Information security policy

ADVISORY Y TECH, S.L. has as one of its objectives to try to safeguard the security of information, whether personal or not, and for this purpose establishes a system of information security in order to ensure the reduction of risks associated with it and cybersecurity, that the information is accessible only by those users who have a legitimate need to perform their functions, that it is protected, available and used for the purposes for which it was obtained. For this purpose ADVISORY Y TECH, S.L. defines the following strategic objectives:

• Minimize the risks of loss of confidentiality, integrity and availability of the information received, generated, processed and stored by ADVISORY Y TECH, S.L.
• Support the areas of the company in securing the information assets that support business operations and information with personal data.
• Raise employee awareness of information security in the performance of their duties.
• Maintain an Information Security and Cybersecurity program that supports the organization's strategic objectives and new business projects.
• Compliance with legal requirements, commitments acquired with customers and suppliers and all regulations, internal standards or guidelines to which the company is subject.
• Continuously improve the Information Security system.
• Promote information security awareness and training.
• Ensure the capacity to respond to emergency situations, reestablishing
  the operation of critical services in the shortest possible time.

The Information Security Policy concerns all users and must be applied to all information created, processed or used by ADVISORY Y TECH, S.L., regardless of the medium, format, presentation or place where it is located. All the security measures adopted are aimed at protecting the information and the information systems that support it, including applications, operating system resources, telecommunications networks and media, and computer equipment, whether they are managed by ADVISORY Y TECH, S.L or by those companies or personnel expressly authorized for this purpose, such as those who have signed a contract for the provision of services or the processing of data with ADVISORY Y TECH, S.L or legally authorized assignees. The Information Security and Cybersecurity Policy is focused on trying to ensure the following three major scenarios:

• Confidentiality compliance, which implies that critical, sensitive, private or personal information managed by the organization is not stolen or accessed by unauthorized persons.
• Minimize the impact on availability, where services provided by the organization are inaccessible or unusable.
• Ensure the integrity of information systems, avoiding the corruption of data or systems of the organization that affect the accuracy or integrity of information and processing, and that could also affect the availability of services.

The Information Security Policy will be developed through security regulations that address specific aspects and will be reviewed at least once a year and whenever there are relevant changes in the organization, in order to ensure that it is appropriate to the strategy and needs of the organization itself. This policy is applied in all ADVISORY Y TECH, S.L. work centers, being implemented in a framework of Information Security in accordance with ISO 27001:2013.