Information Security and Service Management

The Policy that inspires the Quality (ISO 9001), Environment (ISO 14001), Information Security (ISMS-ISO 27001) and Service Management (ISMS-ISO 20000) systems of DOMINGO ALONSO GROUP, includes the commitment to comply with the requirements of continuously improving the effectiveness of the management system, preventing pollution, facilitating activities with the least consumption and wear of valuable and scarce environmental resources, ensuring the information supported by Information Technologies and guaranteeing an efficient management of services, providing a reference framework to establish and review the objectives of Quality, Environment, ISMS and ISMS, including the commitment to comply with the applicable legal requirements, this policy being communicated within the organisation and reviewed for its continuous adaptation.

DOMINGO ALONSO GROUP HAS ESTABLISHED:

MISSION

• To offer the best and most innovative mobility experience to our clients at an international level, maximising the use of technological solutions, being pioneers and innovators.
• To be a socially committed company, ensuring compliance with legal and environmental requirements, taking care of our planet.

VISION

• To be considered by our customers and partners as the most attractive and innovative option to offer mobility solutions adapted to their needs at all times, assuming the permanent challenge of always exceeding their expectations.
• To be the best place to work, where people enjoy the best conditions to feel inspired to give the best version of themselves with the aim of developing an efficient and profitable company that accepts and overcomes the challenge of competing and growing internationally.

VALUES

• We are honest with ourselves. Trust, transparency and consistency are part of our principles.
• We are aware that humility and learning something new every day gives us new opportunities for success.
• We are our best version at all times. Constant self-improvement in the pursuit of excellence is our guide to set ourselves new challenges.
• We are positive and proactive. We have the agility to adapt to change.
• We are passionate and we have a secret: we love what we do.
• We are a team and we are committed to a collaborative environment that fosters collective talent and teamwork.
• We are sensible. We take responsibility for our commitments and accept the consequences of our actions.
• We are loyal to our company and to society. Loyalty characterises us.
• We are hard-working. With perseverance and perseverance we turn every problem into a challenge and a new opportunity.

The Policy is defined and periodically reviewed by the Management.

This policy applies to all systems of the Tech Business Unit of DOMINGO ALONSO GROUP, the services provided by this unit and to all members of the Tech Business Unit, without exception.
DOMINGO ALONSO GROUP relies on ICT (Information and Communications Technology) systems to achieve its objectives. These systems are diligently managed, taking appropriate measures to protect them against accidental or deliberate damage that may affect the availability, authenticity, integrity, confidentiality or traceability of the information processed, or the services provided.
The objective of information security is to guarantee the quality of information and the continued provision of services, acting preventively, supervising daily activity and reacting promptly to incidents.

Within DAG’s Cybersecurity Master Plan, the objective is:
Implementation of a set of actions aimed at minimising the cyber risks inherent to the activity and reducing the area of exposure.

QUALITY, ENVIRONMENT, ISMS and ISMS POLICY

Management is committed to providing products and services that consistently meet the needs and expectations of our customers.
All personnel are involved in the fulfilment of this policy.
Quality Management, Environmental Protection, Information Security (ISMS) and Service Management (SMS) is an integral and fundamental part of the management of our organisation.
To achieve the highest level of quality and safety in our processes and services, we ensure that they are carried out effectively through our procedures, which describe our processes; the adoption of the Quality, Environment, ISMS and ISMS management system aims to achieve compliance with the following commitments:

• Comply with the requirements contemplated in the ISO 9001 standard (Quality Management System).
• Comply with the requirements of the ISO 14001 standard (Environmental Management System).
• Comply with the requirements of ISO 27001 (Information Security Management System).
• Comply with the requirements of the ISO 20000 standard (Service Management System). AIDA IT.
• Comply with legal, regulatory, statutory, customer and other relevant requirements, ensuring OSH, environmental care, information security and effective service management.
• Continuously improve the effectiveness of the integrated management system according to ISO 9001, ISO 14001, ISO 27001 and ISO 20000, the taking of measures for the prevention of pollution and the continuous improvement of safety and health assurance measures for workers, facilitating the participation of all company personnel, as well as the right to be consulted, the continuous improvement of measures to ensure the security of information based on the ISMS and the continuous improvement of the ISMS and services.
• To analyse and maximise customer satisfaction with our products and services.
• Our continuous focus on excellence is based on early identification and eradication of sources of errors. Prevention is always a priority over correction.
• To achieve the motivation of our human resources, their training, qualification and experience, through the appropriate activities of selection, training and coaching, as well as in OSH, promoting them from our Talent & Culture area.
• Establish and maintain permanent communication and information channels with our customers, staff, suppliers and society in general.
• The Quality, Environment, Information Security (SGSI) and Service Management (SGS) Policy is made available to the public and interested parties for their information and knowledge.
• The Quality, Environment, Information Security (SGSI) and Service Management (SGS) policies contemplate the minimisation of the impact of environmental aspects and the prevention of pollution with the aim of efficient improvement in REDUCTION, REUSE and RECYCLING.
• The purpose of this Information Security Policy is to protect the information assets of DOMINGO ALONSO GROUP and our customers.
• The objective of this Information Security Policy is to work in a secure and controlled environment, this fundamental objective being the frame of reference for all the activities and services we provide.
• Senior management is committed to complying with the requirements applicable to information security and to provide the means required for such compliance.

Likewise:

• Information is protected against loss of Availability, Confidentiality, Authenticity, Integrity and Traceability.
• Information is protected against unauthorised access.
• Business requirements regarding the security of information and information systems are met.
• Security incidents are reported and dealt with appropriately.

Management provides the Management System with all the necessary tools, documented and computerised, to ensure that the Quality, Environment, Information Security (ISMS) and Service Management (SMS) Policy is understood, developed, applied and continues to be in force at all levels of the organisation. In order to meet these commitments, the company establishes annually (taking advantage of the review and analysis of the Management System by the Management, as well as the analysis of Risks/Opportunities with the interested parties and the processes), a series of objectives and targets for Quality, Environment, Information Security (ISMS) and Service Management (SMS), directly related to our commitment to reduce energy consumption and waste generation, as well as our management objectives related to business growth and consolidation, and information security, which may be qualitative or quantitative in nature, but in any case, must be verifiable in terms of compliance and effectiveness.

The Management and the person in charge of the Integrated Management System assess the progress made in the achievement of these objectives when the Integrated Management System is periodically reviewed.

Within the Information Security Policies, DOMINGO ALOSO GROUP is prepared to prevent, detect, react and recover from incidents.

Policy approved by the CEO on 07 November 2022