The Privacy and Security Policy of the Information is the general statement that represents the position of the administration of Nuvola Business Consulting SAS (hereinafter nBC), with regard to the protection of information assets (the officials, contractors, third parties, the information, processes, technologies of information, including hardware and software), which support the processes of the Entity and to support the implementation of the System of Management of Information Security, by means of the generation and publication of policies, procedures, and instructions, as well as the allocation of responsibilities for general and specific to the management of the security of the information.

nBCto ensure the strategic direction of the company, establishing the compatibility of the policy of information security and the goals of information security, the latter corresponding to:

• To minimize the risk of the processes mission of the company.
• To comply with the principles of information security.
• To comply with the principles of the administrative function.
• To maintain the confidence of the officials, contractors, and third parties.
• Support the technological innovation.
• To implement the system of management of safety of the information.
• Protect information assets.
• Establish policies, procedures, and instruction in the field of information security.
• To strengthen the culture of information security officials, third parties, apprentices, trainees, and clients
• To ensure the continuity of the business against incidents.

Scope/Applicability

• This policy applies to all of the entity, its officers, contractors and third parties nBC.

Level of compliance

All persons covered by the scope and applicability must comply with 100% of the policy.

Policies:

1. Security policy:
   1. nBC you must define the mechanisms to protect the information, use, processing, storage and dissemination; and, it is their duty, to keep up-to-date this policy, as well as the other components of the System of Management of Safety of the Information that must be aligned with the other management systems of the company.
   2. nBC you must to evaluate the cost/benefit of the security mechanisms and retrieval of information, as well as the technological resources involved.
   3. All users of the ICT resources must protect, support and prevent disclosures of information to unauthorized persons; that is to say they are responsible to take care of all the digital assets of information whether or not owned
   4. All the officers of nBC must follow the procedures of endorsement of the information and take a log backup. Which for the company is to maintain all the documents and sensitive information into a folder in One Drive associated with the corporate e-mail.
   5. Any user of ICT is responsible for the protection of the information of your position and you should not share, publish or stop at the view, sensitive data such as User and Password, IP Addresses, among others.
   6. All ICT user must lock the session of work of your computer to turn away, even for a short time, minimizing the time that the station is without protection in your absence.
   7. All information that comes from an external file nBC or need to be restored has to be analyzed with the anti-virus of current institutional arrangements.
   8. Any user of the ICT resources must generate, compile, copy, store, replicate, or run computer code malicious with the intent to cause harm, affect and interfere with the services of any resource ICT.
   9. All users of ICT resources must not visit restricted sites by nBC explicitly or implicitly, or sites that affect the productivity of the company; as the access from nBC sites related to pornography, games, entertainment etc
   10. It is prohibited to download software from malicious use or documents that provide information that threatens the security of the information nBC.
   11. No official must provide unauthorized information at any site, whether internal or external nBC.
   12. No user, you should download and/or use information, file, picture, sound, or other that are protected by copyright of third parties without the prior authorization of these.
   13. Will be documented and will disclose the controls that should apply to the appropriate use of information that is handled in the offices from the labour point of view.
   14. Users should not download software from the Internet in any circumstances and in case of need you must inform the leader.

2. Organization of Information:
   1. nBC you must have control of their information prior organization and administration in accordance with the definition of its framework, management (roles and responsibilities).
   2. Each area should determine what your sensitive information and your availability.
   3. All users of the ICT resources of the company should locate the information that needs to be backed up in the places previously constituted for this purpose (folder in OneDrive 365, enterprise account), otherwise are responsible for their own actions and consequences.

Non-compliance to the Security policy Information Privacy and will bring with it, the legal consequences that may apply to the rules of the Entity, including as set forth in the standards that are the responsibility of the national Government and territorial in terms of Security and Privacy of the Information relates.