Information Security Management System

Last updated: June 23, 2026

Information Security Policy

GuruSup's Security Policy reflects the concepts, principles, responsibilities and objectives for security, whose results allow the company to guarantee the freedom of action it needs.

Introduction

The objective of GuruSup's Integral Security is to protect the people who work in the company, the confidentiality of their communications, and the availability and integrity of its information. It also protects the other assets that form part of the company's property, such as facilities and content of all kinds.

Integral Security includes the traditional concepts of physical security and logical or technological security in order to maintain business continuity in any adverse circumstance.

An increase in the company's security culture will provide clear benefits by increasing the security of systems and procedures, and by minimizing the risk of potential malicious actions.

It is essential that all information relating to security matters flows through the appropriate channels to the company's decision-making bodies.

Principles

  • Integration. Global Security is an integrated process aligned with the business, in which the whole company participates.
  • Profitability. Security is guided by business criteria, taking into account the relationship between expenditure and investment. Its criteria are set centrally, taking advantage of any existing synergies. This management enables an overall reduction in expenditure and better performance from the effort applied to security.
  • Continuity. Security must be present throughout its full work cycle: protection, prevention, detection, response and recovery.
  • Adequacy. The means used must adapt to the business environment. Among other factors, competition with other companies, social, political and economic unrest, and amateur or professional hacking stand out because of their impact on the business and on the organization's security levels.

Responsibilities

Ultimate responsibility for security lies with the management team, which is directly responsible for managing its development and implementation.

The management team will analyze security risks and vulnerabilities that may affect the proper functioning of the business and will propose the appropriate rules, means and measures to minimize them.

All personnel in the organization must assume responsibility for maintaining the security of the assets under their charge, observing the security rules implemented by the management team.

Objectives

  • Achieve and maintain the security level required to adequately guarantee business continuity, even in adverse situations.
  • Increase the integration and mutual support of the physical and logical aspects of security.
  • Collaborate in the management of other security disciplines, including labor and environmental aspects, according to criteria that strengthen Corporate Social Responsibility.
  • Establish the corporate security structure defined by the organization's decision-making bodies and create the appropriate communication channels among all parties involved.
  • Comply with official security regulations and other requirements.
  • Establish and implement Security Training and Awareness Plans to improve personnel training.
  • Express commitment to continuous improvement.
  • Integrate the company's different departments into a security management system that, under common criteria, uses synergies and achieves consistency in resources and actions.
  • All GuruSup personnel will know and apply the rules that develop this Security Policy.