INFORMATION SECURITY POLICY
RATENOW as a "technology company dedicated to the development of systems for the continuous measurement of customer and patient experience" has implemented an information security management system within the organisation, whose main objective is to achieve business objectives and customer satisfaction by guaranteeing information security at all times through established processes based on a process of continuous improvement, ensuring the continuity of information systems, minimising the risk of damage and ensuring compliance with the objectives set to ensure the confidentiality, integrity and availability of information at all times.
Our pillars in the provision of our services are:
- Information security in accordance with the strictest banking/medical standards.
- Widespread and evolving monitoring of privacy regulations
- Use of approved data exchange protocols and distribution channels
- State-of-the-art technology
- Needs-focused technical team
To this end, it is committed to information security in accordance with the ISO/IEC 27001:2013 reference standard, for which the General Management establishes the following principles:
- Competence and leadership by the management as a commitment to develop the Information Security Management system.
- Determine the internal and external stakeholders that are relevant to the Information Security Management System and meet their requirements.
- Understand the organisational context and identify organisational opportunities and risks with respect to information security as a basis for action planning to address, assume or deal with them.
- Ensure the satisfaction of our customers, including stakeholders in the company's performance, in all aspects of the conduct of our business and its impact on society.
- Establish objectives and goals focused on the evaluation of performance in the field of Information Security, as well as continuous improvement in our activities, regulated in the Management System that develops this policy.
- Compliance with the requirements of the legislation applicable and regulatory to our activity, the commitments acquired with clients and interested parties and all those internal rules or guidelines to which the company is subject.
- To ensure the confidentiality of the data managed by the company and the availability of the information systems, both in the services offered to clients and in internal management, avoiding undue alterations to the information.
- Ensure the capacity to respond to emergency situations, re-establishing the functioning of critical services in the shortest possible time.
- Establish the appropriate measures for the treatment of risks derived from the identification and evaluation of assets.
- Motivating and training all personnel working in the organisation, both for the correct performance of their job and to act in accordance with the requirements imposed by the reference standard, providing a suitable environment for the operation of the processes.
- Maintaining fluid communication both internally, between the different levels of the company, and with clients.
- Evaluating and guaranteeing the technical competence of the personnel for the performance of their functions, as well as ensuring adequate motivation for their participation in the continuous improvement of our processes.
- To guarantee the correct state of the facilities and the appropriate equipment, in such a way that they are in correspondence with the activity, objectives and goals of the company.
- To guarantee a continuous analysis of all relevant processes, establishing the relevant improvements in each case, depending on the results obtained and the established objectives.
These principles are assumed by the General Management, which has the necessary means and provides its employees with sufficient resources to comply with them, and which makes them public through this Information Security Policy.
The CEO, Albert Esplugas Boter
27/06/2023