Information Security Policy

The Management of MIO One wants to make known, through this document, to its employees, customers, suppliers and other interested parties its conviction that Information Security is a key factor for the proper development of the organization. MIO One considers that Information Security Management, together with the provision of training and resources necessary for the development of the activity of this organization, that is, the performance of Data Management, Customer Intelligence & Data Analytics, Data & Customer Strategy, Customer Experience & Relationship Management services and the implementation or use of infrastructure, platform and software to support these services, are the main pillars on which the work and daily effort are based.

The main objective of the Information Security Management System is to:
Plan, establish, implement, operate, monitor, review, maintain, and improve to preserve the quality of services, as well as the confidentiality, availability, and availability of the services.
integrity of the information that supports the organization’s processes.

To this end, the Information Security Management System has the following objectives:

  • Information Security Management, according to the International Standard ISO/IEC 27001:2013 / UNE ISO/IEC 27001:2014 (Translation) / UNE-EN ISO/IEC 27001:2017 (Corrections), through the responsibility and participation of all members of the company.
  • Effective assignment of roles and responsibilities.
  • Quality services and information security that meet and exceed the needs of our customers.
  • Prevention of potential defects and possible information security incidents before they occur, working towards “continuous improvement” and “continuous improvement”.
    communication.
  • Efficient management and control of the production process by qualified personnel specialized in the company’s activities in the search for continuous improvement of
    processes, procedures, products delivered and services rendered to the client, reaching over time a greater maturity in their management and execution.
  • Necessary training of personnel in accordance with the technical changes and technological innovations to which the organization’s activity is subjected, for a
    execution of the work with the required levels of quality and security of the information.
  • Continuous evolution of the Information Security Management System, in order to adapt to the demands of our customers, through:
    • Continuous reviews of the Information Security System.
    • Establishment of safety indicators that allow us to know the degree of efficiency and safety of our production processes.
    • Encouraging the training of the organization’s personnel in the weak aspects detected during the fiscal year.
    • Search for and development of new documents that describe more clearly the activities to be carried out within the organization (general and specific procedures, etc.) and their subsequent implementation.
    • Conducting periodic security audits to determine the degree of compliance with the security policy.
    • Establish the security level based on risk analysis.
  • Awareness and motivation of MIO One personnel on the importance of the implementation and development of an Information Security Management System.
  • Ensure compliance with applicable laws, regulations and standards, as well as all other requirements that the organization deems appropriate to carry out.
    to maintain a formal information security management system, which allows it to achieve continuous improvement of its performance.
  • Analyze the risks to which the Organization is exposed, and manage them in the best possible way to reach the Risk level accepted by the highest Management, and
    analyze opportunities through context analysis.

Madrid, December 04, 2023