1. Recognition of Cyber Security as a Responsibility of Management

The executive management team will enhance their own understanding of the latest cyber security circumstances and actively engage in management that positions cyber security spending as an investment. In addition, it will take responsibility for cyber security measures while recognizing that cyber security is a critical management issue, confronting realities, addressing risks, and exercising leadership.

We have positioned measures to address cyberattacks as a critical management issue and will promote countermeasures against cyberattacks based on deliberations and validations through executive committees and board meetings to ensure safe and secure services are available to our customers.

2. Development of Management Policies and Declaration of Commitment

We will develop management policies and business continuity plans aimed at prompt recovery from security incidents while prioritizing detection, response, and recovery, in addition to identifying and protecting against risks. The executive management team will take the lead in declaring the company’s commitment to internal and external stakeholders and make every effort to voluntarily disclose recognized risks and measures to deal with them, in corporate reporting.

Specifically, a part-time Security Committee has been created to perform duties in preparation for cyberattacks during normal times and emergencies. Its duties include cyberattack-related information gathering, analysis, procedures, and manual development, in addition to conducting periodic drills and training as well as performing reviews of the contingency plan. Additionally, it discloses measures for enhancing security through disclosure reports and other means.

You can access here our commitment to information security and our information system policy:

In English

En Español

3. Establishment of Internal and External Systems and Implementation of Security Measures

We will ensure resources including budget and personnel, establish internal systems, and take necessary human, technical, and physical measures, as well as develop human resources and conduct training required for those at every level, including management, corporate planning staff, technical specialists, and other employees. Moreover, we will strive to manage cyber security throughout domestic and international supply chains, including business partners and outsourcing contractors.

4. Encouragement of widespread use of Cybersafe Products, Systems, and Services

We will strive to manage cyber security across the full spectrum of corporate activities, including the development, design, production, and supply of products, systems, and services.

Specifically, we will take security measures from the time of developing new systems and services to ensure we provide safe and secure services to our customers.

5. Contribution to Building Safe and Secure Ecosystems

We will collaborate with relevant government agencies, organizations, industry associations, and other bodies to actively share information engage in dialogue, and build human networks, both in Spain, the USA, and internationally. In addition, we will contribute to the reinforcement of cyber security throughout society by raising awareness of measures taken on the basis of such information.

*Applicable Group companies of the Declaration: Adaptive Predictive Expert Control ADEX, S.A. and ADEX Energy Company