Information Security Policy of Bigger

At Bigger, committed to our values of integrity, excellence, passion, and security, we adopt this policy to protect the confidentiality, integrity, and availability of information, recognising it as a fundamental asset for the success and sustainability of our operations.
‍
With the aim of complying with applicable legal, regulatory, and contractual requirements, as well as international standards such as ISO/IEC 27001:2022, we manage the risks associated with information security by implementing effective controls to prevent unauthorised access, data loss, unauthorised alterations, or any threats that may compromise business continuity.

This policy encompasses the continuous identification, assessment, and treatment of information security risks, establishing controls and programmes designed to ensure the protection of data belonging to our clients, partners, employees, and other stakeholders. We are committed to:

• Confidentiality: Ensuring that information is accessible only to authorised individuals.
• Integrity: Guaranteeing the accuracy and completeness of information and its processing methods.
• Availability: Ensuring that information is accessible when required by business processes.

We promote a security-focused culture through ongoing training programmes, ensuring that all employees, contractors, and third parties understand the importance of this policy and adhere to the established guidelines to prevent security incidents.
‍
We operate with a continuous improvement approach, periodically evaluating the effectiveness of our information security management system to adapt it to changes in the organisational, technological, and regulatory context.

This policy is regularly reviewed and communicated to ensure its alignment with the company’s strategic objectives, guaranteeing that all internal and external personnel are committed to its compliance.