Security policy

VOID SISTEMAS SL, as a company dedicated to providing development and innovation services for communication control and management systems, openly states its intention to offer competitive services to all its clients; For this reason, it has implemented within the organization an Information Security Management System based on ISO 27001:2022 and RD 311:2022 (ENS), in addition to a System based on business continuity following the ISO 22301:2020 standard, whose main purpose is to achieve the business objectives and the satisfaction of its customers, guaranteeing at all times the security of the information through established protocols and based on a process of continuous improvement, guaranteeing the continuity of the information systems minimizing the risks of damage and ensuring compliance with the objectives set to ensure at all times the confidentiality, integrity and availability of information.

To guarantee that business continuity management is aligned with the changing needs of VOID SISTEMAS, the continuity plans will be tested regularly, they will be reviewed continuously and audited regularly and complemented with a risk analysis evaluating the impacts and objectives of business for the prevention and definition of recovery levels thereof, prioritizing Business Continuity in the critical activities of:

“Provision of development and innovation services for communication control and management systems”.

To this end, it assumes its commitment to information security and business continuity according to the standards mentioned above and for which the Management Committee establishes the following principles:

⮚ Competence and leadership on the part of the Management as a commitment to develop the Information Security Management System.
⮚ Determine the internal and external interested parties that are relevant to the Information Security Management System and meet their requirements.
⮚ Understand the context of the organization and determine its opportunities and risks regarding information security as a basis for planning actions to address, assume or treat them.
⮚ Ensure the satisfaction of our customers, including the parties interested in the results of the company, in everything related to the performance of our activities and their impact on society.
⮚ Establish objectives and goals focused on the evaluation of performance in Information Security, as well as the continuous improvement in our activities, regulated in the Management System that develops this policy.
⮚ Compliance with the requirements of the applicable legislation and regulations to our activity, the commitments acquired with clients and interested parties and all those internal regulations or action guidelines to which the company is subject.
⮚ Ensure the confidentiality, integrity, availability, authenticity and traceability of the data and information managed by the company, both in the services offered to customers and in internal management, avoiding undue alterations in the information.
⮚ Ensure the capacity to respond to emergency situations, restoring the operation of critical services in the shortest possible time and applying a business continuity plan.
⮚ Provide a framework to increase the resistance capacity or resilience of VOID SYSTEMS to give an effective response.
⮚ Ensure the rapid and efficient recovery of essential operations in the face of any physical disaster that could occur in your facilities or another incident that puts the continuity of operations at risk.
⮚ Preserve the interests of your main stakeholders (customers, employees and suppliers), reputation, brand and value creation activities.
⮚ Establish the appropriate measures for the treatment of risks derived from the identification and evaluation of assets.
⮚ Motivate and train all personnel working in the Organization, both for the correct performance of their job and to act in accordance with the requirements imposed by the Reference Standard, providing an adequate environment for the operation of the processes.
⮚ Maintenance of fluid communication both internally, between the different departments of the company, and with clients.
⮚ Evaluate and guarantee the technical competence of the personnel for the performance of their functions, as well as ensure their adequate motivation for their participation in the continuous improvement of our processes.
⮚ Guarantee the correct state of the facilities and the adequate equipment, in such a way that they are in correspondence with the activity, objectives and goals of the company
⮚ Guarantee a continuous analysis of all the relevant processes, establishing the pertinent improvements in each case, based on the results obtained and the established objectives.
⮚ Prevent information security incidents to the extent that it is technically and economically feasible, as well as mitigate the information security risks generated by our activities.

These principles are assumed by the Management Committee, which has the necessary means and provides its employees with sufficient resources for compliance, embodying them and making them public through this Information Security Policy.

Date: December 12, 2023