(creation date: 05.07.2022)

The WYgroup Board of Directors considers a priority the implementation of the ISMS, imposed as a necessity to compete in the market and continuously improve the organization processes. In addition, current legislation is clear on the subject of Information Security, from the legal framework of data protection to the specific requirements of service providers. As a compromise, WYgroup defines this policy with appropriate measures that ensure the implementation of the ISMS based on the international standard ISO 27001:2013:

• Ensure an adequate level of Information Security managed by WYgroup, providing partners and employees with transparency, trust, integrity, and services to meet their needs efficiently;
• Training and awareness of all employees, but also partners and clients;
• Increase the effectiveness and efficiency of internal processes;
• Identify the risks that threaten information-processing assets, which will be permanently evaluated, controlled and, if possible, reduced.
  Procedures have been defined, and are present at all levels of the organization to achieve the following objectives:
• Obtain ISO 27001:2013 certification in 2023 and maintain it over time;
• Keep a low number of Information Security incidents;
• Ensure that Information Security incidents SLAs are accomplished;
• Ensure that all employees receive training in Information Security.

This allows the continuous improvement of the business processes and the improvement of all teams in Information Security (ISO 27001), ensuring that the ISMS is always aligned with WYgroup objectives.

WYgroup Board of Directors understands that a high level of security quality must, therefore, be guaranteed in a permanent and balanced way, to prevent the materialization of inherent risks, to mitigate or limit potential damages, and to guarantee that the business operates according to plan over time.