The Management of VASAVA approaches the Quality and Information Security Management System as a way of organizing the company’s operations based on key pillars such as service quality, customer satisfaction, incident and emergency management, continuous improvement of the system’s effectiveness, and the information security of its services. The aim is to ensure the continuity of information systems, minimize the risk of harm, and achieve the established objective, which is to define the necessary framework to protect information resources against internal or external, intentional or accidental threats, in order to ensure the confidentiality, integrity, and availability of information.
Likewise, all necessary measures will be implemented to comply with applicable security regulations, including policies related to building and facility security, as well as the behavior of staff and third parties associated with VASAVA in the use of information systems.
To this end, the Quality and Information Security Management System of VASAVA is based on the following principles:
• Quality, information security, and their improvement are the responsibility of all members of the organization, starting from top management, making use of their creative potential and skills.
• The highest level of quality and information security is achieved by planning, implementing, reviewing, and continuously improving the Management System in order to prevent potential errors. This commitment must be achieved through an understanding of the impact that individual contributions, information, communication, and leadership at all levels of the organization have on the quality of the service provided.
• Compliance with applicable information security legislation and regulations, as well as any other requirements subscribed to by the company.
• Both Management and the staff of VASAVA commit to complying with applicable legal and regulatory requirements, including the protection of personal data and privacy, as well as intellectual property rights.
• Establishing and regularly reviewing objectives and targets aligned with the commitments set out in this statement. For the effective application of these principles, the support of both management and staff is essential.
• Commitment to customer satisfaction through the organization’s commitment to meeting customer needs and requirements, as well as applicable legal, regulatory, and service-specific requirements.
• Focus on continuous improvement of both operational processes and the effectiveness of the Quality and Information Security Management System, where error prevention is a fundamental aspect.
• Paying maximum attention to technological developments and potential improvements offered by new technologies.
• Planning the treatment of risks to ensure the availability, integrity, and confidentiality of information related to service delivery.
• Integration of information security risks into the planning of new processes and the modification of existing ones.
• All personnel of VASAVA, regardless of their role and responsibilities, must analyze the data available to them regarding their activities in order to identify improvement opportunities.
For the effective application of these principles, the support of both management and staff is essential. Participation and collaboration of all involved parties is required; therefore, this Policy is communicated to all company personnel for their awareness and understanding, as well as to relevant interested parties.
Management will periodically review this Policy in order to promote continuous improvement and ensure its ongoing updating.