Information security and quality policy

SICOMORO INTEGRAL SERVICES, S.L. (hereinafter SICOMORO) is a company in the Information and Communication Technologies sector, dedicated to the marketing, development, start-up and maintenance of software solutions, as well as management and call center services. for the sale of tickets and access controls aimed at cultural and leisure centers, in accordance with the current declaration of applicability.

Our vision is described as a company that performs these services in a reliable, secure, solid, flexible and profitable way, with a management that anticipates and adapts to change, learns from experience and constantly innovates, meeting the needs and expectations of customers. and other relevant stakeholders.

We define some VALUES to share, which always take into account key aspects in the management of information security, which allow us to develop a company culture, a way of working and making decisions in our organization:

Our specialization and continuous updating.
Ensure that information security and respect for personal data are a constant.
Preserving the confidentiality of the information and avoiding its disclosure and access by unauthorized persons.
Maintaining the integrity of the information ensuring its accuracy and avoiding its deterioration.
Ensuring the availability of information in all media and whenever necessary.
The Management especially values ​​and establishes as the main criterion for estimating its risks the assessment of the Confidentiality, Integrity, Availability, Authenticity and Traceability of its information and even more so that of its clients.

Thus, SICOMORO undertakes to develop, implement and maintain its Quality Management System (QMS) and Information Security (SGSI) with the aim of continuous improvement in the way we provide our services and in the way we we treat the information of our clients and our organization. Therefore, it is SICOMORO’s policy that:

Objectives are established annually in relation to Quality and Information Security.
Business, legal or regulatory requirements, contractual obligations and other customer requirements are met.
Training and awareness activities are carried out in terms of Quality and Information Security processes for all personnel and the necessary means are established to guarantee the continuity of the company’s business.
There is a promotion and commitment to continuous improvement.
A risk and opportunity analysis process is developed on information assets and processes.
Treatment plans and corresponding controls are established to mitigate the risks detected.
The responsibility of employees is established in relation to: o reporting security violations, o preserving the confidentiality, integrity and availability of information assets in compliance with this policy o and complying with the policies and procedures inherent in the Information Management System Information Quality and Security.
The Quality and Safety Manager is directly responsible for maintaining this policy, providing advice and guidance for its implementation.
SICOMORO carries out a continuous evaluation of suppliers, where: A breach of the requirements established for the supply, can directly lead to its evaluation as a Non-Approved supplier.