INFORMATION SECURITY POLICY

Due to our activity in design, development and maintenance of tools for electronic invoicing processes, suppliers and customers, and reporting of immediate supply of information, in easyap we know that information is an asset with a high value for both our organization and our customers and therefore requires adequate protection and management in order to give continuity to our line of business and minimize possible damage caused by failures with respect to the integrity, availability and confidentiality of information.

Likewise, both the current legislation on personal data protection (RGPD and LOPDGDD), as well as ASLAM's commitment to our customers makes us especially sensitive to the processing of personal data to which we have access in the course of our business.

For all this easyap makes the following commitments:

  • The permanent will of easyap s ongoing commitment to Privacy Management and Information Security will be manifested through training and awareness programs that promote participative management in these areas, enabling staff skills to be used for the continuous improvement of the production process.
  • To guarantee the development of its activities within the applicable rules and regulations (in particular the RGPD and the LOPDGDDD), it will comply with the legislation, as well as with other requirements subscribed with its clients, including those related to Privacy and Information Security.
  • Comply with the requirements and continuously improve the effectiveness of the Privacy and Information Security Management System, through the implementation of measurement and monitoring systems of the solutions and developments carried out for our clients, as well as of Privacy and Information Security objectives.
  • Ensure business continuity by developing continuity plans in accordance with recognized methodologies.
  • Conduct and periodically review a risk analysis based on recognized methods that allow us to establish the level of privacy and information security and minimize risks through the development of specific policies, technical solutions and contractual agreements with specialized organizations.
  • The staff of easyap will carry out their work oriented to the achievement of the objectives set and in accordance, at all times, with the legal requirements.

As of October 1, 2023

Management

ELABORATED

Consultant

REVISED

Address

APPROVED

PSI management and responsible for the PSI

Name: Sara Mazorra

Date: 01/10/2023

Name: José Elosegui

Date: 01/10/2023

Name: Gonzalo Delgado

Date: 01/10/2023

DOCUMENT REVISION/MODIFICATION STATUS

No. edition

Date

Nature of the Review

0

01/06/2021

Initial edition

01

01/10/2023

Updating and compliance with ISO 27701

 

DOCUMENT REVISION/MODIFICATION STATUS

No. edition

Date

Nature of the Review

0

01/06/2021

Initial edition

01

01/10/2023

Updating and compliance with ISO 27701