1. The management of Rare Crew s.r.o. commits to meet the requirements of the ISO/IEC 27001:2022 standard, to develop, implement, and maintain an effective Information Security Management System (ISMS) at all management levels throughout the company, which will be in accordance with internationally recognized standards.

2. The company's management, under the authority of the CEO, is responsible for preparing employees through education to understand the significance of the Information Security Policy within the organization.

3. The management of Rare Crew s.r.o. is also responsible for continuously evaluating the functionality and effectiveness of the ISMS, adopting objectives and policies related to information security.

4. The company's management is also responsible for adopting adequate measures. It establishes the criteria by which risk will be assessed and defines the structure for risk assessment.

5. The company achieves this goal through effective, productive, and stable operations in compliance with the legal regulations of the Slovak Republic, the EU, and standards, and by continually improving its processes and applying the principle of prevention and prophylaxis.

6. Under the term information security, we understand the process of ensuring the protection of information at the necessary level in terms of its confidentiality, integrity, and availability.

7. To secure our business objectives and activities, or to meet legislative requirements, we create, process, and maintain information of various natures that require security protection.

8. Relevant provisions, procedures, and responsibilities for ISMS processes will be stated in the documented procedures of Rare Crew s.r.o.

9. The Information Security Policy is mandatory for all employees. All company managers are required to enforce and implement this policy in practice and to take effective measures in processing and implementing the ISMS.

Approved by the CEO