In order to fulfill our mission of being at the forefront to simplify the complex, add value to our environment, transform the legal industry and leave a lasting legacy and with the aim of properly managing the risks to which the information is exposed in the development of its operations, Brigard Urrutia y Brigard Castro has adopted an Information Security and Privacy Management System designed to guarantee confidentiality, integrity, availability and privacy of its clients' and the firm's information. Therefore, following a process of constant evolution, is committed with:

1. Preserving the confidentiality, integrity, availability and privacy of information as an asset of strategic value for the provision of service and efficient decision making.
2. Protect information and its processing facilities as part of a strategy aimed at risk management, business continuity and the consolidation of a culture of information security and privacy.
3. Identify and minimize the risks to which the information is exposed, in order to ensure compliance with legal, contractual, regulatory and business requirements in force and thus improve competitiveness in the market and maximize profitability to ensure self-sustainability and growth of the Firm.
4. Implement and maintain as part of the development of the Information Security and Privacy Management System, training, education and awareness programs and plans in order to contribute to minimize the probability of occurrence and eventual impact of information security and privacy incidents.
5. Take care and give the appropriate treatment to the personal data contained in the databases under the responsibility of the Firm, in accordance with the provisions of Law 1581 of 2012 and ISO 27701.
6. Ensure continuous improvement and expected security and privacy performance in the Firm's processes.

This Policy must be complied with by all Brigard Urrutia employees, suppliers and contractors. Failure to comply with it is considered an information security incident and a violation of the Internal Work Regulations, and must be dealt with in accordance with the Firm's procedures and policies in this respect. 

- Last version approved by the Information Security and Privacy Working Group on November 28, 2023.