The main purpose of this policy is to establish the fundamental value of information security for OneMind Technologies S.L. (hereinafter, “OneMind” or “Organization”), which considers the information related to its customers and itself, including the information systems that process it as critical, therefore, there is a commitment to provide a high standard of security through the application of various controls and safeguards, regardless of the media in which it is present.

From this, OneMind assumes a commitment to establish and maintain an adequate Information Security Management System (also known as “ISMS”), in accordance with and based on the international standard ISO 27.001. In general terms, this would allow:

• ---

  Identify and minimize the risks to which the information is exposed.
• Establishing an information security culture
• Ensure compliance with applicable legal, contractual, regulatory and business requirements in force
• Reduce operating and financial costs

Therefore, it is intended an effective and efficient management of the ISMS in search of the preservation of the triad of information that are key to this, being: Confidentiality, ensuring its accessibility in a controlled manner by authorized persons, processes or systems, preventing unauthorized disclosure. Integrity, preventing it from being manipulated by malicious third parties not authorized to do so. Availability, controlling that it is accessible in time and form, and its recovery in case of incidents that cause loss or corruption.

In the pursuit of achieving the above, the fundamental principles of OneMind’s express commitment are as follows:

• ---

  Ensure that security is an integral part of the information systems life cycle through adequate management of risks and weaknesses associated with information systems.
• To protect the information generated, processed or stored by the different processes, its technological infrastructure, and assets, against threats of internal or external origin to the organization, ensuring that the principles of confidentiality, integrity, availability and legality of the information are complied with.
• To guarantee the availability of processes and the continuity of our services based on the impact that adverse events may generate.
• Comply with legal and contractual requirements, as well as any other requirements to which OneMind subscribes.
• Inform all employees of their roles, duties and responsibilities regarding information security and personal data protection.
• Promote awareness and sensitization in the field of information security and the protection of personal data.
• Adopt continuous improvement as a strategic value and its application in all aspects of OneMind’s management, carrying out the necessary internal audits, implementing the appropriate actions and establishing the appropriate Objectives.
• To foster communication and collaboration with stakeholders by creating, where possible, relationships based on trust, loyalty, transparency, mutual respect and reciprocal input to improve the efficiency and safety of our facilities, processes and services.
• Diligence on the part of all employees and collaborators in the communication of possible security incidents, and ensuring their proper management.

All these principles are assumed by the Management, which has the necessary means for the implementation of the ISMS, and are also made available to all customers, employees and stakeholders appropriately identified.

This Policy was approved in Barcelona on 08/09/2023 and it will be your responsibility to monitor the need for changes as warranted.