Corporate Cyber ​​Security and Information Policy

A The Corporate Policy on Cybernetic Security and Information has as basic guidelines:

1. 1. 1. To guarantee the confidentiality, integrity, availability and controlled access of the information of Caruana SA SCFI, as well information of third parties guarded by it, against unauthorized access and unauthorized modifications, while ensuring that the information will be available to all authorized parties when necessary.

    

   1. 1. Identify Cyber ​​Security and Information violations, establishing systematic actions to detect, treat and prevent incidents, threats and vulnerabilities in physical and logical environments, aiming at mitigating cybernetic and information risks, among others.

    

   1. 1. Ensure business continuity by protecting critical processes from unacceptable disruptions caused by significant failures or losses.

    

   1. 1. Meet the legal requirements, regulations and contractual obligations pertinent to the company’s activity.

    

   1. 1. Aware, educate and train employees through Cybersecurity Policy and Information, internal rules and procedures applicable to their daily activities.

    

   1. Ensure and continuously improve the Cyber ​​Security and Information Security Risk Management processes.

We declare that this copy is faithful to the Corporate Policy on Cybernetic Security and Information, approved by the Board of Directors of Caruana S/A – S.C.F.I. on May 5, 2019.

Caruana S/A – Sociedade de Crédito, Financiamento e Investimento