Security policy for suppliers and other stakeholders of SIA

At SIA Interactive we are committed to carrying out our activities with integrity and transparency, prioritizing the protection of the information we manage, in accordance with the provisions of our General Information Security Policy, with the commitment to carry out our operations in compliance with applicable laws and ethical business practices.

With this objective, we require our suppliers, representatives, contractors and other interested parties to comply with this Supplier Security Policy, and all applicable regulations in the locations where they carry out operations, and to take necessary measures to ensure that their representatives, contractors and suppliers do the same, by virtue of which suppliers and other interested parties must:

• Keep secrecy and confidentiality regarding all information accessed by reason of the goods or services provided, not to disclose said information and to maintain the agreement even after the contractual relationship has ended.
• Comply with the requirements of Law 25326 and train personnel in the protection of personal data privacy.
• Commit to complying with all legal requirements applicable to the protection of personal data, including the legislation applicable to all sites where services are provided.
• Appoint a security officer who will serve as an interlocutor for any security issues and who is responsible for ensuring compliance with the controls agreed between the parties.
• Ensure that personnel who have been discharged have had their access permissions revoked, both to the facilities and to the information systems.
• Manage the correct use of SIA assets for the intended purpose and take the control measures established to avoid damage or disclosure of information and unauthorized access.
• Establish guidelines for the connection and transmission of data, and where applicable, return access devices and identifications at the end of activities.
• Establish obligations in complying with the management of identifications and access credentials and the use of passwords.
• Establish as an obligation to know and follow the recommendations of emergency plans and response to the occurrence of information security incidents.
• Maintain a high level of physical security in their facilities, paying special attention to the protection of their employees, contractors, clients and assets.
• Authorize the entry of SIA personnel, contractors and/or their clients to carry out security audits in their facilities and/or access the verification of their current security procedures or controls.

Implement adequate controls to minimize risks in relation to their processes, including:

• I- Implementation of hiring processes.
• II- Implementation of processes for returning or destroying information once the provision of the service or the use of the same has been completed.
• III- Implementation of information security training plans.
• IV- Implementation of incident or non-compliance processing processes.
• V- Implementation of emergency and disaster recovery plans.

If it is concluded that a supplier or other interested party has committed a violation of this Policy, the necessary measures may be taken, including sanctions and even the suspension of the contractual relationship or its termination for breach of contract. If you have a complaint in relation to the principles of this Policy, you can submit it anonymously through the contact methods available on our website www.siainteractive.com