Skip to content
Icono teléfono
+ 34 981 269 685
Foexga

Security Policy

Home    Security Policy

INFORMATION SECURITY POLICY

The expansion of new technologies and the opening up to public networks provide
DOCUTEN TECH, S.L. with new channels to reach customers and establish
relationships with other entities, thereby enhancing its business processes. However,
these new technologies and relationships also increase the level of risk associated
with the exposure of DOCUTEN TECH, S.L.’s information and communications.

Information is considered a strategic asset of DOCUTEN TECH, S.L. In this context, a
reference framework has been established that defines operational guidelines through
a preventive, informative, reactive, and learning-oriented approach, with the aim of
ensuring that the integrity, availability, confidentiality, authenticity, and traceability of
the information belonging to DOCUTEN TECH, S.L. and its customers are not
compromised.

The Information Security Policy of DOCUTEN TECH, S.L. constitutes the reference
framework designed to facilitate the definition, management, administration, and
implementation of the security mechanisms required to achieve the appropriate level
of security for DOCUTEN TECH, S.L.’s information assets.

Principles and Criteria

  • The following Information Security principles and criteria are established:
  • Commitment of Senior Management to the continuous improvement of its activities, products, and services, as well as of the Information Security Management System itself, through data analysis.
  • Commitment to compliance with all applicable legislation and regulations, as well as with other information security requirements agreed with customers, maintaining ongoing alignment with such obligations.
  • DOCUTEN TECH, S.L. adopts, as a fundamental premise of its Information Security Policy, the adaptation of both information systems and physical storage devices to municipal, regional, ministerial, and regulatory standards and/or regulations.
  • The objective is to provide employees, customers, and visitors with appropriate security measures within DOCUTEN TECH, S.L.’s facilities and information systems. The security of the information collected, processed, stored, and transmitted by DOCUTEN TECH, S.L. is essential to safeguarding its assets and those of its shareholders.
  • DOCUTEN TECH, S.L. may restrict access to its information—by individuals as well as by physical or logical objects—through an established access control system.
  • Security is an activity that concerns all employees and collaborators of DOCUTEN TECH, S.L., who must carry out their duties while ensuring adequate protection of DOCUTEN TECH, S.L.’s assets, and by understanding, accepting, and applying security rules and procedures.
  • The security of information, systems, and the devices used to collect, process, store, and transmit it is paramount to ensuring business continuity. To guarantee the Confidentiality, Integrity, Availability, Authenticity, and Traceability of such information, the necessary Security Policies, Standards, Procedures, and Mechanisms have been established. Accordingly, the provisions set out in DOCUTEN TECH, S.L.’s Internal Regulatory Framework shall be observed.
  • Information security must be regarded as an integral part of day-to-day operations and must be incorporated and applied from the initial design of processes and information systems.
  • It is essential to maintain up-to-date inventories of services and the information assets that support them, their owners or custodians, and the associated risks. This enables continuous analysis and allows for the design and implementation of new security measures and mechanisms with appropriate change management.
  • The value of information shall be identified by defining classification methods based on its level of importance to the organization, and by developing the associated processes for its handling, storage, transmission, declassification, access, reproduction, and destruction in accordance with its classification level.

ISO 27001

Having successfully passed the external audit (conducted by the certification body
EQA), DOCUTEN TECH, S.L. has an Information Security Management System certified
in accordance with the UNE-EN ISO/IEC 27001:2023 standard.


ISO 27001 is an international standard issued by the International Organization for
Standardization (ISO) that describes how to manage information security within an
organization. The core objective of ISO 27001 is to protect the confidentiality, integrity,
and availability of information.

To achieve this, potential issues that could affect information are identified (risk
assessment), and the necessary measures are then defined to prevent such issues
from occurring (risk mitigation or treatment).

This is the current version of the Information Security Policy, updated and approved by
Docuten’s Management.