Integrated Management System Policy
Asseco Spain, S.A., a company specialising in managed services for Networks, Communications, Systems and Information Security, establishes this Integrated Management System Policy in accordance with the requirements of the ISO 20000-1 (Service Management), ISO 27001 (Information Security), ISO 22301 (Business Continuity) standards and Royal Decree 311/2022 regulating the National Security Scheme. in its High category.
The Management assumes leadership and commitment to the implementation, maintenance and continuous improvement of the Integrated Management System, guaranteeing the availability of the necessary resources and promoting an organizational culture oriented towards service, safety, resilience and customer satisfaction.
Within this framework, Asseco Spain, S.A. undertakes to:
- Ensure quality and efficiency in the provision of services, ensuring compliance with service level agreements, contractual requirements and customer expectations.
- Protect information and information systems, guaranteeing their confidentiality, integrity, availability, authenticity and traceability, both in the services provided and in the internal processes of the organization.
- To ensure the protection of personal data, acting in accordance with current data protection regulations, both in its capacity as controller and data processor.
- Manage risks that may affect information security, continuity of services and compliance with legal, contractual and regulatory requirements, applying security measures in accordance with the level of risk and the requirements of the National Security Scheme in the High category.
- Ensure compliance with applicable legislation, regulatory, contractual and normative requirements, as well as the obligations arising from Royal Decree 311/2022 and the CCN-STIC guidelines applicable to the organisation.
- Ensure business continuity and operational resilience of critical services, establishing continuity plans, disaster recovery plans and response procedures for security incidents and emergency situations, with the aim of restoring services within the agreed times.
- Prevent information security incidents, undue alterations, unauthorized access, loss of information and any improper use of information assets, through the application of appropriate technical, organizational and procedural controls.
- Promote the continuous improvement of the Integrated Management System, periodically evaluating its performance through indicators, internal audits, reviews by the Management and the analysis of incidents, non-conformities and opportunities for improvement.
- Promote the training, training and continuous awareness of personnel in terms of service management, information security, business continuity and regulatory compliance, ensuring that all personnel know and apply the requirements of the Integrated Management System.
- Maintain effective and fluid communication with internal and external stakeholders, ensuring the proper management of relevant information for the provision of services and information security.
- Responsibly manage the relationship with suppliers and third parties, ensuring that the outsourced services comply with the applicable quality, information security, business continuity and National Security Scheme requirements.
- Establish and periodically review service quality, information security and business continuity objectives, aligned with the organization’s strategy, monitoring them to ensure compliance.
- Ensure that this policy is communicated, understood, applied and maintained at all levels of the organization, and is available to relevant stakeholders.
The culture of service, customer orientation, information security and operational resilience are the fundamental pillars of Asseco Spain, S.A., which focuses its activity on offering high-value, reliable and secure solutions, based on service excellence, regulatory compliance and continuous improvement.
THE ADDRESS Date:05/02/2026
