COMMITMENT AND BASIC PRINCIPLES OF IT SECURITY

At Altadia, the operations and systems that handle both our own information and that of our customers are crucial assets for the organisation. Protecting this information is essential to maintaining optimal levels of competitiveness, profitability, regulatory compliance and public image necessary to satisfy customers.

IT security at Altadia refers to the set of technical, organisational, legal and personal behavioural measures taken by all those who access or manage information. By defining a regulatory framework, mandatory policies and procedures, and applying current standards, Altadia is committed to implementing an Integrated Information Security Management System that is aligned with:

• ISO 27001 for Information Security Management framework.
• NIS2, acting as a reference framework for applying recognised mandatory best practices in Information Security.

The commitment is based on essential principles, such as protecting confidentiality, integrity, authenticity, availability and traceability of information throughout its life cycle through measures aligned with business objectives. It includes periodic risk assessment, establishment of a detailed inventory of classified assets, and definition of a system to manage incidents or vulnerabilities.

Altadia's primary mission is to transform surfaces to create spaces that improve people’s lives. To achieve this mission, Altadia is committed to building trust with its clients and partner organisations, and has identified the following objectives regarding information security:

• Resource and Data Protection: To safeguard Altadia's technological resources and data against unauthorised access, improper disclosure, damage, loss or unauthorised modifications in order to preserve confidence in our services.
• Data Classification Strategy: To have a transparent classification system based on the critical importance of data, applying the necessary controls for secure handling, storage and proper disposal, ensuring appropriate protection.
• Control from the Start of Development: Application of preventive measures from the earliest stages in the creation, development and acquisition of software, IT services and processes. Integrating information security throughout the entire life cycle of products and services.
• Awareness and Active Collaboration: Promoting an organisational culture that emphasises the importance of information security among employees and collaborators to identify and mitigate risks, fostering a secure environment in all activities carried out.
• System Accessibility and Consistency: Ensuring that information systems are available and operational by developing and implementing Disaster Recovery and Business Continuity Plans to effectively restore critical systems and business processes after any disruptive incident.
• Information Control and Management: Establishing measures that guide information management based on corporate, legal, and regulatory requirements.
• Defence against System Threats: Protecting IT assets and systems from unauthorised access and other potential risks.