Epignosis develops and maintains software solutions that are used to collect, store and process information, in the context of its business processes. Information and information systems’ protection have strategic significance for the company to achieve its short and long-term objectives. The security and privacy of the data entrusted to Epignosis by its customers are of paramount importance and must be treated as confidential and protected accordingly at all times.

The company’s executive management (referred to as “Senior Management Team” in the Epignosis Information Security policies), acknowledging the criticality of information and information systems for the execution of the Company’s business processes, supports and promotes actions that safeguard the systems’ normal operation. For this purpose, the Company has established an Information Security Policy aiming to:

• • Ensure the confidentiality, availability and integrity of the information it processes
  • Protect the data subjects’ rights within the scope of its business operations
  • Comply with the applicable legislative and regulatory requirements
  • Promptly address incidents that may violate the Information Security

For this reason, the company implements measures in technical and organizational level in order to safeguard the integrity, confidentiality and availability of the information it manages. At the same time, it applies policies and procedures in the context of:

• • • Organizational structures that are required for monitoring issues related to Information Security
    • Technical measures for controlling and restricting access to information and information systems
    • A classification method for information based on its importance, criticality and value
    • The necessary protection actions during the phases of information processing, storage and transfer
    • Methods for training the Company’s employees and partners on Information Security aspects
    • Handling actions to be implemented in case of Information Security incidents
    • Methods for ensuring the Company’s business continuity in cases of information systems’ failures or physical disasters

The Company conducts Information Security risk assessments on a regular basis and implements the required risk treatment measures. The effectiveness of Information Security procedures is evaluated at planned intervals or if significant changes occur, by defining performance indicators, describing their measurement methods and periodically reporting to the Company’s Management for review, with the aim to further improve the Management System and ensure their continuing suitability, adequacy and effectiveness.

The Information Security Officer is responsible for controlling and monitoring the Information Security policies and procedures as well as for undertaking the necessary initiatives to eliminate any factor that may jeopardize the availability, integrity and confidentiality of the Company’s information.

The Company’s employees and partners with access to information and information processing systems are responsible for conforming to the rules of the applicable Corporate Information Security Policy.

The Company’s Management and employees are committed to the continuous improvement of the ISMS.

Nikhil Arora, CEO