Information Security Policy and Service Management

The company  Asseco Spain SA  specializes in managed services for networks, communications, systems and IT security according to the requirements defined in the reference standards ISO 20001-1:2018, ISO 27001:2022, ISO 27017:2015, ISO 27018:2020, ISO-EN 22301:2020 and ENS Medium category, for which the Management establishes the following principles:

  • Ensure  the satisfaction of all our customers  by delivering our products according to specified requirements.
  • Ensure full  compliance with current legislation, regulations  , and any other standards to which  ASSECO  subscribes.
  • Ensure  Business Continuity  in your services.
  • Achieve a market leadership position through a strategy tailored to the organization’s purpose, based on the spirit  of continuous improvement of the information security management system and service quality.
  • Strengthen  staff training and awareness-raising to periodically update staff knowledge and standards.
  • Improve the  mutually beneficial relationship with our suppliers  and ensure they  meet the requirements  necessary to provide adequate service to our customers.
  • Maintain  fluid communication with both internal and external stakeholders.
  • Periodically establish service, security, and information continuity objectives and monitor them.
  • Ensure the confidentiality of data managed by ASSECO.
  • Ensure the  protection of personal data  in its activities as data controller and data processor.
  • Ensure the availability, integrity, confidentiality, authenticity, and traceability of information and information systems, as well as the resources necessary for the development of the integrated management system for both the services offered to clients and internal management.
  • Ensure emergency response capacity, restoring critical services to operation as quickly as possible.
  • Avoid improper alterations to information.
  • Communicate the importance of effective service management.
  • Maintain the level of service offered to our customers and ensure its continuity.
  • Ensure compliance with and awareness of this policy throughout the organization.

For cloud services, additionally:

  • The basic security requirements applicable to the design and implementation of the service will be identified.
  • Risks from authorized internal personnel will be taken into account.
  • Multi-client services and client isolation (including virtualization) will be secured.
  • Access to client assets by own personnel will be controlled.
  • Strong authentication will be implemented for administrator users.
  • Customers will be informed of the location of the CPDs and, upon request, of any changes to the infrastructure.
  • Security will be implemented throughout the virtualization process, and certified tools will be used.
  • Both customer access and information will be protected.
  • Customer accounts will be managed throughout their entire lifecycle.
  • Security breaches will be reported to vendors, partners, and specialized agencies (CERTs), and information will be shared to assist in cyberincident investigations.
  • It is ASSECO’s policy to implement, maintain and monitor the Integrated Management System.

A culture of service and customer service are the reasons for our company’s existence. Our business policy is based on respect and dedication, with the sole objective of honoring the trust our customers place in us by offering them only the highest quality solutions.

The Management

Madrid, January 13, 2025.