Information Security Policy

SEALPATH TECHNOLOGIES, S.L. (hereinafter referred to as “SEALPATH”), as a specialist in the protection of its clients’ data and information and acknowledging the advance of digitalization, the paradigm shift in terms of the forms of communication and the speed and ease with which data travels, has implemented an Information Security Management System (hereinafter referred to as ISMS) based on the UNE-EN ISO/IEC 27001:2017 standard in its “cloud infrastructure for the provision of the information protection service, in accordance with the statement of applicability in force”.

That is why SEALPATH, in its efforts to secure data and information and considering the needs and expectations of stakeholders, is committed to:

• Protect customer information and data through simple solutions that safeguard, control, and monitor data wherever it resides.

• Promote and encourage R&D to develop differentiating technologies in data protection.

• Ensure the availability, confidentiality and integrity of information and data internally and for its customers.

• To be informed of and comply with the applicable legislation and regulations in force, as well as other legal and regulatory requirements regarding information security.

• Comply with the level of security required to ensure that the information protection service is provided securely and is adequate for business continuity, even in adverse situations.

• To comply with the needs and expectations, as well as the requirements imposed by the interested parties, in terms of information security and data protection.

• Establish, implement, and review objectives to improve performance in the areas of information security and data and information protection.

• Establish the necessary processes to implement the necessary corrective actions and promote prevention to reduce potential information security risks.

• Ensure training and awareness to all personnel to improve their performance and behavior within the organization in terms of ISMS.

• Establish and promote the necessary communication channels to strengthen communication with stakeholders.

• Promote the continuous improvement of ISMS, always implementing possible improvement opportunities, as well as acting on those risks that may affect the scope, systems, infrastructures, etc.

To ensure the proper performance of Information Security Management System and to comply with the established objectives and requirements, SealPath’s management has designated different ISMS responsible parties and a Committee that will ensure compliance with the guidelines set forth in this policy.