Information Security Policy
BioIdenti-Cell is a company specialized in biometric development (fingerprint and facial recognition) and its application. We are an IT engineering firm with expertise in the field of biometrics, capable of designing solutions for end clients, as well as for technology consultancies or hardware manufacturers in need of biometric expertise.
Based on the above, the Management establishes the following information security objectives:
✔ Provide a framework to enhance resilience and ensure an effective response.
✔ Ensure rapid and efficient recovery of services in the face of any physical disaster or contingency that could jeopardize operational continuity.
✔ Prevent information security incidents to the extent that it is technically and economically viable, as well as mitigate information security risks generated by our activities.
✔ Ensure confidentiality, integrity, availability, authenticity, and traceability of information.
To achieve these objectives, it is necessary to:
✔ Continuously improve our information security system.
✔ Comply with applicable legal requirements and any other requirements we subscribe to, in addition to commitments made to clients, as well as their continuous updates. The legal and regulatory framework in which we conduct our activities includes:
- EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
- Organic Law 3/2018 of 5 December on the Protection of Personal Data and the Guarantee of Digital Rights.
- Royal Legislative Decree 1/1996 of 12 April on Intellectual Property.
- Royal Decree-Law 2/2018 of 13 April amending the consolidated text of the Intellectual Property Law.
- Royal Decree 311/2022 of 3 May regulating the National Security Framework.
- Law 40/2015 of 1 October on the Legal Regime of the Public Sector.
- Law 39/2015 of 1 October on the Common Administrative Procedure of Public Administrations.
- ISO 27001: 2022, Information Security Management System.
✔ Identify potential threats and their impact on business operations that these threats could cause if realized.
✔ Preserve the interests of key stakeholders (clients, shareholders, employees, and suppliers), reputation, brand, and value creation activities.
✔ Collaborate with our suppliers and subcontractors to improve IT service delivery, service continuity, and information security, leading to greater efficiency in our operations.
✔ Assess and ensure the technical competence of personnel, as well as motivate them to participate in the continuous improvement of our processes, providing the necessary training and internal communication for them to follow good practices defined in the system.
✔ Ensure the proper condition of facilities and appropriate equipment in line with the company’s activity, objectives, and goals.
✔ Continuously analyze all relevant processes, implementing relevant improvements in each case based on results obtained and established objectives.
✔ Structure our management system for easy understanding. Our management system has the following structure:

The management of our system is entrusted to the Management Officer, and the system will be available in our information system in a repository, which can be accessed according to the access profiles granted according to our current access management procedure. These principles are assumed by the Management, which provides the necessary means and provides its employees with sufficient resources for their compliance, embodying and making them publicly known through this Information Security Policy.
The defined security roles or functions are:
Information Manager
– Make decisions related to the processed information
Services Manager
– Coordinate the implementation of services
– Continuously improve services
Security Manager
– Determine the suitability of technical measures
– Provide the best technology for the service
System Manager
– Coordinate the implementation of the system
– Continuously improve the system
Management
– Provide the necessary resources for the system
– Lead the system
This definition is further detailed in the job profiles and system documents. The procedure for their appointment and renewal will be ratification by the security committee. The security committee is the body with the highest responsibility within the information security management system, so that all the most important decisions related to security are agreed upon by this committee. The members of the information security committee are:
- Information Manager.
- Services Manager.
- Security Manager.
- System Manager.
- Company Management (partner-administrators).
These members are appointed by the committee, the only body that can name them, renew them, and dismiss them. The Security Committee is an autonomous, executive body with decision-making autonomy and is not required to subordinate its activity to any other element of our company. This policy is complemented by the rest of the policies, procedures, and documents in force to develop our management system.
December 2023
Joan Vilaseca
CEO