QUALITY POLICY EVENTSCASE

January 11, 2021

EVENTSCASE considers the client as the centre and the main objective of all its business activities, managing the development and maintenance processes of all its products, in order to deliver the best possible technological solution

The quality in the development and maintenance of the software is a priority for EVENTSCASE and it is covered by the company’s internal processes as well as the daily activities of each employee so that its correct production is assured and the satisfaction of the client is obtained.

EVENTSCASE’s staff is its main asset, so the company looks to ensure the satisfaction and motivation of their personal and professional development, for continuous improvement in order for them to fulfi l their activities.

To achieve these objectives, EVENTSCASE has created a functional organization built around its participating professionals as a key component in the integral management of the life cycle of the software development and maintenance projects, the orientation towards the continuous improvement of the affected processes and the continuous communication with the clients.

In order to ensure the effi cient fulfi lment of the organisation’s objectives, the management team has adopted the measures of the international standard ISO 9001:2015, the basic foundations and processes of which are as follows:

• To meet customer requirements and expectations
• To achieve continuous customer satisfaction.
• To defi ne, implement and improve the processes of:
  1. Confi guration Management
  2. Management and analysis of client requirements and parties involved.
  3. Management of the life cycle model.
  4. Measurement and analysis
  5. Project planning, evaluation and control.
  6. Quality assurance
• To guide the organization to an ever-improving and higher standards of development of processes, ensuring the continuous improvement of its delivered products and the services provided to the client. Over time reaching a greater maturity in its management and execution.
• Performing periodic security audits to ascertain the degree of compliance with the security policy.
• Establishing the level of security based on risk analysis.

For this purpose, EVENTSCASE team members are accountable for keeping alive the following assumptions:

• Understanding and satisfying the expectations and requirements of their clients, in the different stages of the life cycle of the development and maintenance of the company’s software, as well as to fulfi l the practices of the processes and tools described in the corresponding documentation.
• Identify, notify and participate in the resolution of the possible causes of deviations or defi ciencies in processes and procedures, contributing in this way to the greater effectiveness of their activity

The Quality Policy will be at the disposal of the interested parties and must be implemented and acknowledged by all; considering the Management of EVENTSCASE as the fi rst to assume the guidelines described.

BACKGROUND

This policy refers to the need to establish basic principles with regard to Information Security at Eventscase, through a declaration of intent, which define the basis of the organisation's Information Security Management System (ISMS).

SECURITY POLICY

The organisation's Information Security Management System preserves the confidentiality, integrity and availability of information through the application of a risk management process, thus providing greater confidence to stakeholders.

Therefore, the Information Security Policy establishes basic principles for the Information Security Management System, defining the following security objectives:

• To guarantee the confidentiality of the information that the organisation receives, sends or processes through its platforms.
• To ensure the integrity, accuracy and veracity of the information of its products and services.
• Protect access to information, allowing it to be available when needed.
• Ensure maximum availability of systems.
• Establish the necessary measures to keep the organisation's personnel constantly aware of and motivated to comply with its security policies.

In addition, the organisation is committed to complying with all applicable national and international regulations, defining specific resources for adequate management.

To meet these objectives, the organisation has a working team dedicated to managing information security, which meets periodically to deal with issues related to the Information Security Management System.

Once the foundations of the Information Security Management System are in place, the organisation will initiate the necessary steps to obtain ISO/IEC 27001 certification.

On the other hand, the Management undertakes to provide all the resources that will be necessary to achieve these objectives, and for the establishment and maintenance of the Information Security Management System.

Furthermore, the Management undertakes to actively participate in the Information Security Management System, being part of the decisions related to the system and to information security

José Miguel Bort Mondragón

CEO EVENTSCASE