Information Security Policy

At Rootstack S.A., we are committed to the implementation, maintenance, and continuous improvement of our Information Security Management System, ensuring that our operations meet the highest standards of quality and information security.

This policy provides a structured framework to manage and protect information assets, ensuring their confidentiality, integrity, and availability throughout all business operations, while adhering to the standards of quality and security, including ISO/IEC 27001:2022, and ISO 9001:2015, which guide our processes and practices.

To support this commitment, we prioritize proactive risk management, secure handling of client and internal data, and strict compliance with regulatory and contractual obligations.

By fostering a culture of awareness and accountability, we empower our team to uphold security best practices at every level. Additionally, we leverage industry-leading technologies and processes to ensure robust protection of information assets while continuously evolving our system to address emerging challenges and align with organizational goals.

Confidentiality:

• Ensure that information is accessible only to authorized individuals.
• Protect sensitive client data, including code repositories and project documentation, through access controls and encryption.

Integrity:

• Safeguard information against unauthorized changes to maintain its accuracy and reliability.
• Implement version control systems and secure environments for software development.

Availability:

• Ensure information and systems are accessible to authorized users when required.
• Employ robust disaster recovery plans and maintain backups of codebases and client data.

Compliance

• Adhere to applicable legal, regulatory, and contractual requirements, including international standards such as ISO 27001 and ISO 9001:2015.