Integrated Quality and Information Security Policy

Grupo GAT openly manifests its intention to offer competitive services to all its customers; by that, it has implanted Quality and Information Security Management Systems in the organization, whose principal objective is to reach the satisfaction expected by customers, through established processes and basics in a continuous improvement process.

The Quality Management System based on the standard UNE-EN-ISO 9001:2015 is designed in such a way that the services provided by the organization are carried out correctly and efficiently, using the proper media for that and in such a way that the maximum results are reached.

To comply with the proposed objectives, it is supported in the next basic pillars that are established by the direction:

  • Watch for warranty our customers’ satisfaction, including the stakeholders in the company’s results, in all matters relating to our activities and its repercussion in the society.
  • Stablish objectives and goals focused on the evaluation of the performance in quality matters, and in the continuous improvement in our activities, always regulated in the Management System that is developed in this policy.
  • Compliance with the requirements of the current regulations in our activity, the commitments made with our customers and all these internal rules or actuation guidelines which the company is subject to.
  • Maintenance of smooth communication both internal level, between the different estates of the company, and with customers.
  • Evaluate and warrantee the personnel’s technic skills and secure its proper motivation for its participation in the continuous improvement of our processes.
  • Warrantee the proper status of the facilities and the adequate equipment, in such way that they are in correspondence with the activity, objectives, and goals of the company.
  • Warrantee a continuous analysis of all the relevant processes, establishing the relevant improvements in each case, in function of the obtained results and the established objectives.

In addition, GRUPO GAT is aware about the importance of the information security being highly compromised in offer the maximum security of the information processed in the business operation in its services of “Background screening, due diligence, internal compliance researches, reception and primary management of complaints”, and for this reason has implanted a security management system based in the ISO 27001 regulation, that allows to identify and minimize the risks which the information is exposed to, establish an information security culture, warrantees the compliance of the current legal, contractual and business requirements, and helps to the operative and financial costs decrease.

The following are established below the principles that support the Security Management System (ISMS) that GRUPO GAT has decided to define, implement, operate and continuously improve.

  • GRUPO GAT will protect against the risk the generated, processed or stored by the different processes’ information, its technological infrastructure and assets that are generated by the granted to third parties’ accesses (e.g.: providers), or as a result of an internal or external service.
  • GRUPO GAT will protect the confidentiality, integrity, availability, and legality of the generated, processed or stored by different processes information, for minimizing the financial, operational or legal impacts due to its incorrect use. For that is fundamental, the application of controls according to the classification of the information that is owned or held by it.
  • GRUPO GAT will protect its information against the internal or external threats.
  • GRUPO GAT will protect the facilities and the technological infrastructure that is supported by its critical processes. GRUPO GAT controls its processes’ operations, warranting the security of the technological resources and the data webs.
  • GRUPO GAT will warrantee that the security will be integral part of the information systems’ life cycle through a proper risk management and the associate weakness of the information systems.
  • GRUPO GAT will warrantee the availability of its processes and the continuity of its services based in the impact that can be generated by the adverse events.
  • GRUPO GAT will warrantee the compliance of the legal and contractual requirements.
  • The responsibilities about the information security will be defined, shared, published and accepted by all the interested parties.

These principles are assumed to the Direction, who has the necessary media and provides to his employees of the sufficient resources for its compliance and bring to the public’s attention through this Quality and Information Security Policy.

S.D.: General Direction

Date: 01-03-2022