DEDOMENA ARTIFICIAL INTELLIGENCE, S.L. is committed to protecting the confidentiality, integrity, and availability of all information assets. This commitment extends to customer data, employee information, intellectual property, and business-critical systems.
Information Security Objectives
Our information security program is designed to achieve the following strategic objectives:
Confidentiality Protection
Protect information assets from unauthorized access, disclosure, or modification
Business Continuity
Ensure business continuity through robust security measures and disaster recovery
Regulatory Compliance
Comply with legal, regulatory, and contractual security requirements
Customer Trust
Maintain customer trust through responsible and transparent data handling
Scope and Applicability
This policy applies to all employees, contractors, partners, and third parties who have access to DEDOMENA's information systems and data. It covers all forms of information including:
- Electronic data stored on company systems and cloud services
- Physical documents and records
- Verbal communications containing sensitive information
- Customer data and proprietary business information
- Employee personal information
Security Organization
DEDOMENA has established an Information Security Management System (ISMS) led by a designated Security Officer. Our security organization structure ensures clear responsibilities and accountability:
Key Responsibilities
- Defining and maintaining security policies, standards, and procedures
- Conducting regular risk assessments and implementing appropriate controls
- Monitoring security incidents and managing response activities
- Ensuring compliance with security standards and regulations
- Promoting security awareness throughout the organization
Asset Management
All information assets must be properly identified, classified, and protected according to their value and sensitivity to the organization.
Confidential
Highly sensitive information requiring strict access controls. Unauthorized disclosure could cause significant harm.
Internal
Information intended for internal use only. Limited distribution within the organization.
Restricted
Information with controlled distribution. Available to specific groups or individuals.
Public
Information approved for public disclosure. No restrictions on distribution.
Asset owners are responsible for:
- Determining appropriate classification levels
- Implementing required protection measures
- Reviewing access permissions regularly
- Ensuring proper disposal when no longer needed
Access Control
Access to information and systems is granted based on the principle of least privilege. Users are only given the minimum access necessary to perform their job functions.
Access Control Requirements
Security Incident Management
DEDOMENA maintains comprehensive procedures for detecting, reporting, and responding to security incidents. Our incident management process includes:
Detection and Reporting
Immediate reporting of suspected security incidents through established channels
Assessment and Classification
Rapid assessment to determine the severity and scope of the incident
Containment
Immediate actions to limit the impact and prevent further damage
Investigation and Recovery
Thorough investigation and restoration of affected systems
Lessons Learned
Post-incident review to improve security measures and procedures
Business Continuity
To ensure business continuity in the face of disruptive events, DEDOMENA implements comprehensive backup and recovery strategies:
Data Backup
Regular automated backups with encryption, stored in geographically distributed locations
Recovery Testing
Regular disaster recovery drills to validate backup integrity and recovery procedures
System Redundancy
Redundant infrastructure for critical systems to minimize downtime
Continuity Plans
Documented business continuity procedures with defined RTO and RPO objectives
Compliance and Review
This policy is reviewed annually or following significant changes to the business or threat landscape. All personnel are required to acknowledge and comply with this policy. Violations may result in disciplinary action up to and including termination of employment or contracts.