OPTIMITIVE is a company that offers advanced technology solutions for the optimisation of heavy industrial processes through advanced data analytics and artificial intelligence; It is aware that Information Security is essential for the competitiveness of the company and, therefore, for its survival. In consequence, it has implemented an Information Security Management System (ISMS) based on the ISO 27001:2022 standard, hereinafter ISMS.
This Policy is established as a framework within which all company activities must be developed. The scope is āThe information systems that support the software development services for the optimization of heavy industrial processes, as well as the IT professional services and the deployment and maintenance of projectsā according to the current version of the Statement of Applicability, so as to guarantee the commitment acquired to clients and other stakeholders.
For its annual goal setting, OPTIMITIVE considers the following principles:
- Protection of personal data and individual privacy.
- Protection of organizational records.
- Compliance with legislative and contractual requirements applicable to the companyās security activities.
- Mandatory information security training as established in the human resources security policy.
- Adherence to security controls and measures defined in security policies. Intentional security violations may result in disciplinary action as per Chapter IV (Faults and Sanctions of Workers) of the Workersā Statute.
- Reporting of detected security incidents based on established policies.
To achieve compliance
To achieve compliance with the afore mentioned principles, itās necessary to implement a set of security measures that ensure the effectiveness of the efforts made. All adopted measures have been established after a proper risk analysis of OPTIMITIVEās information assets.
This policy will be communicated to all members of the organization, who must comply with and ensure adherence to the provisions of OPTIMITIVEās ISMS (Information Security Management System). It will also be available to interested parties. To guarantee ISMS compliance, Management delegates responsibility for system oversight, verification, and monitoring to the Security Coordinator. This individual possesses the necessary authority and independence and will have appropriate resources to ensure the proper operation of the ISMS.
Finally, Management is committed to providing the necessary means and adopting appropriate improvements throughout the Organization to foster the prevention of risks and damages to assets, thereby enhancing the efficiency and effectiveness of the ISMS.
Information security controls
The information security controls implemented as a result of the risk analysis, which is periodically conducted on our organizationās information assets, will pay special attention to complying with the legal aspects associated with personal data processing. The requirements of the current Spanish Data Protection Law and the European General Data Protection Regulation (GDPR) will be taken into account in all aspects involving our business activities.
For further information, please do not hesitate to contact us at security@optimitive.com.
CEO OPTIMITIVE
Vitoria-Gasteiz (Ćlava), 25 April 2025
