Security Policy

Proximity, quality of service and results orientation are our hallmarks, so, aware of the importance of information security, and in line with the path that marks our own identity, from Bismart Business Intelligence Specialist Services SL and / or Bismart Int, SL (hereinafter referred to as Bismart indistinctly), has promoted the establishment of an Information Security Management System in accordance with ISO27001 requirements in order to identify, evaluate and minimise the risks to which its information and that of its customers is exposed and to ensure compliance with the established objectives.


The main objective of this Security Policy is to establish a model of action that will allow us to develop a company culture, a way of working and making decisions in Bismart, as well as to ensure that the security of information and respect for personal data are a constant:


  • Preserving the confidentiality of our clients' information, preventing its disclosure and access by unauthorised persons.
  • Maintaining the integrity of our clients' information, ensuring its accuracy and preventing its deterioration.
  • Ensuring the availability of our clients' information, in all formats and whenever necessary.

The Management, particularly values and establishes as the main criterion for estimating its risks the assessment of the availability and confidentiality of its information and, even more so, that of its customers. Thus, it is committed to developing, implementing, maintaining and continuously improving its Information Security Management System (ISMS) with the aim of continuous improvement in the way we provide our services and in the way we treat our customers' information.


It is therefore Bismart's policy that:

  • Information Security objectives are established on an annual basis.
  • Legal, contractual and business requirements are met.
  • Training and awareness-raising activities on information security processes are carried out for all personnel.
  • A process of analysis, management and treatment of information asset risk is developed.
  • Control objectives and corresponding controls are established to mitigate the risks identified.
  • Employees are held accountable for reporting security breaches and complying with the policies and procedures inherent to the Information Security Management System.

The Security Manager will be directly responsible for the maintenance of this policy, providing advice and guidance for its implementation and corrections in the event of deviations in its compliance.

This information security policy will always be aligned with the general policies of the company and with those that serve as a framework for other internal management systems, such as quality and environmental policies.


2 January 2024