Security Policy

Grupo Tenea, aware that ensuring the quality of our services, as well as information security, is a critical resource, has established an Integrated Management System in accordance with the requirements of the UNE-EN ISO/IEC 27001:2022, 9001:2015, and 20.000-1:2018 standards.

The effectiveness and application of the Integrated Management System in accordance with the reference standards is the direct responsibility of the Integrated Management System Committee, which is responsible for approving, disseminating, and ensuring compliance with this policy. On its behalf, an Integrated System Manager has been appointed, who has sufficient authority to actively participate in the Management System, overseeing its implementation, development, and maintenance.

We recommend that you read this policy carefully.

At Ofimood, all necessary measures will be implemented to comply with applicable regulations and other contractual requirements, and to establish the necessary measures to ensure compliance with the referenced ISO standards.

Therefore, Ofimood:

• Applies information security through the implementation of standards, procedures, and controls to ensure the confidentiality, integrity, and availability of information, as well as the quality of the service provided.
• Safeguards the confidentiality of the data managed by Ofimood.
• Has the ability to respond to emergency situations, restoring the functioning of critical services as quickly as possible, and ensuring information systems.
• Prevents unauthorized alterations to the information, safeguarding its integrity.
• Promotes awareness and training for all staff to meet the expectations of stakeholders.
• Sets objectives and goals focused on evaluating performance, as well as on continuous improvement in our activities, as regulated by the Management System that develops this policy.
• Ensures the availability of information systems, both in the services offered to clients and in internal management.
• Establishes the necessary framework to protect information resources against internal or external, deliberate or accidental threats, ensuring the confidentiality, integrity, and availability of information.
• Approves the risk analysis methodology used in the Integrated Management System.
• Maintains the security of buildings and facilities, as well as systems and the behavior of employees and third parties associated with Ofimood in the use of systems.
• Studies customer satisfaction levels and analyzes areas for improvement to maximize results.
• Establishes guidelines and communicates to employees the importance of efficient service management in line with client requirements.
• Maintains the level of service offered to our clients and ensures business continuity.
• Ensures the company's capacity according to demand, to not compromise the level of service offered to our clients.
• Has the necessary means to ensure the quality of our service.

Approved and signed by Management on February 8, 2023.