Quality and information security policy Information
ITSOFT, a company dedicated to custom software development and providing services related to Information Technology, has decided to implement a Quality and Information Security Management System based on ISO 9001 and ISO 27001 standards to enhance the service provided to its clients.
ITSOFT`s Address approaches the Information Quality and Security Management System as a way of organizing the company’s operations based on the basic pillars of service quality, customer satisfaction and information security, whose objective is to provide a quality service, preserve the confidentiality, integrity and availability of information, protect it from a wide range of threats and ensure the continuity of business lines, minimize damage and maximize the return on investment and business opportunities and continuous improvement.
To this end, ITSOFT`s Information Security and Quality Management System is based on:
- Quality and Information Security and its improvement are the responsibility of everyone in the company, starting from the top.
- The maximum levels of quality and information security are obtained by planning, executing, reviewing and improving the Management System in order to prevent possible errors.
- Establish and regularly review objectives and targets in line with the commitments made in this statement. For the effective application of these principles, the support of both the management team and the staff is absolutely necessary.
- Quality is oriented towards the satisfaction of all our customers through the commitment of the entire organization to meet their needs and requirements, as well as legal and regulatory requirements and those of the products themselves.
- Orientation towards Continuous Improvement of both the production processes and the efficiency of the Quality and Safety Management System in which preventing errors is a fundamental aspect.
- Commitment of the organization to periodically approve and re-evaluate our suppliers, under the criteria of certification/accreditation, probation, strategic, exclusivity and historical.
- Identify the organization’s risks, so that we establish a preventive approach.
- To dedicate maximum attention to technological evolution and to the possible improvements that new technologies may make available to us.
- The participation and collaboration of everyone is essential, so this Policy is disseminated to all company personnel for their knowledge and understanding.
- The protection of personal data and the privacy of individuals.
- Safeguarding of the organization’s records.
- Protection of intellectual property rights.
- Assignment of security responsibilities.
- Training and capacity building for information quality and security.
- Recording of security incidents.
- Business continuity management.
- The management of changes that may occur in the company, both in quality and safety aspects.
ITSOFT`s management, through the elaboration and implementation of this Quality and Information Security Management System, acquires the following commitments:
- To develop products and services in compliance with legislative requirements, identifying the legislation applicable to the lines of business developed by the organization and included in the scope of the Quality and Information Security Management System.
- Establishment and fulfillment of contractual requirements with stakeholders.
- Define quality and safety training requirements and provide the necessary training in this area to the parties involved, by establishing training plans.
- Prevention and detection of viruses and other malicious software, through the development of specific policies and the establishment of contractual agreements with specialized organizations.
- Business continuity management, developing continuity plans in accordance with internationally recognized methodologies.
- Establishment of consequences for violations of the security policy, which will be reflected in the contracts signed with stakeholders, suppliers and subcontractors.
- Act at all times within the strictest professional ethics.
This Policy provides the frame of reference for the continuous improvement of the Quality and Information Security Management System as well as to establish and review the objectives of the Management System, being communicated to the entire Organization through the documentation section of the organization’s ERP, its publication on information panels and its placement on the organization’s website, being reviewed annually for its adequacy and extraordinarily when special situations and/or substantial changes occur in the Quality and Information Security Management System, being available to the general public.
Board of Directors
Seville, May 29 of 2019