Management Commitment to Information Security
Version: 1.0
Effective Date: July 3, 2025
Approved by: Corporate Management
Statement of Commitment
As CEO of HR ROSCLAR, S.L., I formally declare management’s full commitment to the establishment, implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS), in accordance with the requirements of ISO/IEC 27001:2022 and in line with other recognized international standards and best practices in this field.
Scope and objectives
The objective of this policy is to ensure the adequate protection of the confidentiality, integrity, and availability of the organization’s information, as well as compliance with legal, regulatory, contractual, and commercial obligations at all times.
Management principles and commitments
1. Lead and actively support the establishment of an organizational culture focused on information security.
2. Align the ISMS with the organization's strategic direction, processes, and business objectives.
3. Allocate the necessary resources (human, technological, and financial) to ensure the effectiveness of the ISMS.
4. Assign clear responsibilities for information security management, ensuring competence and ongoing training.
5. Ensure compliance with all legal, regulatory, contractual, and other commitments made in relation to information security.
6. Establish and review information security objectives that are measurable and consistent with this policy, within the continuous improvement cycle.
7. Identify and assess information security risks, taking the necessary measures for their treatment and mitigation.
8. Promote awareness and continuous training of all personnel, at all levels, in relation to their responsibilities in the field of information security.
9. Ensure effective management of security incidents, with defined notification, response, and learning processes.
10. Encourage continuous improvement of the ISMS through audits, periodic reviews, corrective actions, and opportunities for improvement.
11. Integrate considerations related to climate change and its potential impact on information security, in accordance with the principles of sustainability and systemic risk management.
12. Respect ethical and social responsibility principles, including personal privacy and the protection of personal data in accordance with regulations such as the GDPR or other applicable laws.
Review and update
This policy will be reviewed annually or in the event of significant changes in the organizational, legal, or technological context to ensure its continued adequacy and effectiveness.
Eduard Vinyeta
Chief Executive Officer