Information security policy

Captio is an easy-to-use cloud-based platform for companies that have employees who travel for work and their supervisors. It aims at offering companies greater control over their expenses in order to discover new saving opportunities.

Proximity, quality of service and performance orientation is what we are all about. Consequently, sensitive to the importance of information security, and in line with our own identity, Captio has fostered the establishment of an Information Security Management System in accordance with the requirements of the standard UNE-ISO/IEC 27001:2014, in order to identify, evaluate and minimise the risks involved with regard to the company's information and that of their clients, as well as ensuring that the desired objectives are met.

The main aim of this Security Policy is to establish an action model that will allow us to develop a corporate culture, a way of working and making decisions on Captio, as well as to ensure that information security and respect for personal data remain intact:

  • Preserving the confidentiality of our clients' information by protecting it from disclosure and unauthorised use.
  • Maintaining the integrity of our clients' information by ensuring its accuracy and consistency.
  • Ensuring the availability of our clients' information, in all formats and whenever needed.

Management, meanwhile, particularly values and has as a main criterion for risk assessment the availability and confidentiality of their information and even more of that of their clients. In this way, it is committed to developing, implementing, maintaining and continually improving its Information Security Management System (ISMS) with the aim of steadily improving how we deliver our services and the way in which we deal with our clients' information. For this reason, Captio's policy is:

  • To establish objectives on an annual basis with regard to Information Security.
  • To fulfil its legal, contractual and legal requirements.
  • To conduct training and awareness-raising activities for all staff with regard to Information Security procedures.
  • To develop a process for analysing, managing and treating the risk to information assets.
  • To establish control objectives and corresponding controls in order to mitigate the risks identified.
  • To establish where employees’ responsibilities lie in relation to:
    • Reporting security breaches
    • Preserving the confidentiality, integrity and availability of information assets in compliance with the present policy
    • Complying with policies and procedures inherent in the Information Security Management System.

 The security officer will be directly responsible for the implementation of this policy, providing advice and guidelines and amending any deviations from compliance.