Introduction

Capillary.io, in its commitment to information protection and customer trust, establishes this General Information Security Policy as an integral part of its business strategy. This policy applies to all systems, processes, services, and data under its responsibility, in alignment with the requirements of the ISO/IEC 27001 standard and the National Security Framework (ENS) at the medium level.

Commitment and Objectives

Capillary.io assumes responsibility for protecting the information it handles in the course of its activities, ensuring its availability, integrity, traceability, confidentiality, and authenticity. To this end, it is committed to implementing an Information Security Management System (ISMS) that allows it to manage risks, establish appropriate controls, and ensure compliance with applicable legal and regulatory requirements.

Information Security Principles

The pillars of our policy are:

  • Availability: ensuring that information is accessible when needed.
  • Integrity: guaranteeing that information is accurate, consistent, and complete.
  • Confidentiality: protecting information against unauthorized access.
  • Authenticity: ensuring the truthfulness of the origin of the information and the users who handle it.
  • Traceability: maintaining records and mechanisms to understand the information’s lifecycle.

Scope

This policy applies to all digital services developed by Capillary.io, including the Capillary Platform, CapillaryScope, and any other environment where information is managed, as well as to staff, collaborators, and associated technology providers.

Regulatory References

This policy is aligned with:

  • ISO/IEC 27001:2022 – Information Security Management Systems.
  • National Security Framework (ENS) – Medium Level.
  • Requirements of the General Data Protection Regulation (GDPR).

Review and Continuous Improvement

Capillary.io is committed to annually reviewing this policy and its security system to ensure effectiveness, adaptability, and continuous improvement in response to technological, regulatory, or business changes.