Quality and Information Security policy

SPETO & BRAIT CONSULTING SL is a company dedicated to digitization, document management and process automation, which has a team with more than 10 years of experience in the SAP, OpenText and DocuWare ecosystem, specialists in areas such as accounts payable and accounts receivable, including electronic invoicing, and document management, document anonymization and electronic signature.

As experts in standardization projects and automation of centralized solutions, we are certified in products such as Vendor Invoice Management, Business Center Capture, Capture Solutions for SAP, Archive Center, Extended ECM, SAP MM, SAP SD, SAP FI and ABAP.

We have led international projects and rollouts in more than 20 countries and worked with portals and supplier networks such as the Ariba® Network. We have experience from the discovery and strategy phase, to the international expansion of the solution.

Through the elaboration, communication and maintenance of this policy, the Management of SPETO & BRAIT CONSULTING shows its commitment to protect the confidentiality of the information with which it operates in the provision of its services, to guarantee its integrity in all the treatment processes it carries out, as well as the availability of the information systems involved in these treatments.

The guidelines that emanate from this policy can be summarized in the following basic principales or objectives:

  • A permanent objective is to have the best professionals in the sector and promote the continuous training of our staff in the field of IT.
  • Assess and guarantee the technical competence of the personnel, as well as ensure their adequate motivation for their participation in the continuous improvement of our processes.
  • Customers are our reason for being, so we not only seek to satisfy their needs and requirements, but also try to anticipate their expectations by providing a quality service at very competitive prices.
  • Management maintains a commitment to comply with customer requirements, as well as the legal and regulatory requirements that apply to us in our activity.
  • Continuously improve the effectiveness of the management system, to guarantee our permanent adaptation to the demands of an increasingly competitive market and a constantly evolving environment. At BRAIT we have tools to analyze our context and have maximum control over existing risks and promote opportunities for improvement of the company.
  • Ensure the satisfaction of our customers, including those interested in the results of the company, in everything related to the performance of our activities and their impact on society.
  • Maintenance of fluid communication both internally, between the different levels of the company, and with customers.
  • Guarantee the correct state of the facilities and the adequate equipment, in such a way that they are in correspondence with the activity, objectives and goals of the company.
  • Guarantee a continuous analysis of all the relevant processes, establishing the pertinent improvements in each case, based on the results obtained and the established objectives.
  • Proper asset management involving the classification of information and handling of media, and the establishment of robust logical access control to its systems and applications, managing user permissions and privileges.
  • Protecting facilities and the physical environment by designing secure work areas and securing equipment.
  • Ensuring security in operations by protecting against malicious software, backing up, logging and monitoring. controlling software in operation.
  • The management of technical vulnerabilities and the choice of appropriate techniques for auditing the Systems.
  • The security of communications, protecting networks and the exchange of information.
  • The assurance of security in the acquisition and maintenance of information systems, limiting and managing change.
  • Controlling relations with suppliers, contractually demanding compliance with the relevant security measures and acceptable levels in their services.
  • Efficiency in the management of Security Incidents, establishing the appropriate channels for their notification, response and timely learning.
  • The implementation of a business continuity plan that protects the availability of services during a crisis or disaster.

Considering these guidelines, this management reiterates its firm commitment joining efforts to achieve these objectives, so this policy is understood, implemented and kept up to date at all levels of the organization.

Management

31/05/2023