Quality and Security Policy

1.- Quality Policy

Adam, as a company with extensive experience in the use of information technologies, is aware of the importance of ensuring the Quality in the DataCenter Services, as well as in the associated communication services it provides to its customers. For this reason, it has developed this Quality Policy, setting and aligning the Company’s Quality goals with the strategic goals, the business requirements and the requirements of the customers and the stakeholders, in order to guarantee customer satisfaction.

The Quality Policy is developed by means of Policies, Processes, Procedures, Regulations, Guidelines, Work Instructions and Quality Standards, which specify, within their scope, the way in which the Quality Policy is applied to the Company’s Process Map.

The ultimate objective of the Quality Policy is to reinforce the commitment undertaken by Adam to its customers, in terms of continuous improvement of the level of service provided, strict compliance with the legislation in force at any given time and continuous improvement of internal processes, in accordance at all times with the legally established rights.

For all the foregoing, the Adam’s Management explicitly declares that it is aware and approved the policies and regulations developed in these documents and therefore all the staff must be aware of them and apply them at all times as part of their duties in the company.

For the effective application of the Quality Policy in the company, the Management will provide the necessary resources for its good development, both in the implementation activities and in the operation and improvement activities of this policy and the processes which may be established.

Customer satisfaction is essential for the correct alignment with the business goals. To this end, a Quality Management System (QMS) has been established in order to implement all the processes necessary to establish the way in which services and products will be provided.

The Quality Management System is continuously updated and improved to meet the needs of the business, the customers and the stakeholders. New goals are set on a regular basis and business processes are regularly evaluated.

The Quality Management System is reviewed annually or where there is a significant change in the business.

The Quality Management System, implemented, used and improved, according to the ISO/IEC 9001:2015 standard, in the organisation, guarantees:

  • That it establishes and maintains the context, and determines the needs and expectations of the stakeholders
  • That roles, responsibilities and authorities have been assigned
  • That goals are set for the Quality Management System, and aligned with the strategic goals
  • That indicators are set to measure the performance of processes, and are periodically analysed and evaluated
  • That a criterion is set to manage business risks
  • That all the staff receive training and attend awareness-raising activities regarding quality and customer satisfaction
  • That the Management system is operated on the basis of approved documented information, policies, processes, procedures…
  • That compliance is verified by means of external audits, the follow-up of goals and indicators, and Management reviews
  • That non-conformities and complaints are corrected by implementing corrective actions and the evaluation of their results
  • That there are continuous improvement processes in the Quality Management System

2.- Information Security Policy

Adam, as a company with extensive experience in the use of information technologies and the processing of information assets, is aware of the importance of securing the information in its business activities and especially to provide the Datacenter Services and associated Communication Services. For this reason, it has developed this Information Security Policy, setting and aligning the Company’s Security goals with its strategic goals, the business requirements and the requirements of the customers and the stakeholders, in order to guarantee the confidentiality, integrity and availability of its Information assets and of its customers’ Information assets.

The Information Security Policy is developed by means of Policies, Processes, Procedures, Regulations, Guidelines, Work Instructions and Security Standards, which specify, within their scope, the way in which the Security Policy is applied to the company’s various information assets and processes, so that the levels required for the global fulfilment of the business and security goals can be achieved in each area.

The ultimate objective of the Information Security Policy is to reinforce the commitment undertaken by Adam to its customers, in terms of continuous improvement of the level of service provided, strict compliance with the legislation in force at any given time, continuous improvement of internal processes and protection of the Information assets of ADAM’s current and future customers, in accordance at all times with the legally established rights.

For all the foregoing, the Adam’s Management explicitly declares that it is aware and approved the policies and regulations developed in these documents and therefore all the staff must be aware of them and apply them at all times as part of their duties in the company.

For the effective application of the Information Security Policy in the company, the Management will provide the necessary resources for its good development, both in the implementation activities and in the operation and improvement activities of the aforementioned policy and the information security checks which may be established.

Protecting ADAM’s and its customers’ Information assets is essential for the correct alignment with the business goals. To this end, an Information Security Management System (ISMS) has been established in order to implement all the processes and checks necessary to establish the way in which the Information assets are protected.

The Information Security Management System is continuously updated and improved to meet the needs of the business, the customers and the stakeholders. New goals are set on a regular basis and business processes are regularly evaluated.

The Information Security Management System is reviewed annually or where there is a significant change in the business.

The Information Security Management System, implemented, used and improved, according to the ISO 27001:2013 standard, in the organisation, guarantees:

  • That it establishes and maintains the context, and determines the needs and expectations of the stakeholders
  • That roles, responsibilities and authorities have been assigned
  • That goals are set for the Information Security Management System, and aligned with the strategic goals
  • That indicators are set to measure the performance of checks, and are periodically analysed and evaluated
  • That a risk criterion is set to identify, analyse, evaluate and treat risks
  • That all the staff receive training and attend awareness-raising activities regarding Information Security and Information Security policies (physical and logical access control, physical security, against malicious code, back-ups, information classification, information processing, continuity…) implemented at ADAM
  • That the Management system is operated on the basis of approved documented information, policies, processes, procedures…
  • That compliance is verified by means of external audits, the follow-up of goals and indicators, and Management reviews
  • That non-conformities and complaints are corrected by implementing corrective actions and the evaluation of their results
  • That there are continuous improvement processes in the Information Security Management System

The principles of the Quality and Information Security Policy are assumed and promoted by the Management, which provides the necessary means and provides employees with the resources necessary to observe this Policy, establishing and publishing them by means of this Quality and Security Policy.