Seleccionar página

INFORMATION SECURITY POLICY

Version:1

Approval Date: 20/01/2025

Approved by: Management

Quality and Information Security Management

  1. Purpose

At THE PIONAIR LAWFIRM S.L., we recognise that quality and information security management are essential. We have therefore established a management framework that ensures confidentiality, integrity and availability, in line with our specialisation in providing legal advice to airlines and in compliance with the ISO 27001 standard.

  1. Scope

This policy applies to all employees, partners, contractors and third parties who have access to information belonging to THE PIONAIR LAWFIRM S.L.. It covers all information systems, networks, applications, physical premises and client data, particularly that relating to legal advisory services.

  1. Management Commitment

PionAirLaw is committed to safeguarding client and corporate information against unauthorised access, preserving its integrity, and complying with all applicable data protection laws and regulations. We undertake to provide the resources necessary to implement and maintain the Information Security Management System (ISMS). Furthermore, under this policy, we commit to establishing information security objectives that are appropriate to the organisation.

  1. Risk Management

We carry out regular risk assessments to identify threats and vulnerabilities, particularly those affecting the industry, and apply solutions to minimise incidents and enhance effectiveness. Adequate controls are implemented to mitigate identified risks.

  1. Access Control

Access to information is restricted to authorised individuals only. Strong authentication is required for access to systems and data. Access rights are reviewed on a regular basis.

  1. Incident Management

Clear procedures are established for the identification, reporting and management of security incidents. Security incidents are reported and addressed promptly in order to minimise the impact on operations. Post-incident analyses are carried out to identify root causes and prevent recurrence.

  1. Awareness and Training – Continuous Professional Development

We believe that ongoing training and education are essential to personal development and to maintaining excellence across all areas of our practice. We provide all employees with continuous information security training tailored to their roles and responsibilities. We foster a culture of security within the firm through awareness campaigns and effective communication. The effectiveness of training programmes is regularly evaluated, and continuous improvements are made.

  1. Legal Compliance and Review

We ensure compliance with all applicable laws and regulations, including personal data protection and the confidentiality of client information.

Internal and external audits are conducted to verify compliance and the effectiveness of the ISMS.

Management ensures that this policy is disseminated, understood and applied throughout the organisation and by all relevant stakeholders.

This policy will be reviewed at least annually, or whenever there are significant changes in the environment, legislation, or the firm’s systems.

  1. Contact

For any enquiries regarding this policy, please contact the Information Security Officer at: support@pionairlaw.com

Madrid, 20 January 2025

.