Information Security Policy of SGS Digicomply

SGS Digicomply is committed to protecting the information of our customers, partners, and employees. We have implemented a robust Information Security Management System (ISMS) that aligns with international standards, ensuring confidentiality, integrity, and availability of all data processed through our platform. Our policies, processes, and controls are regularly reviewed and updated to manage risks effectively and maintain compliance with legal and customer requirements.

As a Software-as-a-Service (SaaS) solution, SGS Digicomply delivers intelligence through secure web applications, APIs, and email plugins. By continuously monitoring the compliance landscape, we provide actionable insights in real time, helping customers respond to risks promptly while maintaining the highest standards of information security.

The management of SGS Digicomply recognizes the critical importance of information security. Therefore, we have implemented an Information Security Management System (ISMS) to protect our information assets and those of our partners and customers.

This policy applies to:

• All employees, contractors, suppliers, and partners with access to our information systems or data.

• All information systems, applications, devices, and communication channels used to deliver our services.

• All forms of information, including digital, paper, and verbal.

Our Information Security Management System is designed, implemented and operated to achieve the following objectives:

• Comply with legal requirements for information protection (e.g., GDPR and other relevant regulations).

• Meet customer information security requirements.

• Provide training to all employees, suppliers, and partners on information security.

• Identify and minimize risks within our supply chain.

• Protect data from unauthorized access, modification, or loss through policies, processes, and controls that are regularly audited.

• Improve ISMS effectiveness through continuous monitoring, risk reassessment, and management of security events.

• Implement corrective and preventive actions and continuously enhance the system.

SGS Digicomply safety policies and requirements are outlined in internal regulations. Our policy is guided by three fundamental information security principles:

• Confidentiality: We prevent unauthorized disclosure of internal information (company data, employee data) and external information (customers, suppliers or partner data).
  

• Availability: Authorized personnel have access to the information they need to perform their duties, while ensuring data is used appropriately.

• Integrity: Information is protected from corruption, loss, or unauthorized alteration. We manage the lifecycle of information from creation, transmission, and use to secure disposal.

• Management defines strategy and ensures resources for the ISMS. 
  

• Security Team implements security measures, monitors systems, and coordinates incident 
  response. 
  

• Employees  and  Suppliers  –  comply  with  security  policies  and promptly  report  suspicious activities.

We maintain a formal process for identifying, reporting, and resolving security incidents. Incidents are documented, analyzed, and used to prevent recurrence. Where legally required, incidents are reported to authorities and affected parties within the prescribed timelines.

All employees receive information security training during onboarding and regular refresher sessions. This ensures that all personnel have the knowledge and skills necessary to protect the information they handle.

The policy is reviewed and updated annually. Risks, processes, and controls are continuously assessed and improved based on internal audits, changes in regulations, and technological developments.

For questions or to report security concerns, please contact: security@digicomply.com

Issued in Geneva on 15th August 2025.
Aymeric Riverieulx
Head of SGS Digicomply