INFORMATION SECURITY POLICY

El Ranchito, a company of recognized prestige, dedicated to the production and realization of visual effects for film, television, advertising and other audiovisual formats, and now part of the Pitch Black Company group, is committed to offering services with a high level of security that guarantees the protection of its clients' information at a national and international level.

Accordingly, the Management of EL RANCHITO has established and implemented an Information Security Management System (ISMS) that ensures that the information systems and the information itself, from its creation and collection to its storage and processing, comply with the following principles:

· Security in Human Resources Management: Adequate management of human resources before, during and at the end of their employment is ensured.

· Appropriate asset management: Information is classified and secure handling of media is performed.

· Robust logical access control: Robust measures are put in place to control access to systems and applications, managing user permissions and privileges.

· Protection of facilities and physical environment: Secure work areas are designed and security measures are implemented for equipment.

· Operations security: Protection is provided against malicious software, backups are made, logs are established and software in use is monitored. In addition, technical vulnerabilities are managed and appropriate techniques are chosen to audit systems.

· Communications security: Networks are protected and a secure exchange of information is ensured.

· Security in the acquisition and maintenance of information systems: Change is limited and managed, ensuring security at all stages.

· Secure software development: The development and production environments are separated, and appropriate functional acceptance tests are carried out.

· Control of supplier relationships: Compliance with relevant security measures and acceptable levels of service delivery is contractually required.

· Effective security incident management: Adequate channels are established for incident notification, response and learning.

· Business continuity plan: A plan is developed to protect the availability of services during a crisis or disaster.

· Compliance with applicable regulations: Regulations are identified and complied with, paying special attention to the protection of intellectual property and personal data.

· Review and compliance with requirements: A constant review of information security requirements is carried out to ensure compliance and effectiveness.

These principles are undertaken by the Management, which disposes of the necessary means and provides its employees with adequate resources for its compliance, expressing them through this Information Security Policy.

Last updated 30 January 2024.