1. Quality Policy

Adam, as a company with extensive experience in the use of information technologies, is aware of the importance of ensuring Quality in Data Center Services, as well as in the associated communication services it provides to its clients. For this reason, it has developed this Quality Policy, setting and aligning the Company’s Quality goals with the strategic goals, the business requirements and the requirements of the clients and the stakeholders, in order to guarantee customer satisfaction.

The Quality Policy is developed by means of Policies, Processes, Procedures, Regulations, Guidelines, Work Instructions and Quality Standards, which specify, within their scope, the way in which the Quality Policy is applied to the Company’s Process Map.

The ultimate objective of the Quality Policy is to reinforce the commitment undertaken by Adam to its clients, in terms of continuous improvement of the level of service provided, strict compliance with the legislation in force at any given time and continuous improvement of internal processes, in accordance at all times with legally established rights.

Due to all the foregoing, Adam’s Management explicitly declares that it is aware and approved the policies and regulations developed in these documents and therefore all the staff must be aware of them and apply them at all times as part of their duties in the company.

For the effective application of the Quality Policy in the company, the Management will provide the necessary resources for its good development, both in implementation activities and in operation and improvement activities of this policy and any processes which may be established.

Customer satisfaction is essential for correct alignment with the business goals. To this end, a Quality Management System (QMS) has been established in order to implement all the processes necessary to establish the way in which services and products will be provided.

The Quality Management System is continuously updated and improved to meet the needs of the business, the clients and the stakeholders. New goals are set on a regular basis and business processes are regularly evaluated.

The Quality Management System is reviewed annually or when there is a significant change in the business.

The Quality Management System, implemented, used and improved, according to the ISO/IEC 9001:2015 standard, in the organization, guarantees:

  • That it establishes and maintains the context, and determines the needs and expectations of the stakeholders
  • That roles, responsibilities and authorities have been assigned
  • That goals are set for the Quality Management System, and aligned with the strategic goals
  • That indicators are set to measure the performance of processes, and these are periodically analysed and evaluated
  • That a criterion is set to manage business risks
  • That all the staff receive training and attend awareness-raising activities regarding quality and customer satisfaction
  • That the Management system is operated on the basis of approved documented information, policies, processes, procedures, etc.
  • That compliance is verified by means of external audits, the follow-up of goals and indicators, and Management reviews
  • That non-conformities and complaints are corrected by implementing corrective actions and the evaluation of their results
  • That there are continuous improvement processes in the Quality Management System

2. Information Security Policy

Adam, as a company with extensive experience in the use of information technologies and the processing of information assets, is aware of the importance of securing the information in its business activities and especially to provide the Data Center Services and associated Communication Services. For this reason, it has developed this Information Security Policy, setting and aligning the Company’s Security goals with its strategic goals, the business requirements and the requirements of the clients and the stakeholders, in order to guarantee the confidentiality, integrity and availability of its Information assets and of its clients’ Information assets.

The Information Security Policy is developed by means of Policies, Processes, Procedures, Regulations, Guidelines, Work Instructions and Security Standards, which specify, within their scope, the way in which the Security Policy is applied to the company’s various information assets and processes, so that the levels required for the global fulfilment of the business and security goals can be achieved in each area.

The ultimate objective of the Information Security Policy is to reinforce the commitment undertaken by Adam to its clients, in terms of continuous improvement of the level of service provided, strict compliance with the legislation in force at any given time, continuous improvement of internal processes and protection of the Information assets of Adam’s current and future clients, in accordance at all times with legally established rights.

Due to all the foregoing, Adam’s Management explicitly declares that it is aware and approved the policies and regulations developed in these documents and therefore all the staff must be aware of them and apply them at all times as part of their duties in the company.

For the effective application of the Information Security Policy in the company, the Management will provide the necessary resources for its good development, both in implementation activities and in operation and improvement activities of the aforementioned policy and any information security checks which may be established.

Protecting Adam’s and its clients’ Information assets is essential for correct alignment with the business goals. To this end, an Information Security Management System (ISMS) has been set up in order to implement all the processes and checks necessary to establish the way in which Information assets are protected.

The Information Security Management System is continuously updated and improved to meet the needs of the business, the clients and the stakeholders. New goals are set on a regular basis and business processes are regularly evaluated.

