The General Information Security Policy established by AURA aims to protect the organization’s information assets, ensuring the authenticity, integrity, and availability of information for customers and service users. An Information Security Officer will be assigned and supported by each department to maintain and improve AURA’s Information Security Management System. All information assets will be identified and classified to establish the appropriate protection mechanisms, and controls will be defined and implemented to prevent unauthorized access and loss of integrity and ensure information availability as required. All contractors shall be responsible for protecting the information they access, and regular audits and controls shall be conducted to ensure compliance with information security policies and controls. Only authorized software will be permitted for use and it will be the responsibility of staff and contractors to report security incidents and misuse of resources. Violations of policies and controls will be logged, analyzed, and monitored. AURA will have a Business Continuity Plan to ensure continuity of operations in the event of unforeseen events or natural disasters, and specific policies and additional standards and procedures to support the corporate policy.