PRACTIKALIA, as a company dedicated to the provision of skills training consultancy services, openly states its intention to offer competitive services to all its customers. For this reason, it has implemented an Information Security Management System within the organisation, the main objective of which is to achieve business objectives and customer satisfaction by guaranteeing the security of information at all times through established processes based on a process of continuous improvement, ensuring the continuity of information systems, minimising the risk of damage and ensuring compliance with the objectives set to ensure the confidentiality, integrity and availability of information at all times.

To this end, it assumes its commitment to information security in accordance with the ISO /IEC 27001:2022 reference standard, for which the Senior Management establishes the following principles:

• Competence and leadership by senior management as a commitment to develop the Information Security Management System.
• Determine the internal and external parties that are relevant to the Information Security Management System and meet their requirements.
• Understand the context of the organization and identify organisational opportunities and risks with respect to information security as a basis for action planning to address, assume or deal with them.
• Ensure the satisfaction of our clients, including the interested parties in the company's performance, in all matters relating to the conduct of our business and its impact on society.
• Establish objectives and goals focused on the evaluation of performance in the field of Information Security, as well as continuous improvement in our activities, regulated in the Management System that develops this policy.
• Compliance with the requirements of the legislation applicable and regulatory to our activity, the commitments acquired with clients and interested parties and all those internal rules or guidelines to which the company is subject.
• Ensure the confidentiality of the data managed by the company and the availability of the information systems, both in the services offered to clients and in internal management, avoiding undue alterations to the information.
• Ensure the capacity to respond to emergency situations, re-establishing the functioning of critical services in the shortest possible time.
• Establish the appropriate measures for the treatment of risks derived from the identification and evaluation of assets.
• Motivate and train all personnel working in the organisation, both for the correct performance of their jobs and to act in accordance with the requirements imposed by the reference standard, providing a suitable environment for the operation of the processes.
• Maintaining fluid communication both internally, among the different levels of the company, as well as with clients.
• Evaluating and guaranteeing the technical competence of the personnel for the performance of their functions, as well as ensuring adequate motivation for their participation in the continuous improvement of our processes.
• Guarantee the correct state of the facilities and the appropriate equipment, in such a way that they are in correspondence with the activity, objectives and goals of the company.
• Guarantee a continuous analysis of all relevant processes, establishing the relevant improvements in each case, depending on the results obtained and the established objectives.

These principles are assumed by Senior Management, which has at its disposal the necessary means and provides its employees with sufficient resources for their compliance, implementing them and making them public knowledge by means of the current Policy of Information Securty.