Information Security Policy

The Management of DALLONSES approaches the Information Security Management System as a way of organising the company's operations based on information security criteria in accordance with the requirements of the ISO-IEC 27001:2022 standard to guarantee the continuity of information systems, minimise the risks of damage, and ensure compliance with the established objective, which is none other than the necessary framework of action to protect information resources against threats, whether internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity, and availability of information. Likewise, all necessary measures will be implemented to comply with applicable security regulations, relating to policies, building and facility security, and the behaviour of employees and third parties associated with DALLONSES in the use of information systems. To this end, DALLONSES has:

• Adequate human resources
• Necessary technical resources
• Secure facilities
• Proven experience in outsourcing solutions management
• Technical and control tools

Our vision is that the best result is achieved by joining forces with our clients, working closely with their teams, and establishing solutions that fit their business objectives, seeking the best solutions to improve productivity and cost savings. The achievement, maintenance, and improvement of the level of security desired by the company can only be accomplished with the commitment and participation of all personnel, and the use of their creative potential and skills.

The Management of DALLONSES establishes the following as base objectives, starting point, and support for information security objectives and principles:

• Information security is obtained by planning, executing, reviewing, and improving the Management System to prevent possible errors.
• Risk treatment planning, to ensure the availability, integrity, and confidentiality of information, linked to the provision of services.
• Integration of information security risks in the planning of new processes and in the modification of existing ones.
• Both the Management and the personnel of DALLONSES are committed to complying with the legal and regulatory requirements applicable to them, including: the protection of personal data and the privacy of individuals, and the protection of intellectual property rights.
• Only by continuously improving processes, methods, services, etc., can greater internal efficiency be guaranteed, a better response to client companies' expectations, and therefore, improved satisfaction.
• DALLONSES personnel, regardless of their functions and responsibilities, must analyse the data at their disposal regarding the activities they carry out in search of improvement opportunities.
• For this reason, continuous improvement must be a permanent objective for everyone, and referred to all activities carried out at DALLONSES.

The participation and collaboration of all parties involved is required, which is why this Policy is disseminated to all company personnel for their knowledge and understanding, as well as to the relevant interested parties for the organisation.

For the effective application of these principles, the support of both the management team and the staff is absolutely necessary.