Information Security Policy – Epika Comunicación, S.L.U. (EPIKA)
Introduction
Epika Comunicación, S.L.U. (hereinafter EPIKA) considers information—particularly client-related information—and its associated systems as critical assets that must be properly protected to ensure the correct functioning of the company. This security policy is aligned with ISO/IEC 27001:2022, for which EPIKA obtained certification on September 19, 2025 from Applus+.
This security policy aims to ensure the confidentiality, integrity, availability, and privacy of information, as well as compliance with applicable laws and requirements, maintaining a balance between risk levels and efficient use of resources based on proportionality principles. It also provides a reference framework for establishing information security objectives.
Scope of the Information Security Management System (ISMS)
The ISMS supports processes, resources, and activities related to:
Planning, designing, executing, and evaluating advertising campaigns and communication strategies.
Managing and administering social media on behalf of clients.
Organizing and coordinating corporate and promotional events, both in-person and virtual.
Processing information from clients, suppliers, and external collaborators, according to the current statement of applicability.
The policy emphasizes personnel development, organizational belonging, resource optimization, process management, and risk analysis as essential elements for continuous improvement.
EPIKA has aligned its ISMS with ISO/IEC 27001:2022, recognizing the need for internationally standardized systems.
Management Commitment
The Management commits to leading and maintaining an ISMS based on continuous improvement and the following principles:
Understanding Needs and Expectations: Know client and stakeholder needs to ensure satisfaction and continuous improvement, periodically verifying the achievement of objectives.
Compliance: Adhere to applicable laws, regulations, and contractual requirements.
Information Security: Ensure the security of EPIKA’s information and that of clients, recognizing that information systems, applications, communication infrastructures, files, and databases are critical company assets. Confidentiality, integrity, and availability of information are prioritized when defining objectives, responsibilities, and technical/organizational measures.
Competence and Continuous Improvement: Continuously review skills and capabilities to maintain information security and meet growing client demands.
Principles of Information Security Management
Ensure that EPIKA’s information systems maintain an appropriate level of security and resilience as recommended by the Information Security Committee.
Raise awareness among all collaborators about security risks and provide necessary training and technological capabilities to protect information systems.
Provide procedures and tools for analysis, prevention, detection, response, and recovery, enabling agile adaptation to technological changes and emerging threats.
Collaborate with governmental agencies to improve the company’s security and ensure compliance with applicable laws.
Define clear roles and responsibilities for security within the corporate structure.
Ensure all employees and collaborators diligently report potential security incidents.
Support a process for continuous review and updating of the security management model to respond to evolving threats.
Applicability
This policy applies to all employees, executives, partners, and administrators of EPIKA.
The policy is reviewed and approved annually by EPIKA’s Management.
For additional information or suggestions regarding the information security policy, please contact hola@epikacomunicacion.com.
Last update: October 1, 2025
