Information Security Policy


Last Revised: December, 2022

User information

The PLEIADES TECNOLOGIA SL Security Policy reflects the principles and objectives in terms of information security, the results of which allow our company to achieve its purpose of providing software development solutions and implementation of customized systems.

Through the elaboration, communication and maintenance of this policy, Pleiades Management shows its commitment to protect the confidentiality of the information with which it operates in the provision of its services, to guarantee its integrity in all the treatment processes it carries out, as well as the availability of the information systems involved in these treatments.

To this end, the Management has defined and implemented an Information Security Management System that allows the company to guarantee that the information systems and the information created, collected, stored and processed comply with:

  • • Security in Human Resources Management, before, during and upon termination of employment.
  • • Appropriate asset management involving the classification of information and the handling of media, and the establishment of robust logical access control to its systems and applications, managing user permissions and privileges.
  • • Protecting facilities and the physical environment by designing secure work areas and securing equipment.
  • • Ensuring the security of operations by protecting against malicious software, backing up, logging and monitoring. monitoring software in operation
  • • Management of technical vulnerabilities and the choice of appropriate techniques for auditing systems.
  • • Communications security, protecting networks and information exchange.
  • • The realisation of secure software development, separating development and production environments, and performing appropriate functional acceptance testing.
  • • Controlling relationships with suppliers, contractually requiring compliance with relevant security measures and acceptable levels of service.
  • • Effectiveness in the management of security incidents, establishing the appropriate channels for their notification, response and timely learning.
  • • The implementation of a business continuity plan that protects the availability of services during a crisis or disaster.
  • • Identification of and compliance with applicable regulations, with special emphasis on intellectual property and personal data protection.
  • • Periodic review and continuous improvement of our information security management system to ensure compliance with and effectiveness of these requirements. All the organisation's personnel have the duty to comply with this policy, for which the Management has the necessary means and sufficient resources for its fulfilment, and assumes the responsibility of communicating it and keeping it accessible to all interested parties.

  • Signed by the Management

Legal Information

The requirements of this Policy supplement, and do not replace, any other existing requirements under the Information Security Policy, which shall prevail in any event.

This Policy is subject to periodic review and may be amended by the Company at any time. When this occurs, we will notify you of any changes and ask you to re-read the most recent version of our Policy and confirm your acceptance of it.