Information security policy

At Hrider we recognize that information is a critical asset for the success of our business, as well as that of our clients. We are firmly committed to protecting the confidentiality, integrity, availability, traceability and authenticity of all the information we manage, including source code, customer data, intellectual property, financial information and personal data.

This Policy establishes the fundamental principles that guide our Information Security Management System (ISMS), in accordance with the requirements of the ISO 27001 standard and applicable legislation, including the General Data Protection Regulation (GDPR) and the Organic Law on Personal Data Protection and guarantee of digital rights (LOPDGDD).

Our ISMS covers all information systems, processes, personnel, infrastructure and related assets involved in the design, development, implementation, maintenance and support of our software solutions, as well as in the provision of associated services to our clients. This includes, but is not limited to, the management of development projects, production and testing environments, code management tools, data repositories and communications with clients and suppliers. All of this, according to the current Statement of Applicability.

The organization has made the commitment to maintain an Information Security Management System based on the requirements of the UNE-EN-ISO 27001 standard, in a way that allows the achievement of the objectives and goals established, in accordance with the guidelines of this policy. One of our main objectives is to ensure that the IT services provided by the organization comply with the quality and security requirements established in the reference standards. This policy defines the responsibilities, controls and measures to protect information security and ensure the continuity and improvement of IT service management.

In accordance with these principles, Hrider assumes:

• Continuous improvement: Establish improvement objectives periodically, and carry out systematic audits, both internal and external, that verify the compliance and effectiveness of our Integrated Management System.
• Guarantee the confidentiality, integrity, availability, traceability and authenticity of the data, information and/or communications managed by our company.
• Legality: Commitment to carry out periodic evaluations of legal compliance in order to meet all necessary legal requirements and others signed by the company.
• Objectives: Develop, implement and keep updated the procedures, records and documents of all our activities, in order to guarantee the control and continuous improvement of the performance of the processes.

To achieve these objectives, Hrider will provide all the necessary resources and training, to facilitate that all its personnel, whether on staff or contracted, achieve excellence in their work.

The policy expressed in this document will be provided to any interested party who requests it.