Information Quality, Security & Privacy Policy RESPONSABLE: FINANCE & HR DIRECTOR

Since the birth and evolution of the company, HANSCAN SPAIN has integrated into its DNA the quality and security of their products and services, with the commitment for standardization and industrialization of itself.

For this reason, HANSCAN SPAIN openly expresses its intention to offer competitive services to all its clients, implementing an Information Quality, Security and Privacy Management System (IQSPMS).

The aim is to reach our clients’ satisfaction through the implementation of several operational, effective and efficient processes appropriately established. With these processes, HANSCAN SPAIN is looking for excellence, maximizing the results based on the best practices and the continuous improvement.

The scope of the Integrated Management System (IMS), which complies with the requirements of UNE-EN-ISO 9001:2015, ISO/IEC 27001:2022 and ISO/IEC 27701:2019 standards, is:

The management of the information quality, security and privacy for the development, support and marketing of identification systems using biometrics.

The application of the Integrated Management System is a direct responsibility of the Committee of Information Quality, Security and Privacy, which is responsible for developing and approving the methodology of risks analysis, as well as the dissemination/diffusion and compliance of this policy.

On its behalf and representation, there has been appointed a Chief Information Quality, Security & Privacy Officer, which has enough authority as to perform an active role on controlling and supervising the implementation, development and maintenance of this particular system.

In order to meet the objectives set by HANSCAN SPAIN, the IQSPMS relies on the following fundamental basis established by the Direction:

  • Competence and leadership from Senior Management, as a compromise to develop the Information Quality, Security & Privacy Management System.
  • Determine the stakeholders, both internal and external, which are relevant to the Information Quality, Security & Privacy Management System and to meet its requirements.
  • Understanding the context of the organization and defining its opportunities and risks for planning tasks, and addressing, assuming or dealing with them.
  • Ensure the satisfaction of our clients, including the parties interested on the company’s results, in relation to the completion of our activities and their social impact.
  • Establishing objectives and scopes, focused on evaluating the performance in terms of quality and security, as well as the continuous improvement of our activities, regulated on the IMS established in this policy.
  • Corporate values: confidence, compromise, responsibility, delegation, priorization, transparence, self-organization, ability to learn, adaptation to continuous changes, resilience, effectiveness (repair-mitigation-correction), analytical capacity (root cause), agile framework.
  • Meeting the requirements of the applicable and regulated law to our activity in relation to:
    1. Security in general and IT security, related to the IT policy, the security of buildings and facilities, and the behavior of employers and third parties that are associated to HASCAN SPAIN in the use of IT systems.
    2. The commitments undertaken with clients and stakeholders, and the internal policies or pattern of actions in which HANSCAN SPAIN is submitted.
    3. Applicable data privacy legislation.
  • Bring awareness and educate on information quality, security and privacy to the employees of the organization, as well as on the optimal performance of their job in order to act according to the requirements set by these standards, providing an adequate environment for the operation of the processes.
  • Keep a fluid communication, at an internal level, between the different areas of the organization, as well as at an external level with clients.
  • Evaluate and guarantee the technical competence of the employees in the performance of their duties, as well as ensuring the adequate motivation on their participation in the continuous improvement of processes.
  • Guarantee the proper state of the installations and the adequate equipment, in line with the activity, scopes and goals of the company.
  • Guarantee the continuous analysis of the relevant processes, establishing appropriate improvements in each case, according to the obtained results and the objectives that had been set.
  • Ensure the confidentiality of the data managed by HANSCAN SPAIN.
  • Ensure the availability of the information systems, regarding the services offered to the clients and the internal management, protecting the information resources from threats, internal or external, deliberate or accidental.
  • Protect the integrity of the data in terms of correction and completeness, avoiding undue alterations on the information.
  • Ensure the response capacity towards emergency situations, reestablishing the critical services operation, in the shortest time possible, to guarantee the continuity of the information systems, minimizing the damage risks and ensuring the fulfillment of the established scopes.

These guidelines are assumed by the Management, who supports their employees with the needed resources for their accomplishment, reflecting and exposing publicly this knowledge through this Quality, Security and Privacy Policy.

Everyone whose activity might be affected, directly or indirectly, by the requirements of the Information Quality Management System, Security and Privacy is compelled to strictly accomplish the same.

D. Bruce Mark Currie

Administrador Hanscan Spain, SA