Decskill Information Security Policy

Decskill prioritizes ensuring protection in access, processing, safeguarding, and transmission of information, guaranteeing its confidentiality, integrity, and availability. The commitment to information security extends across all areas of the organization and aligns with legal, regulatory, and contractual requirements, as well as international standards such as ISO 27001.

To safeguard information assets, Decskill has implemented an Information Security Management System (ISMS), consisting of policies, processes, and procedures that are continuously reviewed and improved based on risk assessments.

Fundamental Principles

The Decskill Information Security Policy is based on the following principles:

✔ Protection against unauthorized access;
✔ Guarantee of information confidentiality and integrity;
✔ Compliance with applicable laws and regulations;
✔ Implementation and regular testing of business continuity plans;
✔ Effective monitoring, detection, and response to security incidents;
✔ Continuous awareness and training in information security.

Responsibilities

Decskill clearly defines responsibilities within the ISMS:

• Management – Approves policies and ensures ISMS implementation;
• CISO – Responsible for ISO 27001 certification and ISMS operations monitoring;
• Cybersecurity Committee – Oversees and supports ISMS compliance;
• Data Protection Officer (DPO) – Ensures GDPR compliance and interaction with the Data Protection Authority;
• Employees and Third Parties – Must comply with policies and report security incidents.

Decskill maintains an ongoing commitment to improving information security, protecting its assets, and ensuring the trust of clients and partners.