CLOUDLABS, formed by the companies CLOUDLABS S.A.S., INNOVATIVE EDUCATION: SERVICES AND SOLUTIONS S.A.S., and CLOUDLABS LLC, provides innovative and high-quality educational solutions to improve educational processes through information and communication technologies. We specialize in the creation and implementation of educational tools, with a central focus on the STEM model and the promotion of excellence in education. As a competent company, we are committed to developing our Integrated Quality, Information Security, and Occupational Health and Safety Management System, which is organized under a continuous improvement scheme.

General Guideline

At CLOUDLABS, our integrated management system (IMS) policy is grounded on three essential pillars: information security, people care, and quality excellence. We are committed to protecting the information assets linked to our innovative IT-based educational solutions. Furthermore, our mission extends beyond merely enhancing educational services; we aim to serve as a catalyst for the business accomplishments of our customers and users.

We are dedicated to complying with applicable requirements related to quality, information security, occupational health and safety, and continuous improvement. Our focus is on safeguarding both our information and that of third parties while actively pursuing customer satisfaction as a central tenet of our policy.

We extend this commitment to our employees, suppliers, contractors, and partners, encouraging them to comprehend and adhere to our integrated management system policies and objectives. It is a core responsibility of our organization and translates into a continuous commitment to improvement.

Our objectives associated with the IMS are as follows:

• Identify, assess, and manage risks that may affect information security, which includes proactively identifying threats, assessing vulnerabilities, and implementing appropriate controls to protect information assets and effectively safeguard against potential cyber threats and risks.
• Protect the confidentiality, integrity, and availability of data, both related to our customers and internal company data.
• Ensure continuity and effective management of information security incidents in our processes, digital products, and services.
• Implement a training and awareness culture of the integrated management system through campaigns that promote awareness and education in terms of information security, quality management, and OSH (Occupational Safety and Health).
• Prevent occupational injuries and illnesses through the implementation of effective safety measures in all our activities.
• Promote a safe and healthy work environment for all our employees and collaborators, ensuring their well-being.
• Identify, evaluate, and control hazards that may affect the safety and well-being of individuals while minimizing occupational risks and fostering a secure and healthy work environment for everyone.

We consider this policy fundamental to guiding our team and ensuring that we meet our commitments to quality, information security, and occupational health and safety.

Additionally, to ensure compliance with certain controls associated with information security, we must comply with the specific and complementary policies defined in the Information Security Policy Manual.

This policy and its complementary policies will be periodically reviewed and updated to ensure their relevance and effectiveness. In evidence of its revision and publication, it is signed in Pereira, Colombia, on the 28th day of September 2023.