Itbid is aware that the security of information related to our customers is a critical resource, and has established an Information Security Management System in accordance with the requirements of the ISO/IEC 27001:2022 standard to ensure the continuity of information systems, minimize the risk of damage, and ensure the fulfillment of the set objectives.

The objective of the Security Policy is to establish the necessary framework to protect information resources from internal or external, deliberate or accidental threats, in order to ensure the confidentiality, integrity, and availability of information.

The effectiveness and implementation of the Information Security Management System is the direct responsibility of the Information Security Committee, which is responsible for the approval, dissemination, and compliance with this Security Policy. A Responsible Person for the Information Security Management System has been appointed in its name and representation, who has sufficient authority to play an active role in the Information Security Management System, overseeing its implementation, development, and maintenance.

The Information Security Committee will proceed to develop and approve the risk analysis methodology used in the Information Security Management System.

Any person whose activities may, directly or indirectly, be affected by the requirements of the Information Security Management System is obligated to strictly comply with the Security Policy.

At Itbid, all necessary measures will be implemented to comply with applicable regulations on security in general and IT security, related to IT policies, building and facility security, and the behavior of employees and third parties associated with Itbid in the use of IT systems. The necessary measures to ensure information security through the application of standards, procedures, and controls should ensure the confidentiality, integrity, and availability of information, essential for:

  • Comply with current legislation on information systems.
  • Ensure the confidentiality of data managed by Itbid.
  • Ensure the availability of information systems, both in services offered to customers and in internal management.
  • Ensure the ability to respond to emergency situations, restoring critical services in the shortest possible time.
  • Prevent undue alterations to information.
  • Promote awareness and training in information security.
  • Establish objectives and goals focused on the evaluation of performance in information security, as well as continuous improvement in our activities, regulated in the Management System that develops this policy.

BUSINESS CONTINUITY POLICY

ITBID TECHNOLOGIES 2002, SL has as a policy to maintain a Business Continuity Management System (hereinafter BCM) that:

  • Identifies potential threats to ITBID TECHNOLOGIES 2002, SL, as well as the impact on business operations, in case they materialize, that they could cause.
  • Provides a framework to increase the resilience capacity of ITBID TECHNOLOGIES 2002, SL to respond effectively.
  • Ensures the rapid and efficient recovery of essential operations against any physical or logical disaster that may occur or any other incident that threatens the continuity of the services provided to customers.
  • Preserves the interests of its main stakeholders (customers, employees, and suppliers), reputation, brand, and value creation activities.

To ensure that the BCM aligns with the changing needs of ITBID TECHNOLOGIES 2002, SL, continuity plans will be regularly tested, continuously reviewed, and regularly audited.

A risk analysis has been conducted, evaluating the impacts and business objectives for prevention and defining the recovery levels, prioritizing Business Continuity in critical activities:

“Information Security Systems supporting the development and commercialization of modules for managing purchases in cloud technology and based on the SaaS model”

The BCM has been developed following the instructions and under the supervision of the Management of ITBID TECHNOLOGIES 2002, SL. It is designed to ensure the services provided to customers and to facilitate a return to normal operations in the shortest time possible with minimal disruption. Management fully supports the BCM and expects all personnel to be familiar with its contents and that the plans are ready to be activated at any time.

Barcelona, January 9, 2023 Signed: Josep Puig (Management ITBID Technologies 2002, SL)