Since their creation, EMPRESARIOS AGRUPADOS INTERNACIONAL, S.A. and GHESA INGENIERÍA Y TECNOLOGÍA, S.A. have managed sensitive and confidential information, and therefore have the necessary measures and controls in place to ensure that this information is adequately protected and monitored.
This sensitive information includes, but is not limited to:

  • Personal data;
  • Information that requires, in accordance with the law, a special authorization to be exported or transmitted to third-country nationals;
  • Information from our customers subject to conditions that ensure it is not shared with third parties;
  • Secret information for which special authorization and permits are required; or
  • Information, which due to its nature or relevance requires a particular ad hoc treatment.

Each of the documents that may contain this type of information are properly classified and stored with the necessary protections to make it impossible for unauthorized personnel to access them.

In order to comply with the above, Technology Control Plans (TCPs) are established that respond to the applicable requirements, standards and regulations, which in some cases reach the physical and organizational separation of those parts of the business in which the information classified as controlled is used. These Technology Control Plans may also provide for the creation of control and decision-making bodies, which are sovereign and independent of any third party to whom the information is restricted, and also responsible for the control of the information vis-à-vis the owner of the information or the relevant authority. These TCPs and the control committees shall ensure that:

  • All sensitive information is stored in such a way that only personnel expressly authorized by the parties can access it;
  • Access authorizations are granted only to individuals who meet the appropriate requirements and have received the necessary training to prevent leaks and/or vulnerabilities;
  • Each authorised person has signed an individual confidentiality undertaking, taking responsibility for complying with the instructions provided to them.
  • The information is processed in SW and HW media that ensure the degree of control agreed between the parties.

Likewise, the information control committee is responsible for the supervision of all activities related to the identification, protection and monitoring of the information subject to control available in the companies, in compliance with the applicable legislation and regulations. This information includes both that provided by customers or suppliers and that processed by our employees in the course of their professional activity. The committee has the following responsibilities:

  • Supervise the implementation and compliance of the Technology Control Plans (TCP);
  • Authorize any modifications to said TCP that are necessary for the purpose of continuing to comply with applicable regulations and requirements;
  • Coordinate any action that modifies the levels of protection agreed with the party prescribing the requirement or regulation of protection and control of information.

The fulfillment of these responsibilities includes all the company’s managers and related employees, who have been trained in the technology control plan, are aware of its implications and are obliged to ensure its compliance.

To ensure the proper implementation of security measures for sensitive information, the company regularly carries out audits, both internal and external, of the following processes:

  • Technology control plan;
  • Protection of the information received and generated;
  • Protection of personal data;
  • Cybersecurity and protection against intrusions (ethical hacking).

These audits allow the information obtained to be used to guide the process of continuous improvement and the reinforcement of the safe behaviours contemplated in our code of conduct.