Quality, Security & Business Continuity Policy

1.- Quality Policy

Adam, as a company with extensive experience in the use of information technologies, is aware of the importance of ensuring the Quality in the DataCenter Services, as well as in the associated communication services it provides to its customers. For this reason, it has developed this Quality Policy, setting and aligning the Company’s Quality goals with the strategic goals, the business requirements and the requirements of the customers and the stakeholders, in order to guarantee customer satisfaction.

The Quality Policy is developed by means of Policies, Processes, Procedures, Regulations, Guidelines, Work Instructions and Quality Standards, which specify, within their scope, the way in which the Quality Policy is applied to the Company’s Process Map.

The ultimate objective of the Quality Policy is to reinforce the commitment undertaken by Adam to its customers, in terms of continuous improvement of the level of service provided, strict compliance with the legislation in force at any given time and continuous improvement of internal processes, in accordance at all times with the legally established rights.

For all the foregoing, the Adam’s Management explicitly declares that it is aware and approved the policies and regulations developed in these documents and therefore all the staff must be aware of them and apply them at all times as part of their duties in the company.

For the effective application of the Quality Policy in the company, the Management will provide the necessary resources for its good development, both in the implementation activities and in the operation and improvement activities of this policy and the processes which may be established.

Customer satisfaction is essential for the correct alignment with the business goals. To this end, a Quality Management System (QMS) has been established in order to implement all the processes necessary to establish the way in which services and products will be provided.

The Quality Management System is continuously updated and improved to meet the needs of the business, the customers and the stakeholders. New goals are set on a regular basis and business processes are regularly evaluated.

The Quality Management System is reviewed annually or where there is a significant change in the business.

The Quality Management System, implemented, used and improved, according to the ISO/IEC 9001:2015 standard, in the organisation, guarantees:

  • That it establishes and maintains the context, and determines the needs and expectations of the stakeholders
  • That roles, responsibilities and authorities have been assigned
  • That goals are set for the Quality Management System, and aligned with the strategic goals
  • That indicators are set to measure the performance of processes, and are periodically analysed and evaluated
  • That a criterion is set to manage business risks
  • That all the staff receive training and attend awareness-raising activities regarding quality and customer satisfaction
  • That the Management system is operated on the basis of approved documented information, policies, processes, procedures…
  • That compliance is verified by means of external audits, the follow-up of goals and indicators, and Management reviews
  • That non-conformities and complaints are corrected by implementing corrective actions and the evaluation of their results
  • That there are continuous improvement processes in the Quality Management System

2.- Information Security Policy

Adam, as a company with extensive experience in the use of information technologies and the processing of information assets, is aware of the importance of securing the information in its business activities and especially to provide the Datacenter Services and associated Communication Services. For this reason, it has developed this Information Security Policy, setting and aligning the Company’s Security goals with its strategic goals, the business requirements and the requirements of the customers and the stakeholders, in order to guarantee the confidentiality, integrity and availability of its Information assets and of its customers’ Information assets.

The Information Security Policy is developed by means of Policies, Processes, Procedures, Regulations, Guidelines, Work Instructions and Security Standards, which specify, within their scope, the way in which the Security Policy is applied to the company’s various information assets and processes, so that the levels required for the global fulfilment of the business and security goals can be achieved in each area.

The ultimate objective of the Information Security Policy is to reinforce the commitment undertaken by Adam to its customers, in terms of continuous improvement of the level of service provided, strict compliance with the legislation in force at any given time, continuous improvement of internal processes and protection of the Information assets of ADAM’s current and future customers, in accordance at all times with the legally established rights.

For all the foregoing, the Adam’s Management explicitly declares that it is aware and approved the policies and regulations developed in these documents and therefore all the staff must be aware of them and apply them at all times as part of their duties in the company.

For the effective application of the Information Security Policy in the company, the Management will provide the necessary resources for its good development, both in the implementation activities and in the operation and improvement activities of the aforementioned policy and the information security checks which may be established.

Protecting ADAM’s and its customers’ Information assets is essential for the correct alignment with the business goals. To this end, an Information Security Management System (ISMS) has been established in order to implement all the processes and checks necessary to establish the way in which the Information assets are protected.

