Software i Automatismes Morvedre S.L. (in ahead SiAM) considers information an essential asset for the activities it develops and therefore should be protected. It is for this reason that, through this policy, the guidelines and basic principles of information security, understanding therefore all those factors associates to the protection of it, such as the systems that process and store it, the infrastructure of support who provides service, the facilities where they are located and the people who perform a treatment on they; regarding any threat that may affect the integrity, availability and / or confidentiality of the information.

Objectives of Information Security

To promote information security in all areas of the organization, SiAM establishes the following general objectives:

To achieve these objectives, SiAM will promote adapted and updated initiatives, within a framework of continuous improvement, to the legal, strategic and contractual needs of the organization, the expectations of interested parties, and the results of the assessment and treatment of risk in information security matters.

Likewise, the Management undertakes to promote these initiatives, granting the necessary resources and carrying out the due follow-up for its achievement.

Normative Framework?

SiAM acquires a firm commitment to the legal frameworks that regulate the activity of the organization regarding information security, both nationally and internationally.

This policy will be developed by the SiAM security document system, this being accessible and mandatory for all members of the organization and third parties with access or potential access to information, to provide services to it, to the extent that their work requires it.

Organization and Security Management

The maintenance and management of information security requires the establishment of a committed and trained organizational structure, by defining activities and responsibilities in the area of ‚Äč‚Äčinformation security management.

In order to form this structure, the SiAM Management, as the ultimate responsible for the information, appoints an Information Security Committee responsible for aligning all the activities of character organization's strategy in matters of internal security. Its main activities will deal with regarding the protection of the organization's assets, the management and acceptance of risks, and the supervision and approval of the documentary body that develops the security processes emanating from the present policy.

Likewise, this committee will be in charge of promoting safety in the organization, dealing with any deviation and exception that occurs, encouraging the participation of all users, and proposing the assignment of functions and responsibilities in the matter.

The Safety Committee will be led by the Safety Officer, as a representative of the Safety Committee. Information Security, guarantor that the information security management is in accordance with the applicable requirements and to inform the Management on the aspects that concern the security of the information.

Safety Principles

Both the management and maintenance of the information security of SiAM is based on the following basic principles, which form the core of the strategies for a correct decision-making decisions regarding information security:

August 2020