Information Security Policy

Revision history

Management commitment

GPU Solutions, as a company engaged in software programming activities and GPU computing infrastructure, assumes its commitment to information security, undertaking its proper management to provide all interested parties with maximum guarantees regarding the security of the information used.

Security objectives

• Provide a framework to increase resilience and the capacity to respond effectively to critical security situations.
• Ensure the rapid and efficient recovery of services in the event of any physical disaster or contingency that may compromise business continuity.
• Prevent information security incidents to the extent technically and economically feasible, and mitigate information security risks generated by our activities.
• Guarantee the confidentiality, integrity, availability, authenticity and traceability of information.

Security principles

In accordance with the reference standards ISO/IEC 27001:2022 and RD 311/2022 (Spanish National Security Framework, ENS), the General Management establishes the following principles:

• Management's competence and leadership as a commitment to develop the Information Security Management System.
• Identify relevant internal and external stakeholders and meet their requirements.
• Understand the organization's context and identify opportunities and risks related to information security.
• Comply with legal and regulatory requirements applicable to our activity, and commitments to customers and stakeholders.
• Ensure the confidentiality of data managed by the company and the availability of information systems, preventing unauthorized alteration.
• Ensure response capacity in emergency situations, restoring critical service operations as quickly as possible.
• Establish appropriate measures for risk treatment derived from asset identification and assessment.
• Motivate and train all personnel working in the organization.
• Ensure continuous analysis of all relevant processes, implementing improvements as appropriate.

Legal and regulatory framework

• Regulation (EU) 2016/679, General Data Protection Regulation (GDPR)
• Spanish Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights
• Royal Decree 311/2022, Spanish National Security Framework (ENS)
• Regulation (EU) 910/2014, electronic identification and trust services (eIDAS)
• Spanish Law 34/2002 on Information Society and E-Commerce Services (LSSI-CE)
• Royal Legislative Decree 1/1996, Intellectual Property Law
• Spanish Law 31/1995 on Occupational Risk Prevention

Security roles and functions

Information Security Committee

The Information Security Committee is the body with the highest responsibility within the Information Security Management System. All relevant security decisions are agreed by this committee.

The Security Committee is an autonomous executive body with decision-making capacity that does not subordinate its activity to any other element of the company.

Active certifications

This policy is complemented by the rest of policies, procedures and documents in force for the development of our management system, and shall be redistributed annually as a reminder, unless modified, in which case it will be reissued after such changes.