The Information Security Management System is continuously updated and improved to meet the needs of the business, the customers and the stakeholders. New goals are set on a regular basis and business processes are regularly evaluated.

The Information Security Management System is reviewed annually or where there is a significant change in the business.

The Information Security Management System, implemented, used and improved, according to the ISO 27001:2013 standard, in the organisation, guarantees:

  • That it establishes and maintains the context, and determines the needs and expectations of the stakeholders
  • That roles, responsibilities and authorities have been assigned
  • That goals are set for the Information Security Management System, and aligned with the strategic goals
  • That indicators are set to measure the performance of checks, and are periodically analysed and evaluated
  • That a risk criterion is set to identify, analyse, evaluate and treat risks
  • That all the staff receive training and attend awareness-raising activities regarding Information Security and Information Security policies (physical and logical access control, physical security, against malicious code, back-ups, information classification, information processing, continuity…) implemented at ADAM
  • That the Management system is operated on the basis of approved documented information, policies, processes, procedures…
  • That compliance is verified by means of external audits, the follow-up of goals and indicators, and Management reviews
  • That non-conformities and complaints are corrected by implementing corrective actions and the evaluation of their results
  • That there are continuous improvement processes in the Information Security Management System

The principles of the Quality and Information Security Policy are assumed and promoted by the Management, which provides the necessary means and provides employees with the resources necessary to observe this Policy, establishing and publishing them by means of this Quality and Security Policy.

3. – Business Continuity Policy

Adam, as a company with extensive experience in the use of information technologies and the treatment of information assets, knows the importance of business continuity for its business activities and in particular to provide Datacenter Services and associated Communications Services. Therefore, it has developed this Business Continuity Policy, which sets and aligns the company’s Business Continuity objectives with the strategic objectives, business requirements, business requirements, customer requirements and stakeholders, in order to ensure the continuity, confidentiality, integrity and availability of its information assets and the information assets of its customers.
The Business Continuity Policy is developed through Policies, Processes, Plans, Procedures, Standards, Guidelines and Work Instructions to adequately respond to any disruption in order to minimize the impact on the organization’s operations until its complete recovery to normality.
The final objective of the Business Continuity Policy is based on the safety and protection of personnel in contingency situations, disruptive and/or within the normal operations of the organization.
The principles of the Business Continuity Policy are assumed and promoted by the Management, which provides the necessary means and provides employees with sufficient resources for its compliance, expressing them and making them public through this Quality, Information Security and Business Continuity Policy. These principles are formulated taking into consideration the risks and needs of Adam’s business. Through this Business Continuity Policy, the company must ensure and guarantee that critical services and processes are recovered within the deadlines and margins established in the business continuity plan.
Adam’s Management and Security Committee explicitly declare their knowledge and approval of the policies and regulations developed in these documents, so that all personnel must at all times be aware of them and apply them as part of their duties in the company. They are responsible for promoting the implementation, coordination and development of the company’s business continuity plans and activities, taking into account the risk assessment carried out and the critical processes and services, as well as ensuring that all the organization’s personnel are involved in the plans, procedures and work instructions.
The Business Continuity Management System is continuously updated, improved and new objectives are established periodically and business processes are regularly evaluated.
The Business Continuity Management System implemented, operated and improved, based on ISO 22301:2019, in the organization ensures:
That it establishes and maintains the context, determines the needs and expectations of stakeholders.
That roles, responsibilities and authorities are assigned
That objectives are established for the Business Continuity Management System, aligned with the strategic objectives.
Indicators are established to measure the performance of the controls and are periodically analyzed and evaluated.
That a risk criterion is established for the identification, analysis, evaluation and treatment of risks.
That all personnel receive training and awareness of the Business Continuity Plans, policies, procedures and instructions implemented at ADAM.
That the Management System is operated on the basis of the approved documented information, policies, processes, procedures, …
That a business impact analysis (BIA) and risk assessment is established.
That business continuity strategies, solutions and continuity plan are established.
That compliance is verified through external internal audits, monitoring of objectives and indicators and management reviews.
That non-conformities and complaints are corrected through the implementation of corrective actions and the evaluation of their results.

Last revision: 24/05/2022