Security policy

BALDER Business Intelligence SA’s policy is to have an information security management system adapted to the current technological environment, considering that information is an essential asset for the
efficient provision of our services and decision making, which is why there is an explicit commitment to protecting information in general as part of a strategy focused on business continuity, risk management
and the consolidation of a culture of security.

To this end, BALDER Business Intelligence S.A. makes the following commitments:
 Define, implement and maintain an information security management system based on the ISO 27001 standard, the basic elements of which are developed in the application procedures. All this in order to continuously improve the effectiveness and efficiency of the organization, through the
consideration of stakeholders and the achievement of information security objectives.
 Provide the Company with the human and technical resources necessary to provide information.
 Create an information security committee, which will be responsible for the maintenance, review and improvement of the company’s information security management system.
 Ensure that the information security management system is subject to continuous review, through quality internal audits, which enable critical review and facilitate improvement of the system, and that management conducts a regular review.
 Create an emergency plan to ensure the continuity of operations in the event of unforeseen events that could affect information security.
 Ensure that appropriate measures are taken to ensure information security.
 Inform and train staff on the need:
 Obligation of confidentiality and secrecy to be respected with regard to the information to which he has access by virtue of his functions within the organization.
 Access to information by confidential and non-transferable password.
 Report any incident in the information security system.
 Use of resources provided by the company for purposes exclusively related to the activity of the organization.
 Respect at all times the legislation in force applicable to our activity. By respecting these commitments, BALDER Business Intelligence S.A. guarantees the achievement of the following general objectives:
 Avoiding, transferring, assuming or reducing risks by setting up and monitoring controls on them, until they reach a level that is bearable by our organization. Thus, if an impact occurs, damage is minimized and business continuity is ensured.
 Achieve cost savings by rationalizing resources. Elimination of unnecessary and inefficient investments, such as those that overlook or overestimate risks.
 Security is seen as a system and becomes a management activity.
 Ensure compliance with current legislation and avoid unnecessary risks and costs.
 Have control of:
– external access to systems that host applications available to customers (publicly available) to prevent access to unauthorized or crossed data.
– the possible effects on the system.
– availability of public services and systems.
 The information security management system will help to improve the competitiveness of the organization by differentiating it from other companies in the sector, improving the image and confidence of our company among potential customers, customers and suppliers, strengthening thus the prestige of the company at national and international levels.
 To achieve these objectives, Management takes the necessary measures to ensure that its information security system:
– is disseminated in all areas of the Company.
– is included.
– is applied.
– is reviewed and updated.
 The General Management declares that the requirements contained in the documentation constituting the information security management system are met.