Management Commitment to Information Security

Version: 1.0
Effective Date: July 3, 2025
Approved by: Corporate Management

Statement of Commitment

As CEO of HR ROSCLAR, S.L., I formally declare management’s full commitment to the establishment, implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS), in accordance with the requirements of ISO/IEC 27001:2022 and in line with other recognized international standards and best practices in this field.

Scope and objectives

The objective of this policy is to ensure the adequate protection of the confidentiality, integrity, and availability of the organization’s information, as well as compliance with legal, regulatory, contractual, and commercial obligations at all times.

Management principles and commitments

1. Lead and actively support the establishment of an organizational culture focused on information security.
2. Align the ISMS with the organization's strategic direction, processes, and business objectives.
3. Allocate the necessary resources (human, technological, and financial) to ensure the effectiveness of the ISMS.
4. Assign clear responsibilities for information security management, ensuring competence and ongoing training.
5. Ensure compliance with all legal, regulatory, contractual, and other commitments made in relation to information security.
6. Establish and review information security objectives that are measurable and consistent with this policy, within the continuous improvement cycle.
7. Identify and assess information security risks, taking the necessary measures for their treatment and mitigation.
8. Promote awareness and continuous training of all personnel, at all levels, in relation to their responsibilities in the field of information security.
9. Ensure effective management of security incidents, with defined notification, response, and learning processes.
10. Encourage continuous improvement of the ISMS through audits, periodic reviews, corrective actions, and opportunities for improvement.
11. Integrate considerations related to climate change and its potential impact on information security, in accordance with the principles of sustainability and systemic risk management.
12. Respect ethical and social responsibility principles, including personal privacy and the protection of personal data in accordance with regulations such as the GDPR or other applicable laws.

Review and update

This policy will be reviewed annually or in the event of significant changes in the organizational, legal, or technological context to ensure its continued adequacy and effectiveness.

 

Eduard Vinyeta
Chief Executive Officer

Scroll to Top
Privacy Summary

This website uses cookies so that we can offer you the best possible user experience. Cookie information is stored in your browser and performs functions such as recognizing you when you return to our website or helping our team understand which sections of the website you find most interesting and useful.

Strictly necessary cookies

Strictly necessary cookies must always be active so that the website can function correctly and safely.

  • Technical cookies
  • Security cookies
Third party cookies

This website uses analytical and advertising cookies to collect anonymous information, such as the number of visitors to the site or the most popular pages, to carry out advertising campaigns based on cookies.

  • Analytical cookies
  • Advertising cookies
Additional cookies

This website uses web navigation personalization cookies to adapt the website for a better user experience.

  • Performance cookies
  • Functional cookies