top of page

INFORMATION SECURITY POLICY OF MINT TECHNOLOGY CLOUD, S.L.

Edition 01.4 – Date: 01.04.2025

The purpose of this high-level Policy is to define the objective, direction, principles, and basic rules for the information security management of MINT TECHNOLOGY CLOUD, S.L.

Management wishes to inform all users of this document (employees, clients, partners, suppliers, and other stakeholders) of its firm belief that information security is a key factor in the organization’s development. This Policy applies to the entire Information Security Management System as defined in its scope:

Processes and services. The Information Systems supporting telecommunications services (fixed and mobile telephony, internet access, 800 and 900 numbers, SMS sending, and certified or non-certified email), and cloud-based customer service systems (virtual switchboard, IVR, chat and voice bot, contact center, and electronic signature).

Organizational units. All organizational units of MINT TECHNOLOGY CLOUD are considered: Management, Information Systems, Administration, Support, Sales, and Development.

Locations. The headquarters office at Avenida Leonardo Da Vinci No. 8, Office 134, Edificio Alaja, 28906 Getafe (Madrid) is considered.

IT networks and infrastructure. All IT networks and infrastructure of the organization at the headquarters are included.

MINT TECHNOLOGY CLOUD, S.L. considers that managing information security, along with providing the necessary training and resources for its business activities and the implementation or use of ICT (Information and Communication Technologies) to achieve its objectives and support services, are the main pillars on which daily work and effort are based.

The company relies on ICT systems to achieve its goals. These systems must be diligently managed, taking appropriate measures to protect them from accidental or deliberate harm that may affect the availability (information accessible only to authorized persons when needed), integrity (information modified only by authorized people or systems in a permitted manner), and confidentiality (information available only to authorized persons or systems) of the information or services provided.

The general objective of information security is to ensure customer satisfaction by guaranteeing information quality and continuous service delivery through preventive action, monitoring daily activity, and swiftly reacting to incidents to reduce potential damage. The goals align with the business objectives, strategy, and business plans of MINT TECHNOLOGY CLOUD, S.L.

The Information Security System of MINT TECHNOLOGY CLOUD, S.L. is based on planning, establishing, implementing, operating, monitoring, reviewing, maintaining, and improving to preserve service quality and protect the availability, integrity, and confidentiality of the information that supports the company’s processes.

To achieve this, the Information Security Management System aims to:

  • Manage Information Security according to the International Standard UNE-EN ISO/IEC 27001:2022, with the responsibility and participation of all members of the company.

  • Effectively assign roles and responsibilities.

  • Efficiently manage and control the production process with qualified and specialized personnel in telecommunications and cloud services, continually improving processes, procedures, delivered products, and customer services to achieve greater maturity over time.

  • Provide the necessary training for staff according to technical changes and technological innovations affecting company activities, to ensure work is performed with required information quality and security levels; and promote training in detected weak areas.

  • Prevent possible defects and information security incidents before they occur, working with a focus on improvement and communication.

  • Continuously evolve the System to meet client demands, through periodic reviews, complying with legal and regulatory requirements relevant to information security, and fulfilling contractual obligations.

  • Establish security indicators to assess the effectiveness and security of production processes.

  • Implement new models, methods, and management systems and develop new documents that clearly describe organizational activities and their subsequent implementation.

  • Implement continuous methodologies aimed at understanding the level of satisfaction and fulfillment of our clients' needs and expectations.

  • Set security levels based on risk analysis.

  • Conduct periodic security audits to assess compliance with the security policy.

  • Efficiently manage our resources, both human (specialized staff) and material (economic and financial), to optimize results by identifying the costs of non-quality and security.

  • Raise awareness and motivate staff on the importance of implementing and developing an Information Security System.

 

This Policy will serve as a framework for setting objectives and corresponding individual or grouped security controls, proposed by the Information Security Officer and approved by Management. The control selection process is defined in the risk assessment and treatment methodology. The selected controls and their implementation status are detailed in the Statement of Applicability.

The responsibilities for the Information Security System of MINT TECHNOLOGY CLOUD, S.L. are as follows:

Information Security Officer:

  • Ensure the System is implemented and maintained in accordance with this Policy and that all necessary resources are available.

  • Operational coordination of the System, reporting on performance, and conducting at least one internal audit per year.

  • Implement training and awareness programs for everyone involved in information security management.

  • Define which information related to security will be communicated, to whom (internal and external), by whom, and when.

  • Ensure this Policy is communicated to all company employees and relevant external stakeholders.

  • Define the method for measuring compliance with objectives and analyze, evaluate, and report results for Management review, including measurement details, frequencies, and results.

  • Receive reports on all security incidents or weaknesses for handling and reporting to Management.

Management must review the Information Security System at least once a year or whenever significant changes occur, to assess its suitability, adequacy, and effectiveness.

All objectives must be reviewed at least once a year by the Management System Officer and approved by Management.

The protection of the integrity, availability, and confidentiality of assets is the responsibility of each asset owner.

Through this document, Management declares its commitment to provide the necessary resources to implement and continuously improve the Information Security Management System, achieve the objectives stated in this Policy, and meet all identified requirements. The Policy will be reviewed annually by the System Officer, who must verify and, if necessary, update it for Management approval.

When evaluating the effectiveness and adequacy of this Policy, the following criteria, among others, will be considered:

  • Internal and external personnel involved in the Management System but unfamiliar with this document.

  • Non-compliance of the Management System with laws, regulations, contractual obligations, or internal organizational documents.

  • Ineffectiveness in implementing and maintaining the Management System.

  • Ambiguous responsibilities for implementing the Management System.

bottom of page