Information Security Policy

1. Objective

The purpose of this document is to define the Information Security Policy of das-Nano Group (consisting of das-Nano, das-Nano Tech and Veridas, hereinafter das-Nano), providing a framework to establish the security objectives and the company’s commitment to comply with the applicable requirements and the continuous improvement of its information security system.

2. Scope

This policy shall apply to all employees of the das-Nano Group.

3. Information Security Policy

das-Nano Group companies are aware of the importance of offering maximum security at an operational and legal level to all interested parties, and for this purpose we have established an Information Security Management System based on the ISO/IEC 27001 standard.

Likewise, at das-Nano we are committed to ensuring information security and compliance with current rules and regulations. We recognize and fully adhere to the requirements established in the Royal Decree 311/2022 of May 3rd, which regulates the National Security Scheme.

Our organization has conducted a thorough analysis of the requirements established in the Royal Decree and has implemented the corresponding measures to ensure compliance with such provisions. We have developed policies, procedures and controls that are aligned with the standards and guidelines established in Royal Decree 311/2022, with the aim of protecting the confidentiality, integrity and availability of information.

In addition, we are committed to keep ourselves updated on changes and updates in the legal and regulatory framework related to information security, and to make the necessary modifications to our information security policy to ensure continuous compliance.

In this sense, the aforementioned companies have developed and implemented a comprehensive information security policy aimed at guaranteeing the following objectives:

• Guarantee the confidentiality, availability and integrity of its services, both in the services provided to its clients and in the internal management. 
• Comply with legal, regulatory and client requirements regarding the processing of the information.
• Convey confidence to stakeholders.
• Establish employee responsibility for compliance with information security procedures.
• Focus on continuous improvement.

The companies have approved and maintained various policies and procedures with the aim of responding to the above objectives, as a sign of our commitment to information security within the framework of our activities.

das-Nano Group companies are committed to annually review and revise the Information Security Policy, as well as to communicate it to all interested parties.

Tajonar, 20th March 2023.

Eduardo Azanza 

CEO, das-Nano