Security Policy

Last update: 10/02/2026

Introduction

The Information Security Policy of Uxia defines the concepts, principles, responsibilities, and objectives regarding security. Its implementation ensures the organization maintains the operational freedom necessary to conduct its business effectively.

The overarching goal of Uxia’s Comprehensive Security approach is to protect the people who work at the company, the confidentiality of their communications, and the integrity of their information. It also safeguards all other assets that form part of the organization’s patrimony, including facilities and content of all types.

Comprehensive Security encompasses the traditional concepts of physical security and logical
(technological) security in order to maintain business continuity under any adverse
circumstances.

Fostering a strong “security culture” among company personnel delivers clear benefits by
enhancing the security of systems and procedures, while minimizing the risk of potential
malicious actions.

It is essential that all security-related information flows through the appropriate channels to the
organization’s decision-making bodies.

Principles

• Integration. Security is a holistic, integrated process aligned with the business, involving the entire organization. All departments and personnel participate in maintaining and improving the security posture.
  
  

• Cost-Effectiveness. Security is guided by business criteria, taking into account the relationship between expenditure and investment. Criteria are established centrally, leveraging all existing synergies. This approach enables a global reduction in costs and improved return on security efforts.
  
  

• Continuity. Security must be present throughout the entire operational cycle: protection, prevention, detection, response, and recovery.
  
  

• Adequacy. The means employed must be adapted to the business environment. Factors with significant impact on the business and the organization’s security levels include competition with other companies, social, political, and economic disruptions, and both amateur and professional hacking.

Responsibilities

Ultimate responsibility for security lies with the executive leadership team, which is directly accountable for managing its development and implementation.

The management team shall analyze the risks and vulnerabilities related to security that may affect the proper functioning of the business, and shall propose the standards, resources, and measures necessary to mitigate them.

All personnel within the organization must assume responsibility for maintaining the security of the assets in their charge, observing the security standards established by the management team.

Objectives

Uxia’s Information Security Policy establishes the following strategic objectives:

• Achieve and maintain the level of security required to adequately guarantee business continuity, even under adverse conditions.

• Increase the integration and mutual support between the physical and logical aspects of security.

• Collaborate in the management of other security disciplines, including occupational and environmental aspects, in accordance with criteria that promote Corporate Social Responsibility.

• Establish the corporate security structure as defined by the organization’s decision-making bodies and create appropriate communication channels among all stakeholders.

• Comply with all official security regulations and other applicable requirements.

• Establish and implement Security Training and Awareness Plans to enhance personnel
competence.

• Maintain an express commitment to continuous improvement in all security processes.

• Integrate all company departments into a security management system that, under common criteria, leverages synergies and achieves consistency in resources and actions.

• Ensure that all Uxia personnel are aware of and comply with the standards that develop this Security Policy.