In response to a new technological environment where convergence between information technology and communications is facilitating a new productivity paradigm for companies, Net Real Solutions, is highly committed to maintaining a competitive service through offering a responsible business model based on the permanent search for economic, social and environmental balance, where the development of good practices in Information Security is essential to achieve the objectives of confidentiality, integrity, availability and legality of all managed information.

Consequently, Net Real Solutions defines the following principles of application to be taken into account in the framework of the Information Security Management System (ISMS):

• Confidentiality: The information processed by Net Real Solutions will be known exclusively by authorized persons, upon identification, at the time and by the authorized means.


• Integrity: The information processed by Net Real Solutions will be complete, accurate and valid, its content being provided by those affected without any manipulation.


• Availability: The information processed by Net Real Solutions will be accessible and usable by authorized and identified users at all times, ensuring its own persistence in the event of any anticipated eventuality.


• Legality: Net Real Solutions, will guarantee compliance with all applicable legislation or contractual requirement. And specifically, the regulations in force related to the processing of personal data.

Net Real Solutions for the correct performance of its business functions is based and helps in the treatment of different types of data and information, supported by systems, programs, communications infrastructure, files, databases, files, etc., constituting these , one of the main assets of Net Real Solutions, in such a way that their damage or loss affects the performance of their services and can jeopardize the continuity of the organization. So that this does not happen, an Information Security Policy has been designed whose main purposes are:

• To protect, through controls / measures, assets against threats that may result in security incidents.


• Palliate the effects of security incidents.


• Establish a system of classification of information and data in order to protect critical information assets.


• Define the responsibilities in matters of information security generating the corresponding organizational structure.


• To elaborate a set of rules, standards and procedures applicable to management bodies, employees, partners, external service providers, etc.


• Specify the effects of non-compliance with the Safety Policy in the workplace.


• Evaluate the risks which affect the assets in order to adopt the appropriate security measures / controls.


• Verify the operation of the security measures / controls of the Safety Policy in the workplace.


• Train users in security management and in information and communications technologies.


• Control information and data traffic through communications infrastructures or by sending optical, magnetic, paper, etc. data media.


• Observe and comply with the legislation in terms of data protection, intellectual property, labor, information society services, criminal, etc., which affects the assets of Net Real Solutions.


• Protect the intellectual capital of the organization so that it is not disclosed or used illegally.


• Reduce the possibilities of unavailability through the proper use of the organization’s assets.


• Defend the assets before internal or external attacks so that they do not become security incidents.


• Check the operation of security measures finding out the number of incidents, their nature and effects.

The Management of Net Real Solutions assumes responsibility for supporting and promoting the establishment of the necessary organizational, technical and control measures to comply with this Information Security Policy. As well as, to provide those resources that are necessary to resolve as quickly and efficiently as possible, the nonconformities and incidents of information security that may arise, and the implementation of the necessary measures so that they do not return to occur.

This Policy will be maintained, updated and appropriate for the purposes of the organization, aligning with the organization’s risk management context. For this purpose it will be reviewed at planned intervals or whenever there are significant changes, in order to ensure that its suitability, adequacy and effectiveness are maintained.

Similarly, a formally defined risk assessment procedure is established to manage the risks that Net Real Solutions faces.

For its part, all policies and procedures included in the ISMS will be reviewed, approved and promoted by the Net Real Solutions Management.

2024 NRS-GROUP