Information security policy

1. Scope and Objective

This policy applies to the activities, services, assets, resources and third parties involved in the provision of products and services of FacePhi Biometría S.A. FacePhi’s Information Security objectives are based on the preservation of:

a) its availability, ensuring that authorized users have access to the information and its associated assets when required.
b) its confidentiality, ensuring that only those who are authorized can access the information.
c) its integrity, ensuring that the information remains unchanged and traceable.

2. Development

The FacePhi Management team wants to make known, through this document, to its workers, clients, suppliers and other interested parties, its vision that the management of Information Security is a key factor for the correct development of the organization.
Since the creation of the company, Information Security was established as a value proposition, in each and every one of the activities. This added value has since allowed us to differentiate ourselves from the competitors, guaranteeing, in addition to availability, the correct functioning of systems and services, and compliance with any legal, regulatory or contractual requirement in relation to Information Security.

FacePhi has reached a creditor position of trust by tens of national and international entities, in various sectors, and most of them involved in the handling of highly confidential information. Achieving this credit would never have been possible without the firm conviction and effort to ensure the integrity, confidentiality and availability of the information and systems that support it. FacePhi has always been aware that this strategy is crucial for the security and continuity of its business, as well as that of its customers.

This Information Security Policy shows the commitment of the Management, and has as high-level objectives:

  • Ensure compliance with applicable legislation, regulations and standards, as well as all those requirements that the organization deems appropriate to carry out in order to maintain an Information Security Management System, which allows it to achieve continuous improvement of its performance.
  • Meet the needs and expectations of the interested parties, preserving the availability, integrity and confidentiality of the information.
  • Demonstrate leadership by the Management ensuring that the Information Security policy and the security objectives are established and are compatible with the strategic direction of the organization.
  • Assign the necessary roles and responsibilities in the field of security and provide the necessary support.
  • Bet on continuous improvement, as a primary mechanism for the evolution and adaptation of the organization.
  • Implement effective and efficient security measures.
  • Establish and periodically review the level of security (risk appetite) based on risk analysis.
  • Train, raise awareness and motivate staff on the importance of meeting the requirements of the Information Security Management System.
  • Take into account Information Security in suppliers and subcontractors.

3. Communication

This Security Policy will be notified to all employees, third parties and interested parties who participate in the execution of activities related to the provision of products and services of FacePhi Biometría, S.A. To the extent that it is applicable, it will be included in the training plans for personnel and related third parties.

Mr. Javier Mira Miró, CEO and co-founder of FacePhi Biometrics, in Alicante in June 2020.