Bismart Security Policy

Proximity, quality of service and results orientation are our hallmarks.
identity, therefore, aware of the importance of information security,
and in line with the path that marks our own identity, from Bismart
Business Intelligence Specialist Services SL and/or Bismart Int, SL (hereinafter
interchangeably called Bismart), the establishment has been promoted
of an Information Security Management System according to the requirements
ISO27001 in order to identify, evaluate and minimize the risks to which your company is exposed.
information and that of its clients as well as guaranteeing compliance with the objectives

The main objective of this Security Policy is to establish an action model
that allow us to develop a company culture, a way of working and taking
decisions at Bismart, as well as ensuring that information security and respect
to personal data are a constant:
• Preserving the confidentiality of our clients’ information, avoiding
its disclosure and access by unauthorized persons.

• Maintaining the integrity of our clients’ information, seeking
its accuracy and avoiding its deterioration.

• Ensuring the availability of our clients’ information, in all
the supports and whenever necessary.
The Management, for its part, especially values and establishes as the main criterion for
the estimation of your risks the assessment of the availability and confidentiality of your
information and even more that of its clients. Thus, it is committed to developing, implementing,
Maintain and continually improve your Security Management System
Information (ISMS) with the objective of continuous improvement in the way we provide
our services and in the way we treat our clients’ information.
Therefore, it is Bismart’s policy that:
• Objectives are established annually in relation to the Security of the

• Legal, contractual and business requirements are met.

• Training and awareness activities are carried out regarding the processes
Information Security for all staff.

• A process of analysis, management and treatment of risk is developed on the
information assets.

• Control objectives and corresponding controls are established to
mitigate the detected risks.

• The responsibility of employees is established in relation to the reporting of
security violations and to comply with inherent policies and procedures
to the Information Security Management System.
The Security Manager will be directly responsible for the maintenance of this
policy, providing advice and guidance for its implementation and corrections before
deviations in compliance.
This information security policy will always be aligned with the
general policies of the company and with those that serve as a framework for other management systems.
internal management, such as quality and environmental policies.

January 2, 2024