Security of Information Policy

1. Introduction

VERIDAS DIGITAL AUTHENTICATION SOLUTIONS, S.L. (“Veridas”) is a company founded to provide identity services to its customers.

Veridas depends on ICT systems to achieve its objectives, so they must be diligently managed to protect information and services from damage. Information security ensures the quality and continuity of services through prevention, monitoring and rapid response to incidents.

ICT systems must adapt to evolving threats, complying with standards such as ISO/IEC 27001 and the National Security Scheme. Departments must integrate security into all stages of the system lifecycle and adequately plan for security requirements and funding in ICT services. In addition, they must implement security measures and controls identified through threat and risk assessments.

These controls, along with security roles and responsibilities, must be clearly defined and documented. It is essential to authorize systems prior to operation, regularly assess security and require periodic third-party reviews. Continuous monitoring is crucial to detect and respond quickly to anomalies and security events, establishing multiple layers of defense and reporting mechanisms. In addition, departments must have effective incident response mechanisms in place, designate points of contact and establish communication protocols with Emergency Response Teams (CERTs).

Finally, to ensure the availability of critical services, ICT systems continuity plans should be developed as part of the overall business continuity plan and recovery activities.

2. Scope

They are included in the scope of Veridas’ information security system:

“The information security management system that supports the activities of: design, development, deployment, production, maintenance, improvement and marketing, as well as integration and support services, of high-tech capital equipment and advanced software for industry in general, and in particular for the digital identity verification, advanced access control and high security printing industry.”

For the assessment of the required security level, the assessment criteria established in the respective standards applied by Veridas (ISO/IEC 27001 and ENS) will be taken into account.

Consequently, this policy applies to all Veridas ICT systems and to all members of the organization, without exception.

3. Mission. Corporate Presentation

Veridas is a technology company specialized in the development of digital identity and biometric authentication solutions, with the objective of guaranteeing the identity of transactions carried out by customers of commercial banks, insurance companies, consumer finance, car rentals, telcos, hospitality and gaming, among others.

The solutions developed by Veridas validate millions of identities every year.

Veridas is aware of the importance of offering maximum security at an operational and legal level to all interested parties, and to this end has established an Information Security Management System based on the ISO/IEC 27001 standard and the ENS.

In this sense, Veridas has developed and implemented a comprehensive information security policy aimed at ensuring the following objectives:

  • To guarantee the confidentiality, availability, integrity, authenticity and traceability of its services, both in the services offered to customers and in internal management.
  • Comply with legal, regulatory and customer requirements regarding the treatment of information.
  • Convey confidence to stakeholders.
  • Establish employee responsibility for compliance with information security procedures.
  • Focus on continuous improvement.

Veridas has approved and maintains several policies and procedures in order to respond to the above objectives, as a sign of its commitment to information security within the framework of its activities.

3.1. Review and communication

Veridas is committed to annually reviewing and revising its Information Security Policy and communicating it to all interested parties. In addition, the configuration of Veridas’ systems will be verified annually in conjunction with the review of the Policy to detect changes that violate Veridas’ security policies.

Any change that affects the level of security provided in the information security policy must be approved by the Information Security Committee.

Changes in the information security policy shall be communicated to interested parties in a way that allows them to be aware of such changes, when appropriate.

For this purpose, the following mechanisms, among others, may be used:

  1. Emails: Updates will be included in the regular emails we send to our customers and other stakeholders. This mechanism ensures that communications arrive directly in a consistent and recognizable manner.
  2. Publication on the Website: Changes will be posted on our website in a visible manner. The specific implementation of this publication will be determined to ensure maximum visibility and accessibility of the information.

To this end, in the event of a change that may affect the level of compliance of Veridas’ policy with official norms or standards or have an impact on a certification obtained, Veridas shall proactively notify relevant stakeholders, including assessment bodies, supervisory bodies or other regulatory bodies.

3.2. Contact information

Veridas can be contacted through its facilities, by telephone or through the e-mail addresses available for this purpose:

Polígono Industrial Talluntxe II, calle M-10, 31192 Tajonar (Navarra – Spain)
Phone: +34 948 24 62 95
Email: info@veridas.com, security@veridas.com and gdpr@veridas.com.

