Information Security Policy

SKANDAL Technologies SLU operates an Information Security Management System (ISMS) that supports the development, distribution, operation and remote management of the Poet Creator software, as well as the management of user data, external data and software licences, in accordance with the current Statement of Applicability.

For this purpose, the Company has implemented an Information Security Management System whose objective is to achieve the level of customer satisfaction expected through defined processes based on continuous improvement. This system ensures the continuity of information systems, minimises risks and guarantees compliance with established objectives, thereby safeguarding at all times the confidentiality, integrity and availability of information.

To this end, we undertake our commitment to information security in accordance with the ISO/IEC 27001:2022 standard. Senior Management establishes the following principles:

• Demonstrating competence and leadership as a commitment to developing and maintaining the Information Security Management System.

• Identifying the internal and external interested parties involved in the ISMS and fulfilling their requirements.

• Understanding the organisational context and identifying opportunities and risks as a basis for planning actions to address, accept or treat them.

• Ensuring the satisfaction of our clients, including interested parties in the Company’s results, in all matters relating to the performance of our activities and their potential impact on society.

• Establishing objectives and targets focused on evaluating security performance and promoting continuous improvement in the activities governed by the Information Security Management System.

• Complying with all applicable legislation relevant to our activities, commitments undertaken with clients and interested parties, and all internal standards or operational guidelines to which the Company subscribes.

• Ensuring the confidentiality of managed data and the integrity and availability of information systems, both in services provided to clients and in internal management, preventing unauthorised alteration of information.

• Ensuring the ability to respond to emergency situations, restoring the operation of critical services in the shortest possible time.

• Establishing appropriate measures for the treatment of risks arising from the identification and evaluation of assets.

• Motivating and training all personnel working within the Organisation to perform their roles effectively and in accordance with the requirements of the applicable standards, providing a suitable environment for process development.

• Maintaining effective communication both internally and with clients.

• Assessing and ensuring the technical competence of personnel in the performance of their duties, as well as fostering appropriate motivation to encourage their participation in the continuous improvement of our processes.

• Monitoring and maintaining a system for the ongoing evaluation of suppliers and subcontractors in the performance of their activities, particularly those related to the ISMS.

• Ensuring that facilities and equipment are maintained in proper condition and aligned with the Company’s activities, objectives and targets.

• Guaranteeing continuous analysis of all relevant processes, implementing appropriate improvements in each case based on the results obtained and the objectives established.

These principles are endorsed by Senior Management, which provides the necessary means and sufficient resources to employees for their fulfilment.

They are formalised and made publicly available through this Quality and Information Security Policy.