Esblada Medical’s Management recognizes that information is a sensitive and important asset and, as such, requires appropriate protection in order to uphold the trust placed in us by our customers and users. Accordingly, Esblada Medical has implemented an Information Security Management System (ISMS) designed to protect information against threats and ensure the continuity of its business lines, minimizing damage and providing security assurance to our customers.
Esblada Medical’s Management is committed to preserving information security across its fundamental properties:
Its confidentiality, ensuring that only authorized individuals can access the information.
Its integrity, ensuring that information is not altered during storage, processing or transmission.
Its availability, ensuring that authorized users have access to services and information whenever required.
Its authenticity, ensuring that information genuinely comes from the source it claims to come from and has not been altered or falsified at source or during transmission.
Its traceability, ensuring the ability to verifiably track all actions, access, changes and events affecting the information.
This Policy provides the framework for our Information Security Management System, enabling us to ensure:
The integration of information security into all of the organization’s processes.
The clear assignment of information security responsibilities across the organization.
The implementation of the controls and measures necessary to minimize information security and privacy risks.
The protection of personal data and individuals’ privacy.
The protection of intellectual and industrial property rights.
Compliance with business requirements, applicable legislation and other regulations in force, as well as contractual information security and privacy obligations.
Business continuity, through the development of continuity plans in accordance with recognized standards.
The proper handling of information according to its confidentiality classification.
Ongoing awareness and training for all personnel.
The fully satisfactory resolution of incidents and the lessons learned from them.
A continuous improvement process, based on measuring the performance of the measures in place and the achievement of the established objectives.
Achieving these objectives requires the motivation, commitment and participation of all personnel in the organization, under the leadership of Esblada Medical’s Management. Regardless of each employee’s position and duties, we are all fully responsible for applying this Policy within our area of activity, thereby ensuring consistency, continuous improvement and the satisfaction of both external and internal customers.
This Information Security Policy is reviewed annually, communicated at all levels of the company and made available to the general public.
Signature:
Francesc Roig
Managing Director of Esblada Medical
La Garriga, 23 April 2026