4. Comprehensive Commitment to Information Security at Veridas

At Veridas, information security is based on a comprehensive approach coordinated by the Information Security Committee. A detailed risk analysis is performed using the Magerit methodology, ensuring that the measures adopted to mitigate risks are proportional and adequate. All personnel related to information and systems receive continuous training and are subject to supervision to ensure compliance with established security regulations.

In addition, strict physical and logical access controls are implemented, ensuring that only authorized personnel can access critical facilities and information systems through multifactor authentication and secure password policies. Continuous monitoring and activity logs are conducted to proactively detect and respond to security incidents.

Facility protection includes measures against natural disasters and 24-hour surveillance systems.

Information assets are classified according to their level of sensitivity and protected with encryption techniques both at rest and in transit. Backups are meticulously managed to ensure the integrity and availability of critical information at all times.

Veridas is also committed to acquire certified security products and services, in accordance with recognized international standards, whenever required, and to maintain a process of continuous improvement in its information security system, in accordance with ENS guidelines and ISO/IEC 27001 standards. In addition, regular internal audits are conducted to verify compliance with the information security policy, and the policy is reviewed and updated annually as established in the previous point to ensure that it is aligned with organizational, technological and regulatory changes.

Veridas personnel are trained and aware of their responsibilities in information security, thus contributing to a strong organizational culture in this area. Communication and collaboration channels are established with internal and external stakeholders to ensure effective implementation of security controls and operating procedures. These efforts ensure that Veridas’ information security policy is not only documented and implemented, but also effectively maintained over time.

5. Legal and regulatory framework

Veridas will comply with all applicable regulations, laws and contracts, ensuring that the information security policy aligns with the business strategy and the current and anticipated information security threat environment.

Veridas has a List of documents in force where the applicable legal and regulatory framework is determined.

5.1. Personal data

Veridas has policies and procedures related to the proper management of personal data. All Veridas information systems shall comply with the security levels required by law for the nature and purpose of the personal data.

In order to ensure compliance with the obligations regarding personal data protection, Veridas has appointed a Data Protection Officer (dpo@veridas.com). For more information, please refer to the Privacy Policy.

6. Employees Obligations

All members of Veridas have the obligation to know and comply with this Information Security Policy and the Security Regulations, being the responsibility of the Information Security Committee to provide the necessary means for the information to reach those affected.

All Veridas members will attend an ICT security awareness session at least once a year. An ongoing awareness program will be established to cater to all Veridas members, particularly new recruits.

Persons with responsibility for the use, operation or administration of ICT systems shall receive training in the safe use of the systems to the extent that they need it to perform their work.

7. Third parties

Veridas will maintain overall responsibility in accordance with its information security policy, even when functions are outsourced.

Notwithstanding the above, subcontractors must implement the required controls and comply with their security responsibilities. In this regard, Veridas has an ‘Information Security Policy for Suppliers’ and they are required to sign their commitment to comply with specific security measures, which can also be supported with certifications in this area.

In Tajonar, June 27, 2024
Eduardo Azanza.

Try a demo
Facial Parking Access

Simplify entry, save time, and manage your stadium parking more efficiently.

Quick Facial Parking Access

Enter the parking area in under 1 second with facial recognition technology.

Stress-Free Experience

Simplify the ticket purchase process and enable attendees to enjoy a hands-free experience throughout their stadium stay.

Enhanced Security

Elevate your parking security for peace of mind.

Facial Ticketing

Protect your Stadium with our end-to-end identity verification platform, featuring biometric and document verification, trusted data sources, and fraud detection.

Instant Identity Verification

Verify your attendees’ identity remotely in less than 1 minute.

Pop-up Convenience

Simplify the ticket purchase process and enable attendees to enjoy a hands-free experience throughout their stadium stay.

Maximum Security

Enhance the security of the purchase process, eliminating the possibility of fraud, resale, and unauthorized access.

Popup title

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.