Integrated Policy

Integrated Management System (Quality, Information Security and Services - IT).

Saphety undertakes the demand for continuous improvement, regularly evaluating its performance, to achieve the defined goals and objectives, adapting its Integrated Policy to the evolution of the activity, products, services and market. The integration of information security management ensures the confidentiality, integrity and availability of the information, as well as that of its clients, in business applications based on Saphety's technological infrastructure, protecting it from threats, whether internal or external, deliberate or accidental.

The Integrated Management System (Quality, Information Security and Services - IT) implemented undertakes the compromise and the commitment with the following principles, defined by the Information Quality and Security Policy:

  • Ensure the compliance with the regulatory, legal and normative requirements applicable to Saphety's activities;
  • Promote a culture of continuous improvement, by maintaining the Integrated Management System, based on the normative references 9001, 27001 and 20000;
  • Ensure a good working environment and the employee involvement in the Integrated Management System;
  • Ensure the service and quality levels of the solutions and products;
  • Ensure Saphety's profitability and competitiveness;
  • Ensure the compliance and consistency of the service requirements and the customer satisfaction;
  • Ensure the design, transition, delivery and improvement of services through the implementation and effectiveness of the SMS;
  • Promote a partnership relationship with suppliers and technology partners;
  • Establish that EVERYBODY (i.e., employees, clients, partners, suppliers and the market in general) that performs activities in and for Saphety, is properly aware, informed and conscious regarding the Quality and information security;
  • Ensure that ALL employees, who support the management activity, the development and operation of the infrastructure and the application, assure the implementation of the best practices in the field of information security;
  • Ensure that the identified security incidents are reported, analyzed and processed according to the procedures;
  • Ensure the protection of the stakeholders personal data;
  • Protect and safeguard the information of our clients, hosted in our technological infrastructure;
  • Consider the safety recommendations provided by the Sonae Group;
  • Ensure the Change Management methodology, through registration, analysis of impacts and definition/implementation of roll-back procedures;
  • Ensure the risk-based management as a support for the planning and implementation of the integrated system processes.