Objective

SocialPay S.L. (hereinafter in the document, SocialPay), to address matters related to information security management, issues the following Information Security Policy, within the context of the Information Security Management System (ISMS) implemented in the organisation, and in accordance with the international reference standard ISO/IEC 27001:2013.

The purpose and objective of this Information Security Policy is to protect the organisation’s information assets from all threats, whether internal or external, deliberate, or accidental, seeking to ensure continuity of operations,

Information Security Policy

1.- SocialPay´s Senior Management has approved this Information Security Policy.

2.- It is SocialPay’s policy to ensure that:

  • Information, and the systems that support it, will be protected from loss of confidentiality, integrity, and availability.
  • Applicable regulatory, legislative, and contractual requirements regarding information security shall be met.
  • All information systems subject to this Policy shall be subject to an information security risk analysis and management process.
  • Information security contingency plans will be developed.
  • Information security training will be available to all staff.
  • All information security violations, actual or suspected, will be managed, and investigated.
  • The commitment to information security of third-party partners (service providers, manufacturers, etc.) will be monitored in relation to their own policies.
  • The implemented ISMS will be continuously improved.

3.- Several procedures and technical instructions have been developed to support this Policy.

4.- Information security management at SocialPay is the responsibility of the organization’s Information Security Management Committee.

5.- This Policy will be reviewed, at least annually, and in an unplanned manner, for any security event or incident that could significantly impact information security.

6.- All department managers are responsible for implementing this Information Security Policy within their departments.

7.- It is the responsibility of each SocialPay employee to comply with this Information Security Policy.

This Information Security Policy is publicised, understood, implemented, and updated at all levels of the organisation, being reviewed annually for its adequacy, and extraordinarily, when special situations arise; as well as being made available to interested parties.

As CEO, I fully support this policy and am committed to ensuring compliance with it, throughout my area of responsibility.

Ricard Forn
CEO, SocialPay