Secure all information systems and services that support the subcontracted development, implementation, and maintenance of software solutions for our clients.

Protect customer and internal information from loss, tampering, unauthorized access, or disclosure - particularly within projects involving external delivery teams and shared environments.

Set and regularly review measurable information security objectives that are aligned with our business context, client needs, and evolving threat landscape.

Identify and assess information security risks, applying appropriate controls to treat unacceptable risks, and using a risk-based approach tailored to subcontracted operations.

Ensure compliance with relevant legal, regulatory, and contractual obligations, including client-specific requirements and data protection laws (e.g., GDPR, EU AI Act).

Promote secure software development practices, integrating security from the early stages of the software development lifecycle.

Raise awareness and foster responsibility among all employees, subcontractors, and service providers, ensuring they understand their role in protecting information assets.

Continuously improve the ISMS, based on internal audits, incident analysis, management reviews, stakeholder feedback, and lessons learned.