INFORMATION SECURITY POLICY

The information security policy represents the framework for managing the information security system and defines the basic codes and rules for managing the information security system. The goal of this policy is to establish a framework for managing the security of the information system, which will reduce the impact of security incidents and protect information assets from possible damage and loss.

In order to reduce information security risks and define appropriate information security management, the Director of the company Imaves d.o.o. (after referred to as the Company) is committed to continuous improvement of information security through the Information Security Management System.

This Information Security Policy is a basic document related to information security based on the international standard ISO/IEC 27001:2022, and its provisions are incorporated into the Information Security Manual and other internal information security acts.

The scope of the Information Security Management System covers the entire operation of the Company, which includes all employees and external collaborators, processes, technologies and services of the Company.

All employees and external collaborators when working with the Company's information assets are obliged to comply with the requirements set forth in this policy, and any suspicion of a violation of information security should be reported to the Chief Information Security Officer (CISO).

In accordance with the fundamental goals, strategy and development plans of the Company, the defined goals related to the information security management system are as follows:

• ensuring confidentiality, completeness and availability of information;
• compliance with the legal regulations of the Republic of Croatia and the European Union;
• compliance with the requirements of ISO 27001:2022;
• employee education aimed at raising awareness of information security;
• reduction of damages from potential incidents, in accordance with the Company's business goals, strategy and business plans;
• ensuring continuous provision of services.

With the aim of continuous improvement of the information security management system, the Director of the Company decided to support information security management with adequate resources in order for the Company to reach security goals and satisfy interested parties and their requirements.

This Policy is effective on the date of its adoption and is available to all interested parties.

© 2026 All rights reserved • Imaves d.o.o.