Security Policy

At Devlane, information is a fundamental asset for the provision of our services. Decisions are taken efficiently and effectively, regardless of the hierarchy and the vital work of the interested parties; the reason why there exists an express commitment to the protection of their significant properties as part of a strategy oriented to risk analysis and the consolidation of a culture based on the security of the information.

We established the following basic principles as our primary directives for the security of the information, which must always be taken into account in every activity related to the treatment of the data.

Confidentiality

The information should only be accessed by the correct people, entities, or authorized processes, and the rights of the property about that information should always be established appropriately.

Integrity

The information must be precise and complete without unauthorized modifications.

Availability

The information must remain accessible and usable by the people, entities, or authorized processes at the required moment.

Risk Management

The information assets must be identified, classified, and registered. Risk management will ensure their proper safety, assuring a controlled environment. The reduction of risk levels will be taken care of by deploying safety measures that will imply a balance between the nature of the data itself, the treatment, the impact and the probability of the exposed risks, and the efficiency and cost of the safety measures.

Compliance with the requirements of interested parties

The organization must fulfill its activities oriented to compliance with the needs of the interested parties in terms of legal regulations, the established regulations of regulatory organizations, the internal norms, and the procedures set by the Direction or any legal obligation.

Continuous Improvement

The security measures will be reevaluated and updated periodically to ensure effectiveness against evolved risks and protection systems. The safety of the information will be addressed, reviewed, and audited by qualified personnel.

Involvement of the personnel

The employees are the essence of the company, and their full implication through conscious activities, education, and training enable their capacity to use them to benefit the SGI objectives.

The policy set forth herein is effective as of the 21st of June, 2022.