Inspection and Quality

To offer private security services, electronic security systems, fire protection systems and information support staff, receptionists, support staff for access control and checking of the facilities, which are tailored to the needs of its customers, eliminating or minimising as far as possible its negative impact on the surroundings and the risk to its employees.

To achieve this commitment, it establishes the following principles:

1. Comply strictly with both legal and/or regulatory requirements, in addition to any voluntary rule it decides to adhere to.
   Furthermore, in collaboration with all workers, the management of the company is able to achieve a continuous improvement in working conditions and safety in the company through compliance with the current legislation and the certainty of the benefits of a good occupational risk prevention system.
2. Gradually implement a Management System for Quality, the Environment and health and safety in the workplace, which constitutes an integrating element and driving force in the management of the company.
3. The Company management is absolutely certain that the development of Prevention in our company is a beneficial measure, both from a social point of view, to improve the working and health conditions of our employees, and in order to make managing the company increasingly profitable.
4. Regularly review the Objectives and Goals to continuously improve the system, while also reviewing the company's management principles.
5. We believe that, in order to achieve these objectives, security concepts and practices should be integrated into our work processes. Therefore, a decision has been made to launch an Occupational Risk Prevention Programme whose activities and roles of workers will be developed gradually.
6. We believe that achieving this objective will benefit all members of the company and we ask for everyone's full collaboration, without which it will be impossible to achieve.
7. Teach, train and raise awareness among staff and subcontractors to create a positive atmosphere for the development of any measure, which encourages consultation and involvement of the workers.
8. Encourage, where financially viable, the use of the best technology available.
9. The commitment of the company and its workers to protecting the environment.
10. We want each employee, regardless of their level within the company, to act with the belief that safety in their work area is their responsibility and we have decided to adopt the measures required so that we all feel safe in our work.
11. Use the most suitable means to find out and update the needs and expectations of customers that serves as a foundation on which to improve the service and to guarantee the fulfilment of these needs and expectations.
12. Promote the culture of occupational health and safety, providing safe and healthy working conditions to protect the health of workers, promoting the prevention of injury and fight against the deterioration of health, eliminating hazards and reducing risks.
13. Provide the resources necessary to achieve the commitments through the corresponding actions.

The scope of the System under the umbrella of standards ISO 9001, ISO 14001 and ISO 45001 are all actions relating to carrying out the following:

• Surveillance and protection of people, assets and facilities
• Security audits and consultancy
• Planning, installation and maintenance of electronic security systems
• Fire protection systems:

• Auxiliary services of information, reception, access control and checking facilities

The Management of Grupo Phoenix is committed to applying and following its policy, making it publicly available and disseminating it to staff, suppliers and other stakeholders.

GRUPO PH​OENIX firmly believes that Information Security and Business Continuity are crucial factors for the proper development of the company. It considers that, alongside the provision of training and the necessary resources for conducting its activities, these are the primary pillars for offering clients services of the appropriate quality.

GRUPO PHOENIX acknowledges the importance of ensuring the confidentiality, integrity, and availability of information. These principles are defined as follows:

• Confidentiality: We commit to protecting information against unauthorized access, ensuring that only authorized individuals have access to the relevant information needed to perform their duties.
• Integrity: We commit to maintaining the accuracy and completeness of information, preventing unauthorized alteration, destruction, or modification.
• Availability: We commit to ensuring that information is available and accessible to authorized users when needed, avoiding unplanned interruptions and minimizing downtime.

The objectives of the Information Security and Business Continuity Management System include:

• Ensuring compliance with relevant legislation, regulations, and standards, as well as any other requirements that GRUPO PHOENIX deems necessary for continuous improvement.
• Providing services with a level of security that meets and exceeds our customers' expectations.
• Training staff in accordance with technical changes and technological innovations affecting GRUPO PHOENIX's activities.
• Effectively assigning roles and responsibilities within the realm of security.
• Preventing potential information security defects and incidents before they occur, working towards "continuous improvement" and effective communication.
• Continually evolving the Information Security and Business Continuity Management System to meet our customers' demands.
• Raising awareness and motivating GRUPO PHOENIX staff about the significance of implementing and developing an Information Security and Business Continuity Management System.

The organization will constantly seek opportunities for improvement in the field of information security and business continuity. To achieve this, the following actions will be undertaken:

• Periodic risk assessments: Conduct regular risk assessments to identify new threats and vulnerabilities, and implement measures to mitigate identified risks.
• Updating policies and procedures: Regularly review information security policies and procedures to ensure they remain relevant and effective. Implement necessary improvements to strengthen information protection.
• Monitoring and incident detection: Establish an information security incident monitoring and detection system to identify and respond promptly to potential security breaches.
• Training and awareness: Provide regular training to employees on information security-related topics, including best practices, policies, and procedures. Promote awareness of the importance of information security throughout the organization.
• Review and audit: Conduct regular reviews and audits of information security controls to ensure their effectiveness and compliance. Take corrective action in case of deviations or non-compliance.
• Technological improvements: Consider and adopt new information security technologies and solutions that can enhance the protection of information assets.

Management establishes and reviews objectives and goals, having the defined policy as a framework of reference, setting responsibilities for its achievement and establishing performance criteria.

The management is committed to the implementation, maintenance and improvement of the Information Security and Business Continuity System, providing it with those means and resources that are necessary and urging all personnel to assume this commitment.