The Management of ORQUEST SOFTWARE SL, facing the increasing competitiveness of the technology sector and higher demands from users, considers information security and quality in its integrated management system a fundamental aspect. Its objective is to provide services recognized for their quality, with optimal reliability indices, ensuring the correct levels of information confidentiality, as well as data integrity.

Service quality is a strategic objective of our Integrated Management System, offering a quick response to achieve full customer satisfaction and exceed their expectations, and to be recognized in the sector, ensuring a commitment to continuous improvement for this purpose.

As a service company, ORQUEST SOFTWARE SL aims for the quality and security of its services to faithfully reflect the expectations of each user and interested parties, thus ensuring the company’s future success.

To achieve these objectives, the management provides adequate resources for the maintenance and improvement of the Integrated Management System with ISO 27001 and ISO 9001. It actively participates in the establishment and monitoring of strategic SECURITY and QUALITY objectives, as well as in the review of the Integrated System, and carries out the necessary training actions in information security and quality management.

In all its activities, the company firmly adheres to current legislation, especially that related to the protection of personal data and the provision of our services, as well as compliance with contractual commitments acquired with its users and third parties.

To make the above effective, the Management, aware of the importance of quality in the management of our system and information security, has decided to implement an Integrated Management System based on the UNE-EN ISO/IEC 27001:2023 and UNE-EN ISO 9001:2015 standards in our processes, the scope of which includes the development and international sale of software, as well as web and mobile platform production services.

This management declares and assumes the following principles:

• Quality in our management and information security is a common task for all areas of the company.
• Security in human resource management, before, during, and after the employment relationship.
• Proper management of assets, which implies information classification and media handling, and the establishment of logical access control to its information systems.
• Protection of facilities and the physical environment, through the design of secure work areas and equipment security.
• Ensuring security in operations through protection against malicious software, backups, the establishment of logs and monitoring, and control of software in operation.
• Communication security, protecting networks and information exchange.
• Secure software development, separating development and production environments, and performing functional acceptance tests.
• Control of relationships with suppliers, contractually requiring compliance with relevant security measures and acceptable service levels.
• Effectiveness in managing security incidents, establishing procedures and appropriate channels for their notification, response, and timely learning.
• Implementation of a business continuity plan to protect service availability during a crisis or disaster.
• Identification and compliance with applicable regulations, with special emphasis on intellectual property and the protection of personal data.
• Considerations related to the use of artificial intelligence technologies, prioritizing the confidentiality and integrity of information.
• The application of this Policy requires the active integration of all company personnel. To achieve this, management considers motivation and training as priorities.
• Management is responsible for promoting the implementation of this policy, verifying its execution through the management of technical vulnerabilities and the selection of appropriate procedures for system auditing.
• Commitment to the transition to a circular economy, where resource waste is reduced, and reuse, recycling, and remanufacturing are promoted.
• Integration of climate considerations into business decision-making, including climate risk assessment and investment opportunities in energy-efficient and eco-friendly products.
• Clear and transparent information about its policies and practices related to climate change.

This Management assumes the commitment to comply with requirements and continuously improve the effectiveness of the Management System.

To comply with this policy, to head towards the established course, leadership, and consequently the progress and well-being of the people who make up the organization, we must keep in mind two aspects that will help us in this objective:

The organization is a chain, each of us is just a link; our teamwork and strong commitment are what differentiate us and make us unique.

Correct identification of errors is the only way to continuous improvement.