Information Security Policy

1. INTRODUCTION

Rosàs Agency is an independent, global creative agency founded in Barcelona in 2013. It has been part of the Vocento Group since 2023. The agency stands out for its strategic and creative approach and currently has offices in both Madrid and Barcelona.

In the last five years, it has consolidated its position as one of the most prominent creative agencies in the National Creativity Awards. It is also recognized for its excellence, having been the most awarded independent creative agency in the history of the "Eficacia" Awards and leading the "Best Creative Agency to Work For" ranking compiled by SCOPEN.

Rosàs Agency is not only recognized as a leader in the Spanish advertising industry due to its excellent work, its ability to build lasting relationships between brands and people, and its conviction in its values, but also for its strong commitment to information security. In an environment where data and the services it provides are increasingly valuable, Rosàs Agency ensures the protection of its clients' information by implementing high security standards throughout the entire project lifecycle.

For this purpose, the agency has implemented an information security management system that must be subscribed to by all company employees. This system will be managed and administered by the information security manager designated by the management.

2. OBJECTIVES OF THE INFORMATION SECURITY SYSTEM

To guarantee the security of information and strengthen the trust of our clients and collaborators, Rosàs Estudio has defined a series of fundamental objectives:

To protect information assets based on their value and importance, ensuring that the most critical data has the strictest security measures.
To guarantee the confidentiality, integrity, and availability of information by implementing controls and procedures that ensure only authorized individuals can access the data, that it is accurate, and is always available when needed.
To manage risks proactively, identifying potential threats and taking the necessary preventive measures to minimize their impact.
To preserve the privacy of our clients, employees, and collaborators, by rigorously complying with data protection regulations.
To ensure compliance with applicable legal requirements, especially those related to data protection, to guarantee that people's rights are respected.
To continuously improve the information security system, adapting to new technologies and emerging threats.

3. FUNDAMENTAL SECURITY PRINCIPLES

To meet these objectives, Rosàs Estudio has established an information security policy based on solid principles:

Confidentiality: Only authorized individuals can access the information, ensuring data protection through strict access controls.
Integrity: Rosàs Estudio ensures that information is not altered without authorization, through controls that protect the accuracy and correctness of the data.
Availability: Measures are implemented so that information is always accessible when necessary, even in contingency situations or technical failures.
Awareness and training: Rosàs Estudio has decided to foster a security culture, providing continuous training to all employees so they understand their responsibilities and adopt the best practices in information handling.
Prevention and continuous improvement: In order to reduce risks, Rosàs Estudio has chosen to constantly review the implemented security controls, ensuring they adapt to the new challenges of the technological environment.

4. LAYERED PROTECTION STRATEGY

To effectively protect information, Rosàs Estudio has developed a layered protection strategy, which covers everything from technological infrastructure to the direct protection of critical data. This strategy includes various measures designed to guarantee security at each level:

Access Control: Rosàs Estudio has decided to implement advanced authentication and user management systems to ensure that only the right people have access to information, applying the principle of "least privilege".
Physical Security: In order to protect physical assets, Rosàs Estudio has established security measures in its facilities, such as the use of personalized access cards and video surveillance systems in sensitive areas. In addition, data processing centers (DPC) are protected with uninterrupted power supply systems, fire alarms, and temperature controls, which guarantees service continuity.
Internal and Perimeter Network Security: To safeguard networks, Rosàs Estudio has implemented firewalls, intrusion prevention systems (IPS), and communication encryption. These actions ensure that data travels securely between the different offices and block any attempt at unauthorized access.
Operating System and Application Protection: Rosàs Estudio has decided to configure its operating systems and applications to be secure by design, using advanced antivirus and monitoring tools that detect and neutralize vulnerabilities in real time.
Preventive and Active Measures: To guarantee service continuity, Rosàs Estudio has chosen to establish a robust backup system, which includes daily incremental backups, weekly full backups, and periodic disaster recovery tests. This allows for Rosàs Estudio's data and services to remain secure, even in critical situations.

5. INNOVATION AND CONTINUOUS IMPROVEMENT

In order to lead technological innovation, Rosàs Estudio has decided to keep its information security system in constant evolution. By implementing continuous improvements, the company ensures that its security solutions are always at the forefront, effectively responding to current and future challenges.

By choosing this continuous improvement approach, Rosàs Estudio guarantees that its clients' information is always protected, and that any security incident is managed quickly and effectively. The contingency and recovery plans developed ensure that services are not interrupted, even in emergency situations.

For all these reasons, the information security management system will be reviewed annually.