The Information Security Management System is reviewed annually or when there is a significant change in the business.

The Information Security Management System, implemented, used and improved, according to the ISO 27001:2013 standard and the National Security Scheme, in the organization, guarantees:

  • That it establishes and maintains the context, and determines the needs and expectations of the stakeholders
  • That roles, responsibilities and authorities have been assigned
  • That goals are set for the Information Security Management System, and aligned with the strategic goals
  • That indicators are set to measure the performance of checks, and these are periodically analysed and evaluated
  • That a risk criterion is set to identify, analyse, evaluate and treat risks
  • That all the staff receive training and attend awareness-raising activities regarding Information Security and Information Security policies (physical and logical access control, physical security, against malicious code, backups, information classification, information processing, continuity, etc.) implemented at Adam
  • That the Management system is operated on the basis of approved documented information, policies, processes, procedures, etc.
  • That compliance is verified by means of external audits, the follow-up of goals and indicators, and Management reviews
  • That non-conformities and complaints are corrected by implementing corrective actions and the evaluation of their results
  • That there are continuous improvement processes in the Information Security Management System

The principles of the Quality and Information Security Policy are assumed and promoted by the Management, which provides the necessary means and provides employees with the resources necessary to observe this Policy, establishing and publishing them by means of this Quality and Security Policy.

3. Business Continuity Policy.

Adam, as a company with extensive experience in the use of information technologies and the processing of information assets, is aware of the importance of business continuity in its business activities and especially to provide the Data Center Services and associated Communication Services. For this reason, it has developed this Business Continuity Policy, setting and aligning the Company’s Business Continuity goals with its strategic goals, the business requirements and the requirements of the clients and the stakeholders, in order to guarantee the continuity, confidentiality, integrity and availability of its Information assets and of its clients’ Information assets.

The Business Continuity Policy is developed through Policies, Processes, Plans, Procedures, Regulations, Guidelines and Work Instructions to respond appropriately to any disruption in order to minimize the impact on the organization’s operations until complete normality is resumed.

The final objective of the Business Continuity Policy is based on the security and protection of personnel in contingency situations, disruptive situations and/or within the normal operations of the organization.

The principles of the Business Continuity Policy are assumed and promoted by the Management, which provides the necessary means and provides employees with the resources necessary to observe this Policy, establishing and publishing them by means of this Quality, Information Security and Business Continuity Policy. These principles are formulated taking into consideration the risks and needs of Adam’s business. Through said Business Continuity Policy, the company must ensure and guarantee that critical services and processes are recovered within the deadlines and margins established in the business continuity plan.

Adam’s Management and Security Committee explicitly declares that it is aware and approved the policies and regulations developed in these documents and therefore all the staff must be aware of them and apply them at all times as part of their duties in the company. They are responsible for promoting the implementation, coordination and development of the company’s business continuity plans and activities, taking into account the risk assessment carried out and the critical processes and services, in addition to guaranteeing that all the organization’s personnel are involved in plans, procedures and work instructions.

The Business Continuity Management System is continuously updated and improved. New goals are set on a regular basis and business processes are regularly evaluated.

The Business Continuity Management System, implemented, used and improved, according to the ISO 22301:2019 standard, in the organization, guarantees:

  • That it establishes and maintains the context, and determines the needs and expectations of the stakeholders
  • That roles, responsibilities and authorities have been assigned
  • That goals are set for the Business Continuity Management System, and they are aligned with the strategic goals
  • That indicators are set to measure the performance of checks, and these are periodically analysed and evaluated
  • That a risk criterion is set to identify, analyse, evaluate and treat risks
  • That all the staff receive training and attend awareness-raising activities regarding Business Continuity Plans, policies, procedures and instructions implemented in Adam
  • That the Management system is operated on the basis of approved documented information, policies, processes, procedures, etc.
  • That a business impact analysis (BIA) and risk assessment be established
  • That strategies for business continuity, solutions and a continuity plan are established
  • That compliance is verified by means of external and internal audits, the follow-up of goals and indicators, and Management reviews
  • That non-conformities and complaints are corrected by implementing corrective actions and the evaluation of their results.

Last revision: 24/05/2022