GLOBAL SECURITY POLICY

1. Introduction

Gradhoc is aware of the importance of protecting information to ensure the proper conduct of its business and to maintain the trust of its employees, customers, suppliers, and other stakeholders. Accordingly, information security is embedded into the organisation’s processes through the establishment of an Information Security Management System, which is defined by this Policy and further developed through supporting policies, procedures, and documentation to achieve its objectives.

2. Purpose

The purpose of this document is to define the Global Security Policy, establishing the guidelines to be followed to protect the information processed by Gradhoc, ensuring its confidentiality, integrity, and availability, in accordance with ISO/IEC 27001 and applicable legislation.

All Gradhoc staff, suppliers, employees, and management are required to be familiar with and comply with this Policy.

3. Definitions

Information security refers to the protection of information in its three main areas:

  • Confidentiality: ensuring that information is accessible only by authorised resources.
  • Integrity: ensuring that information is modified or destroyed only by authorised parties.
  • Availability: ensuring that information is accessible and usable by authorised parties when required.

4. Scope

The measures and guidelines set out in this document apply to Gradhoc’s information systems and to all individuals who use these systems to access or interact with the company’s information.

5. Declaration of commitment

At Gradhoc, information protection is a fundamental principle of the company’s operations and a responsibility shared by the entire organisation.

Gradhoc’s management is committed to:

  • Protecting the confidentiality, integrity and availability of all information managed, whether proprietary or third-party.
  • Complying with applicable legal and regulatory requirements regarding information security and data protection.
  • Proactively managing the information security risks associated with Gradhoc’s assets and processes.
  • Promoting a culture of security through ongoing training and awareness-raising among Gradhoc employees.

6. Objectives of the ISMS

Through this Policy and the implementation of the ISMS, Gradhoc aims to meet the following objectives:

  • Protecting information assets through controls that are the most effective in maintaining their confidentiality, integrity, and availability.
  • Ensuring that security incidents are addressed promptly and effectively.
  • Providing information security and personal data protection training to all Gradhoc staff.
  • Monitoring the proper definition and implementation of the ISMS through audits and reviews to ensure its effective operation.
  • Enhancing the quality and security of the products developed and sold by Gradhoc.
  • Obtaining certification under the national security framework.

7. Organisation and responsibilities

  • Gradhoc Management is responsible for approving this Policy.
  • The Information Security Committee is responsible for reviewing this Policy at regular intervals or whenever a relevant change is made to the ISMS.
  • Gradhoc’s Information Security Officer is responsible for maintaining this Policy.

8. Validity

This Policy is effective upon publication and is reviewed regularly by the Information Security Committee, at least once a year.