Management system policy

Proximity, service quality and results orientation are our hallmarks, which is why, aware of the importance of information security, and in line with the path that marks our own identity, Samoby has promoted the establishment of an Information Security Management System in accordance with the requirements of the ISO 27001 standard in order to identify, evaluate and minimize the risks to which your information and that of your clients is exposed, as well as guarantee compliance with the established objectives.

The main objective of this Security Policy is to establish a model of action that allows us to develop a company culture, a way of working and making decisions at Samoby, as well as ensuring that information security and respect for personal data be a constant:

  • Preserving the confidentiality of our clients’ information, preventing its disclosure and access by unauthorized persons.
  • Maintaining the integrity of our clients’ information, ensuring its accuracy and preventing its deterioration.
  • Ensuring the availability of our clients’ information, in all media and whenever necessary.

The Management, for its part, especially values and establishes as the main criterion for estimating its risks the assessment of the availability and confidentiality of its information and even more so that of its clients. Thus, it undertakes to develop, implement, maintain and continuously improve its Information Security Management System (ISMS) with the aim of continuous improvement in the way in which we provide our services and in the way in which we treat the information of our clients. Therefore, it is Samoby‘s policy that:

  • Objectives are established annually in relation to Information Security.
  • Compliance with legal, contractual and business requirements.
  • Training and awareness activities regarding Information Security processes are carried out for all staff.
  • A process of analysis, management and treatment of risk on information assets is developed.
  • The control objectives and the corresponding controls are established to mitigate the risks detected.
  • The responsibility of employees is established in relation to:
    • Report security violations
    • Preserve the confidentiality, integrity and availability of information assets in compliance with this policy
    • Comply with the policies and procedures inherent to the Information Security Management System.

The Security Manager will be directly responsible for maintaining this policy, providing advice and guidance for its implementation and corrections in the event of deviations in compliance.

This information security policy will always be aligned with the general policies of the company.

May 20th, 2022

Enrique Borras