission of the Entity: BeePlanet Factory's mission is to “Create a sustainable energy model for our planet”.

Scope and Regulatory Framework: focused on information systems related to the supply of batteries and their operation in the field. The policy applies to BeePlanet Factory's information systems and is based on an updated regulatory framework, ensuring compliance with relevant legal and regulatory requirements.

Compliance with Minimum Security Requirements: reference is made to the adoption of security measures aligned with standards such as ISO 27001:2023, emphasizing the integration of security as an integral process and the application of the principle of minimum privilege for users and systems.

Continuous Monitoring and Continuous Improvement: the need for constant monitoring is established to detect anomalous activities, assess risks, update security measures and seek continuous improvements in the security process.

Personnel Management and Professionalism: highlights the importance of staff training, the definition of safety standards and the periodic review and auditing of systems to ensure their integrity and security.

Risk Management and Incident Response: continuous risk analysis is integrated to prevent, detect and respond to security incidents, maintaining the integrity and confidentiality of information and services.

Defense against Interconnected Systems and Access Control: a strategy is established to protect information systems through multiple layers of security and emphasizes system access control for authorized users.

Governance Model: specific security roles are described and an Information Security Committee is formed to ensure effective implementation of the policy and compliance with its guidelines.

Policy Development and Third Parties: emphasis is placed on creating detailed documentation and procedures for third parties, ensuring that they adhere to established security standards and that shared information is protected.

This policy undergoes annual reviews to adapt to regulatory, technological and organizational changes, always maintaining a firm focus on information protection and security.

‍