Introduction

ROVIMÁTICA’s Security Policy sets out the principles and objectives relating to information security, the implementation of which enables our company to fulfil its mission of providing services relating to the design, implementation and maintenance of solutions in the fields of automation, control, robotics, mechatronics, vision systems and artificial intelligence.

By drawing up, communicating and maintaining this policy, the Management of ROVIMÁTICA demonstrates its commitment to protecting the confidentiality of the information it handles in the provision of its services, ensuring its integrity throughout all data processing operations it carries out, as well as the availability of the information systems involved in such processing.

To this end, the Management has defined and implemented an Information Security Management System that enables the company to ensure that its information systems and the information created, collected, stored and processed comply with:

• Safety in human resources management, before, during and after employment.
• Proper asset management, which involves classifying information and handling data storage media, as well as establishing robust logical access controls for systems and applications, and managing user permissions and privileges.
• The protection of facilities and the physical environment through the design of safe work areas and the security of equipment.
• Ensuring operational security through protection against malicious software, performing backups, maintaining logs and monitoring them, and monitoring software in use.
• The management of technical vulnerabilities and the selection of appropriate techniques for system auditing.
• Communications security: protecting networks and the exchange of information.
• El aseguramiento de la seguridad en la adquisición y mantenimiento de los sistemas de información, limitando y gestionando el cambio.
• Ensuring security in the procurement and maintenance of information systems, by limiting and managing change.
• Effective management of security incidents, establishing appropriate channels for reporting, responding to and learning from them in a timely manner.
• The implementation of a business continuity plan to safeguard the availability of services during a crisis or disaster.
• Identifying and complying with applicable regulations, with a particular focus on intellectual property and the protection of personal data
• The regular review and continuous improvement of our information security management system to ensure compliance with and the effectiveness of these requirements

All staff within the organisation are required to comply with this policy; to this end, management provides the necessary means and sufficient resources to ensure compliance, and undertakes to communicate the policy and keep it accessible to all stakeholders.

La Dirección

01/01/2025