Information Security Policy

Through this document, the management of MIO CONSULTING wishes to convey to its employees, clients, suppliers, and other stakeholders its firm belief that information security is a key factor in the organization’s successful operation.

MIO CONSULTING believes that Information Security Management, together with the provision of the training and resources necessary for this organization to carry out its activities—that is, the provision of the following services:

  1. Data Management.
  1. Customer Intelligence & Data Analytics.
  1. Data & Customer Strategy.
  1. Customer Experience & Relationship Management.
  1. Design, development, and implementation of Artificial Intelligence and Machine Learning projects applied to the aforementioned fields.

and the implementation or use of infrastructure, platforms, and software that support these services are the main pillars on which our daily work and efforts are based.

The primary objective of the Information Security Management System is to plan, establish, implement, operate, monitor, review, maintain, and improve the system in order to preserve the quality of services, as well as the confidentiality, availability, and integrity of the information that supports the organization’s processes.

To this end, the Information Security Management System has the following objectives:

  • Information Security Management, in accordance with the International Standard ISO/IEC UNE-ES ISO/IEC 27001:2022, through the accountability and participation of all company employees.
  • Effective assignment of roles and responsibilities.
  • Services that provide a level of quality and information security that meet and exceed our customers’ needs.
  • Preventing potential defects and possible information security incidents before they occur, by focusing on “continuous improvement” and communication.
  • Effective management and control of the production process through qualified personnel specialized in the company’s operations, with a focus on the continuous improvement of processes, procedures, products delivered, and services provided to customers, thereby achieving greater maturity in management and execution over time.
  • Staff training necessary to keep pace with the technical changes and technological innovations affecting the organization’s operations, to ensure that work is performed in accordance with the required standards of quality and information security.
  • Continuous improvement of the Information Security Management System to meet our customers’ requirements through:
  • Ongoing reviews of the Information Security System.
  • Establishment of safety indicators that allow us to assess the effectiveness and safety of our production processes.
  • Promote training for the organization’s staff in the areas where weaknesses are identified throughout the fiscal year.
  • Identification and development of new documents that more clearly describe the activities to be carried out within the organization (general and specific procedures, etc.) and their subsequent implementation.
  • Conducting periodic security audits to assess the level of compliance with the security policy.
  • Establish the security level based on risk analysis.
  • Raising awareness and motivating MIO CONSULTING staff regarding the importance of implementing and developing an Information Security Management System.
  • Ensure compliance with applicable laws, regulations, and standards, as well as any other requirements the organization deems appropriate to implement in order to maintain a formal information security management system that enables it to achieve continuous improvement in its performance.
  • Analyze the risks to which the Organization is exposed and manage them as effectively as possible to achieve the level of risk accepted by senior management, and identify opportunities through contextual analysis.

Madrid, March 26, 2026