This policy establishes the commitment of TACTIC Key Consulting, specialized in Enterprise Performance Management (EPM) solutions, to protect information security in all its operations. The company aims to ensure the confidentiality, integrity, and availability of information belonging to interested parties, in compliance with contractual requirements, prioritizing the ISO 27001 standard and applicable legal regulations.

It applies to all activities related to the design, implementation, support, and maintenance of EPM solutions offered by TACTIC Key Consulting. This includes all information assets, processes, systems, employees, contractors, and any third party with access to the company’s information.

The senior management of TACTIC Key Consulting is fully committed to the implementation, maintenance, and continuous improvement of the ISMS. This commitment includes providing the necessary resources and supporting all initiatives aimed at protecting information and meeting the company’s security objectives.

Its objectives are to: protect customer data against internal and external threats, whether intentional or accidental; ensure compliance with all applicable laws, regulations, and contractual requirements, including data protection regulations; promote a culture of information security among all employees and collaborators; maintain customer trust by ensuring the security of analytical data and the confidentiality of their reports. All handled information will be classified according to its sensitivity. Customer data and generated reports will be treated as confidential, and rigorous controls will be implemented to ensure their integrity and availability.

TACTIC Key Consulting will conduct an ongoing process of identification, assessment, and treatment of risks associated with information security. Appropriate control measures will be implemented to mitigate identified risks, prioritizing those that may affect client delivery. All information security incidents, including those that may compromise data integrity, must be reported, recorded, and managed in accordance with ISMS procedures. The company will implement an incident response plan to minimize the impact of any security breach.

The ISMS will be periodically evaluated through internal audits and management reviews to ensure its effectiveness and suitability to the company’s needs. TACTIC Key Consulting is committed to the continuous improvement of the system to address new threats and adapt to technological changes.

This policy will be reviewed at least annually, or when significant changes occur in the technological, regulatory, or threat environment, to ensure it remains effective and relevant. This policy has been approved by the senior management of TACTIC Key Consulting and is mandatory for all employees and interested parties.

Tactic Key Consulting, S.L. Barcelona