The Aciturri Group considers that it is essential to guarantee the security of information in all its aspects (integrity, confidentiality, availability, etc.) as well as the security of processes, infrastructures, people and other resources that participate in the provision of information services. the company. With the aim of being a benchmark company model in its sector, it must adequately manage corporate security: protecting these elements from possible threats, minimizing their risks and guaranteeing the continuity of their business processes. In the current context, the protection of corporate information and the elements that process it is especially relevant. These assets are critical to the organization, so they must be kept reasonably safe from any threat that might put them at risk. The security of the information must be guaranteed taking into account at all times the corresponding legal, organizational and technical principles.

 

Therefore, protecting information and maintaining its security becomes a global objective that must be marked as their own by each and every one of the members of the company. In this way, each and every one of us must know and comply with the information security policy, the procedures, regulations, standards and recommendations that implement it.

To this end, the following basic principles of the Aciturri Group Security Policy are established:

• Comply with the legal and contractual requirements applicable to the development of their functions in the organization. Especially and for the purposes of this policy, in matters related to the protection of personal data and corporate information, as well as the continuity of business processes.

• Restrict the use of both the information itself and the systems that process it and that are owned by the Aciturri Group, to those tasks necessary for the proper performance of the work of each employee. Therefore, the use of any asset for private benefit is not allowed.

• Maintain secrecy regarding company information and not disclose it to third parties. As an exception, it will be possible to communicate it in those cases that are essential for business reasons, and always under the relevant security measures.

• Create and maintain an Information Security Management System, which includes the policies, regulations, procedures and guidelines necessary to transfer security requirements to the different areas of the organization in order to protect information and assets of the Aciturri Group.

 

The Management of the Aciturri Group undertakes to adopt the necessary measures to implement, maintain and continuously improve the Information Security Management System, as well as comply with the requirements applicable to information security. To this end, this Security Policy is made public, communicating it internally to the entire organization and making it available to interested parties. Failure to comply with this security policy, guidelines or applicable legislation in each case will lead to the adoption of the corresponding legal or disciplinary measures, defined by the Aciturri Group.

Miranda de Ebro as of May 22, 2023

​