Data Security Policy

adm’s leadership team promotes the implementation, maintenance and continuous improvement of its Information Security Management System based on the requirements of the reference standards UNE-ISO/IEC 27001. adm commits to respecting the privacy of all its clients and to protecting any data relating to clients from any third parties. To this end, adm leadership and management are committed to maintaining a secure environment in which to process data so that adm can meet these promises. 

The bases that will serve as pillars to achieve and guarantee the effectiveness of the Information Security Management System for the organization are set out below: 

-    High commitment to the customer with the aim of guaranteeing an uninterrupted service, with rapid and appropriate management of Information Security incidents. Business Continuity Plan & Incident Response Plan are the pillars of the ISO and such processes are in place at adm. 

-    Legal requirements of clients pertaining to the information and data security are met and maintained. Our Information Security governance & legal team assesses such requirements and contributes to meeting those requirements. 

-    Creating awareness about existing policies regarding security and privacy through a platform.  Giving special emphasis on trainings derived from the Information Security Management Systems implemented in the organization and ensuring active participation by adm staff in respect of such trainings that are conducted internally on a regular basis to establish and meet the objectives and goals related to Information Security. 

We conduct specific trainings for our teams and resources on phishing, smishing, vishing, social engineering and other aspects of information security. 

-    Providing added value to the client using updated technologies, creating solutions, ensuring continuous improvement in the existing processes and conducting steady research towards innovation to ensure we are always ahead of any security issues that may arise. 

-    The updated process and technologies we use at adm includes SSDLC, Encryption,
DRP, Security Dashboards, Backup policies amongst others.

For quality and assurance, we have various controls for clients that have been tested from functional and security perspective. Our software platforms, whether proprietary or third party, is evaluated prior to use to ensure that we do not subject data to unnecessary risk. 

-    Our business intelligence processes follow clear guidelines on information security. Secure Software Development Life Cycle is at the core of this process. 

-    We have a Secure Software Development Life Cycle to build new software in an organised and robust manner. This process also ensures that we have controls in place to minimise the risk in case of any data leakage.

-    Managing the provision of services carried out by adm to clients in an effective and efficient manner within a life cycle that allows the continuous improvement of the processes implemented. 

-    Ensuring the confidentiality, integrity, and availability of the information by analysing our risks. We look at them from all three dimensions. They are always present in our processes, and we seek to ensure that all information handled by our company complies with all three dimensions. 

-    Corporate Policy of Information Security Management System constitutes to be the reference framework for the establishment of goals of ISMS in such a way as to ensure continuous improvement in performance.

-    Because of the concern for Information Security, ADM carries out a risk analysis that is constantly updated to maintain control over possible new risk situations and the establishment of the corresponding plan for the treatment of unaccepted risks. Based on the results obtained in the planning phase and threat intelligence analysis, security controls are implemented, and the procedures of the management system are adapted to the requirements of the process. 

-    In addition, the ADM leadership team checks the impulse of the system, conducts data analysis and implements decision making by ensuring the availability of resources and intercommunication between all departments of the company's organization chart. It also proactively and positively influences the behaviour of its stakeholders and key suppliers and contractors by promoting the adoption of responsible information security behaviours. 

-    Improvements are evaluated, and once their feasibility is assessed, they are implemented, operated and maintained. The entire Information Security Management System is based on a continuous improvement cycle that includes the planning of its activities, its implementation, operation, review and subsequent improvement. 

-    Improvements to this policy and the underlying management systems are established during the review and improvement phases based on inputs received from internal and external stakeholders/ personnel. 

-    This policy is communicated to all adm employees. All adm employees are required to comply with the standards and procedures derived from this policy.