Information Security Policy - ISMS

Scope: This policy is applicable to the activities, services, assets, resources and third parties involved in the provision of Comprehensive Collection Management services, Telesales Processes and Fraud Prevention Processes.

Since the creation of the company, information security has been established as a value proposition, in each and every one of the activities. This added value has since allowed us to differentiate ourselves from the competition, guaranteeing, in addition to availability, the correct functioning of the systems and services, and the fulfillment of any legal, regulatory or contractual requirement in relation to information security. </ P >

In conclusion, both the integrity, confidentiality and availability of information and systems are crucial for the security and continuity of our business, as well as that of our clients.

Verifica establishes the following principles regarding information security

• Ensure compliance with applicable legislation, regulations and standards, as well as all those requirements that the organization deems appropriate to carry out to maintain an Information Security Management System, which allows it to achieve continuous improvement of its performance .
• Comply with the needs and expectations of the interested parties involved within the scope of the ISMS, preserving the Availability, Integrity and Confidentiality of the information.
• Demonstrate leadership by management by ensuring that the Information Security policy and security objectives are established and are compatible with the strategic direction of the organization.
• Assignment of roles and responsibilities in the field of security and the necessary support.
• Orientation towards “continuous improvement”.
• Implementation of specific communication mechanisms, in order to streamline internal and external communications within scope.
• Clear and detailed monitoring of the Security Objectives set by the management.
• Continuous evolution of the Information Security Management System, in order
  to adapt to the needs, through:
  • Periodic reviews of the Information Security Management System.
  • Establishment of security indicators.
  • Promotion of staff training.
  • Conducting ISMS audits.
  • Establish the security level (risk appetite) based on risk analysis.
• Staff awareness and motivation about the importance of the implementation and development of an Information Security Management System.

That is why Management establishes, within the management program, the plans and resources necessary to achieve the general objectives and continuous improvement. This policy is reviewed annually.

Likewise, the Management itself analyzes the risks and vulnerabilities in security matters that may affect Verifica, assuming and / or accepting them and providing the necessary means to minimize them and ensure the proper functioning of the business

Every person belonging to Verifica has to comply with this policy, as well as with the Management System, fundamentally the people in charge of carrying out the activities included within it, assuming responsibilities in terms of security and the assets of information.

2^nd april 2024