The protection of information is a priority for Mind Source and is regarded as a professional, ethical, legal, regulatory and contractual requirement. This requirement is considered fundamental to the success of the company’s business, and Mind Source is strongly committed to safeguarding the confidentiality, integrity and availability of the information for which it is directly responsible.

Mind Source has established and maintains processes and procedures designed to ensure the protection of confidential information, safeguard intellectual property and protect information technology systems against potential internal and external threats that could compromise the confidentiality, integrity and availability of information.

This policy provides guidance for the protection of Mind Source’s information assets and is based on the following principles:

• Information is an essential asset to the company’s business;

• Commitment to promoting and implementing appropriate security levels to protect both information systems resources and the information processed, stored or transmitted by them;

• The company is responsible for complying with applicable legislation, ensuring the privacy, confidentiality, integrity and availability of information;

• Through the Information Security Management System (ISMS), the company ensures compliance with regulatory requirements and codes of best practice in order to identify, assess, prioritise and address risks, while also ensuring a commitment to continuous improvement;

• The company guarantees the implementation of an awareness programme for its employees and other relevant interested parties within the scope of the information security system regarding their responsibilities in preserving information security;

• The company ensures that access to information and systems is authorised and properly controlled;

• The detection, investigation and prompt response to all information security breaches is carried out through event logging and incident management procedures;

• The company regularly considers and reviews contingency plans for networks and systems, taking into account the integrity and recovery of processed and stored information.

 

The commitments set out in the Information Security Policy apply to the entire organisation. Mind Source’s Board of Directors assumes responsibility for its communication and implementation and is committed to acting with a focus on achieving the established objectives, namely:

• Minimising operational impact and the financial costs associated with security incidents;

• Improving the organisation’s security and resilience through informed decision-making regarding security risks;

• Ensuring that this policy is periodically reviewed and updated to reflect changes in the organisation, technology and information security threats.

 

Mind Source is committed to complying with the information security requirements set out in this policy and to continually improving the Information Security Management System through the achievement and review of the objectives established herein, the measurement of processes and controls, and the results of risk assessments and their respective treatment plans.