Information security policy

In a technology environment in which the convergence of information technology and communication means provides companies with a new paradigm of productivity, it is very important for users of an enterprise information system to have a manual of best practices for achieving the goals of confidentiality, integrity, availability and legality of all managed information.

• Confidentiality: The information processed by ERREKA Group may only be acquainted by authorised persons, after prior identification, at a specified time and in a specified manner.

• Integrity: The information processed by ERREKA Group must be complete, accurate and valid.

• Availability: The information processed by ERREKA Group must be accessible to authorized legitimate users, while its availability must be guaranteed under any circumstances.

• Legality: ERREKA Group guarantees compliance with all applicable legal regulations and, in particular, compliance with the applicable regulations regarding the processing of personal data.

The general management of ERREKA Group assumes responsibility for supporting and promoting the implementation of organizational, technical and control measures necessary to comply with the safety guidelines described herein. ERREKA Group has therefore defined a set of internal rules that must be followed by all users of the information system.

This security policy must be maintained, updated and adapted to the company’s objectives and at the same time it must be in line with the organization’s strategic risk management. For this purpose, it will be revised at specified intervals or whenever significant changes occur in order to guarantee its suitability, adequacy and effectiveness. Likewise, a formally defined risk assessment procedure is established to manage the risks faced by ERREKA Group.

April 2024 / General Director