Acevedo, aware that the Quality of Services and the Security of Information relating to our clients are critical resources, has established an Integrated Management System in accordance with the requirements of the ISO/IEC 27001, ISO/IEC 20000-1 and UNE EN ISO 9001:2015 standards to guarantee the continuity of the Quality Systems, the Security of Information and Services in order to minimise the risks of damage and ensure compliance with the objectives set. The objective of the Quality, Security and Service Management Policy is to set the necessary framework for action to protect information resources against threats, internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity and availability of information, as well as to establish the necessary measures to ensure the quality of the services provided to our customers.

The effectiveness and implementation of the Integrated Management System is the direct responsibility of the Committee, which is responsible for the approval, dissemination and compliance with this Policy. In its name and on its behalf, an Integrated Management System Manager has been appointed, who has sufficient authority to play an active role in the Management System by supervising its implementation, development an d maintenance. The Committee will proceed to develop and approve the risk analysis methodology used at Acevedo to ensure that there is control over our level of service, the third parties involved, the life cycle of the services and the context of the organisation.

Any person whose activity may, directly or indirectly, be affected by the requirements of the integrated Management System is obliged to strictly comply with this policy.

The following measures have been implemented and are promoted at Acevedo:

• Comply with current legislation and other specific requirements and, in particular, those related to Information Security.
• To ensure the confidentiality, availability and integrity of the information managed by Acevedo, as well as to promote that third parties involved also ensure these parameters.
• To avoid undue alterations to the information.
• To guarantee the security of our facilities and resources.
• To ensure the availability of the information systems and resources necessary for the development of the Integrated Management System, both for the services offered to clients and for internal management.
• To ensure the capacity to respond to emergency situations, re-establishing the functioning of critical services in the shortest possible time.
• Maintain the level of service offered to our customers and guarantee its continuity.
• Communicate the importance of effective service management.
• Promote information security awareness and training.
• Establish objectives and targets focused on performance evaluation.
• Commit to continuous improvement of the Integrated Management System and keep the Management System up to date by complying with the requirements of the implemented standards.
• To make this Policy known to employees and third parties, to ensure compliance with it and that it serves as a support for the establishment of business objectives.
• To guarantee the satisfaction of our customers and provide the necessary means to ensure the quality of our service.