Information Security General Policy

The Management of Software Greenhouse S.A. defines through this Security Policy its commitment to the implementation and maintenance of an Information Security Management System (ISMS), based on the requirements of the ISO/IEC 27001:2022 standard, whose objective is to protect information assets, as well as those of our Clients.

 

The scope of the ISMS includes the information systems managed by the company and the IT providers that support its corporate Information and Communication Technology (ICT) services.

 

  • Management acknowledges the need to ensure at all times the following specific objectives within the ISMS,
  • Availability: To ensure that authorized users have access to information and to the processes, systems, and networks that support it, when required.
  • Integrity: To preserve the accuracy and completeness of information and its processing methods.
  • Confidentiality: To ensure that information is accessible only to those who have the appropriate authorization.

All of this serves as a means to ensure the proper performance of the design, development, distribution, installation, management, and maintenance of Software Greenhouse’s IT products and services, faced with potential threats that may arise internally, externally, deliberately, or accidentally.

The principles governing the ISMS are as follows:

  • Achieving the satisfaction and trust of our clients by protecting the information entrusted to us for the development of different products.
  • Effective management and control of the processes that include the activities within scope, as well as the analysis and management of existing risks.
  • Compliance with applicable legislation regarding data protection, intellectual property, labor law, information society services, criminal law, etc., that affects the company’s own assets and/or those of its clients.
  • Continuous improvement of security processes, procedures, and services through the establishment of objectives related to Information Security.
  • Ensuring the confidentiality, availability, and integrity of information derived from the company’s activities.
  • Effective assignment of functions, resources, and responsibilities.
  • Adapting the company to the economic and technological evolution of markets.
  • Assessing the risks affecting assets in order to adopt appropriate security measures/controls.
  • Protecting assets through controls/measures against threats that may result in security incidents.
  • Awareness, training, and motivation of personnel regarding the importance, development, and implementation of an ISMS, as well as their involvement in meeting customer expectations and protecting information.
  • Establishing the necessary means to ensure that the continuity of the company’s business is maintained on a permanent basis.

Finally, Management expresses its awareness and approval of the policies and principles developed in this document, so that all company personnel must be aware of them and assume them as part of their job responsibilities. To make this possible, the necessary resources will be allocated to ensure proper development of what is established herein, both at the start of the project and during its future maintenance.

 

Date: 14/02/25

Management of Software Greenhouse