Security Policy

Page Europa Management, aware of the importance and necessity of adopting an internationally
recognized Information Security Management System, in order to ensure the quality of the services
provided and to pursue customer satisfaction, deems it appropriate to make its Information Security
Management System compliant with the ISO/IEC 27001 standard. The primary objectives of this
corporate information security policy are as follows:

• Assign responsibility for the control of company assets to personnel so that everyone, in ways
relevant to their role and function, is involved and engaged in protecting Page Europa’s information
assets;
• Establish control methods for the external transfer of company assets;
• Ensure that the disposal of any company asset does not result in the loss of confidentiality of any
information it may contain;
• Implement all possible actions to preserve the integrity, availability, and confidentiality of any Page
Europa asset;
• Control visitor access to company offices and all access to any company information by personnel or
third parties in any capacity;
• Ensure that all workstations have password-protected access, with passwords changed periodically;
• Define and periodically test effective backup procedures;
• Establish mutual responsibilities with customers and suppliers in managing information security;
• Periodically verify the effectiveness of the business continuity and disaster recovery plan;
• Provide the necessary resources to ensure operational continuity in the event of staff unavailability at
company premises;
• Train personnel in cybersecurity to prevent careless behavior that could lead to IT incidents.

All personnel, collaborators, suppliers, and visitors must operate in compliance with the company rules
and procedures established to ensure business management in accordance with the above principles.
Management hopes to obtain the utmost cooperation at all levels for the respect and systematic
application of these general guidelines.