Date: May 12, 2025 To: All current and prospective suppliers From: Information Security Management – Capillary.io Subject: Compliance with information security requirements
Dear Supplier,
At Capillary.io, we recognize the importance of maintaining high standards for information protection as an integral part of our commitment to security, privacy, and the trust of our customers and partners. Accordingly, we have implemented an Information Security Management System (ISMS) in line with ISO/IEC 27001:2022.
In this context, please note:
1. Information Security Obligations
As a supplier that accesses, processes, transmits, or stores information related to Capillary.io, you must:
Implement appropriate controls to protect the confidentiality, integrity, and availability of the information handled.
Apply measures to protect against physical and logical threats, as well as those arising from security incidents.
Ensure the use of secure channels for information exchange.
Adopt responsible practices for access management, passwords, encryption, and endpoint security when accessing Capillary.io systems.
Notify any security incident that affects or could affect the information or the systems used to deliver the service.
2. Audits and Verifications
Capillary.io reserves the right to:
Request evidence of compliance with security controls applicable to the service provided.
Conduct security audits or require external audits with prior notice.
3. Documentation and Training
Suppliers are expected to:
Maintain their own security policies aligned with good practices.
Ensure their personnel receive appropriate training on cybersecurity and data handling.
Understand and accept the contractual security clauses established in SLAs or signed agreements.
We appreciate your continued commitment to protecting information and remain available to address any questions regarding these obligations.
Sincerely,
Borja Gracia - CEO Capillary.io security@capillary.io