1. INFORMATION SECURITY POLICY

The Information Security Policy, also referred to as PSI, consists of a document that establishes and guides the corporate guidelines of Route and its partner companies that aim to protect information assets, physical and logical, efficiently and effectively, in a safe way. and transparent, guaranteeing the availability, integrity and confidentiality, operational and contractual requirements and confidentiality of the information contained therein, in line with the legal requirements and requirements of the Regulatory Bodies according to the business. The principles of Route Information Security and its member companies basically cover the following aspects: § Integrity: Ensure the preservation, consistency and reliability of company information and systems. Making sure that no outside interference can corrupt, compromise or damage them. § Confidentiality: Ensuring the protection of information in confidence and protection against unauthorized disclosure. § Availability: Ensuring that information will be accessible for access at the necessary time, is characteristic of the efficiency of the system. Based on this basis and considering the provisions of its Strategic Planning, Route decides to implement a S.G.S.I – Information Security Management System, whose structure and guidelines are expressed in this document.

2. OBJECTIVES OF THE INFORMATION SECURITY POLICY

Establish corporate guidelines for Route and its partner companies to commit to protecting information owned by it, its partners, in its custody or in the custody of its partners. Provide necessary guidance to ensure that information receives an adequate level of protection, outlining the responsibilities of each employee and service provider for the correct classification, handling, reproduction, storage, disclosure, disposal and disposition of information owned by Route in accordance with its degree of secrecy, contemplating the information cycle, from its creation, handling, transmission, transport and disposal.

Declaramos que a presente é cópia fiel da Política Corporativa de Segurança da Informação, aprovada na Reunião Extraordinária do Conselho de Administração de 29.04.2022.