Quality and information security policy

Abacus Consulting Technologies, a 100% Spanish company specialized in Location Intelligence solutions, we provide data analytics services, analytical model development, consulting, software development, R&D and Artificial Intelligence. We combine high-quality geospatial data with advanced technologies to provide our clients with insights that optimize decision making and key business processes. The quality of our services and the security of the information we manage are essential to maintain the trust of our customers, partners and other stakeholders.

Purpose of the policy

This policy establishes the guiding principles of our Integrated Management System, based on the international standards ISO 9001:2015 (Quality Management) and ISO/IEC 27001:2022 (Information Security). Our goal is to ensure customer satisfaction, operational efficiency and information protection in all our processes.

Management commitment

The Senior Management of Abacus Consulting is committed to:

  • Regulatory Compliance: Comply with all legal, regulatory, contractual and regulatory requirements applicable to our operations.
  • Information Protection: Safeguarding the confidentiality, integrity and availability of information, protecting it against unauthorized access, improper modification or loss.
  • Quality and Security Objectives: Establish, review and periodically update objectives related to quality and information security, aligned with our business strategy.
  • Culture of Continuous Improvement: To foster an organizational culture that promotes continuous improvement and effective management of our processes, adapting to the changing needs of the market and our customers.
  • Personnel Development: To ensure the competence, awareness and continuous training of our team in relation to service quality and information security.
  • Adequate Resources: Provide the necessary resources to ensure compliance with this policy and the effective operation of the management system.

Risk management

We are committed to:

  • Risk Evaluation and Treatment: Identify, evaluate and treat the risks associated with our processes, products and services, especially those that may affect the security of information assets.
  • Preventive and Response Measures: Implement preventive measures and response plans for security incidents, ensuring business continuity and resilience to disruptions or emergencies.

Customer and stakeholder satisfaction

  • Customer Focus: To meet and, where possible, exceed our customers’ expectations through efficient and controlled processes that ensure the quality of our services.
  • Effective Communication: Maintain constant, clear and effective communication with all stakeholders, understanding and meeting their needs and expectations related to quality and information security.

Review and communication

  • This policy is reviewed periodically to ensure its adequacy and alignment with the context of the organization and the demands of the environment. It is documented, communicated to all personnel and available to stakeholders through appropriate internal and external channels.

    Signed: Address

    Date: May 29, 2025. Edition 01