INFORMATION SECURITY POLICY

PLANet System Group LLC has been in existence since January 2008 and has been developing its own software products and providing consulting, development and maintenance services for software solutions ever since, across wide range of industries. We are recognized all over the world for our user-oriented approach, developed technologies for project management and software development, and some of our products have been used by clients for over 15 years. In the certification process for ISO 27001 PLANet System Group LLC enters to respond to client and market demands, with a focus on process standardization and software development teams.

In accordance with the business activities we perform, we strive to preserve the security of our users' information within the services we provide, protect the personal data of employees and clients, as well as preserve our intellectual property.

Applying the best practices in the field of information security, which is given in the ISO/IEC 27001 standard, we ensure the following:

• Maintaining the confidentiality, integrity and availability of all business information;
• Respect and fulfillment of legal requirements related to information security, protection of personal data, protection of intellectual property and other external and internal requirements to which we have committed ourselves;
• Protection of confidential information of clients, partners and business associates;
• Protection of copyright and confidential information related to intellectual property;
• Establishing a risk assessment methodology that contains criteria for assessing information security risks and that provides guidelines for dealing with those risks;
• Framework for setting information security goals;
• Creating a continuity plan for information security in emergency situations;
• Constant training and awareness raising of employees regarding information security;
• Records and research of real or possible violations of information security and
• Continuous improvement of the information security management system.

The information security policy is reviewed at regular intervals or as needed. The policy is communicated within the organization and is available to interested parties.

In Novi Sad, 01.02.2024.