Information and IT Quality and Security Policy

Quality policy

ZAPP STUDIO is aware of the responsibility involved in providing the best software solutions for organizations, which is why its activity is based, among other things, on the following GUIDING PRINCIPLES:

  • The adoption of up-to-date technologies and constant innovation.
  • Consulting and maintenance services that offer a more personalized and attentive approach to the recipients of its services.
  • Fully customized products.
  • A design team with extensive experience in application and web development.
  • Processes developed entirely within the organization.

Scope

The scope of this policy covers:

  • The headquarters of ZAPP STUDIO S.L., as well as any other company, entity, facility, or premises owned or managed by ZAPP STUDIO S.L.


In the activities of:

  • Software design and development


Its subjective scope is:

  • The decision-making bodies and senior management personnel, as well as the employees of ZAPP STUDIO, and any external organization or personnel that may carry out activities or collaborate in any way with ZAPP STUDIO.

ISO 9001 standard

Committed to the effort for continuous improvement in the quality of service provided to our customers and society in general, we have implemented a QUALITY MANAGEMENT SYSTEM that adds value and serves as a frame of reference in establishing and achieving objectives in the following area:

  • Quality management based on the ISO 9001 STANDARD.

Principles

For the development and implementation of this management system, based on the guiding principles of our activity and together with the desire to comply with the precepts of the reference standard, our guiding principles are structured as follows:

  • Contribute to society by deepening our understanding of the needs and expectations of the recipients of our services, as well as those of all stakeholders and public or private agents involved in the information technology sector.
  • To achieve the highest level of quality in software development within our organization through constant efforts to seek out and use innovative strategies and tools, the availability of the best infrastructure, and the participation of the most qualified personnel, providing them with the best prospects for professional and personal development.
  • To ensure that our services best meet the commitments we have made to our customers.
  • To involve our suppliers, contractors, and other collaborators in this responsibility and commitment in accordance with this policy and guiding principles.
  • To ensure compliance with both the contractual requirements entered into and the legislation applicable to our activity and the services managed by ZAPP STUDIO.


The management of ZAPP STUDIO hereby declares its commitment to this policy and communicates it to the entire organization, requesting that all its members, at all levels, familiarize themselves with it, disseminate it, and actively participate in it so that it becomes our hallmark, serves as an added value in the software development and information technology sector, and, ultimately, the objectives and commitments set forth herein are fulfilled.

March, 2023.

Information security policy

This Information Security Policy establishes the framework for ZAPP STUDIO to meet its objectives of protecting the information and technological assets it possesses. This policy is based on the ISO 27001 standard. The information security policy is based on a risk-based security approach. The purpose of this policy is to ensure the continuity of ZAPP’s business and minimize the risk of damage by monitoring, preventing, or mitigating security incidents and reducing their potential impact. It also establishes the formal structure of the security organization with clearly defined roles, responsibilities, and accountability.

Scope

The scope of this policy covers:

  • The headquarters of ZAPP STUDIO S.L., as well as any other company, entity, facility, or premises owned or managed by ZAPP STUDIO S.L.

In the following activities:

  • User interface design based on mobile applications, web applications, websites, and other computer systems.
  • Development of applications for mobile devices, wearables, SmartTV, etc.
  • Development of web applications.
  • Development of process optimization tools.
  • Design and development of software in general.
  • All ZAPP processes based on information technologies (acquisition, storage, transport, and distribution), as well as critical and sensitive information assets, including paper documents.
  • ZAPP assets: all hardware, software, network, telecommunications, and maintenance assets, as well as the organization’s intranet.


Its subjective scope is:

  • The decision-making bodies and senior management personnel, as well as the employees of ZAPP STUDIO, and any external organization or personnel that may carry out activities or collaborate in any way with ZAPP STUDIO.

Principles of Information Security at ZAPP

At ZAPP, information is a fundamental asset for the provision of its services. Information security management at ZAPP is based on the following principles:

  • Ensuring the integrity of all business processes, information assets, and supporting IT assets and processes through protection against unauthorized modification or improper modification or destruction of information. This also includes ensuring non-repudiation and rejection of information.
  • Ensuring the availability of all business processes, information assets, and supporting IT assets and processes to authorized users when necessary.
  • Ensuring the confidentiality of all information assets.

The implementation of this ISMS aims to achieve the following objectives:

  • Compliance with the laws, regulations, and contractual obligations that apply to the organization and its ISMS.
  • Compliance with all applicable information security requirements.
  • Maintenance and supervision of all audit logs.
  • Implementation of a process for the continuous improvement of the information security management system.
  • Monitoring of operational and system changes through a monitoring methodology that ensures compliance with the change management process.
  • Implementation of a security incident management process at all stages of its life cycle: preparation, identification, containment, mitigation, recovery, post-incident.
  • Carrying out an inventory of information assets, infrastructure, and external dependencies that represent value for the company, duly updated, with each asset clearly identified with an owner and an assigned manager.


The management of ZAPP STUDIO hereby declares its commitment to this policy and communicates it to the entire organization, requesting that all its members, at all levels, familiarize themselves with it, disseminate it, and actively participate in it so that it becomes our hallmark, serves as an added value in the software development and information technology sector, and, ultimately, the objectives and commitments set forth herein are fulfilled.

March, 2023

IT Services Policy

ZAPP STUDIO, aware of the growing importance of proper IT service management, has established a framework of IT Service Management strategies with the aim of continuously improving customer service. Its primary objective is to implement an innovative, efficient, and controlled service that guarantees customer activity and ensures its availability.

Therefore, through this IT SERVICES POLICY, ZAPP is committed to the implementation, maintenance, and continuous improvement of an IT Service Management System (SGS) in accordance with the requirements of the ISO/IEC 20000-1:2018 standard, in order to guarantee compliance with the needs and expectations of its customers, those specific to ZAPP, and those established by law.

ZAPP undertakes to provide the necessary resources to achieve the following objectives:

  • Continuous improvement and innovation as a fundamental principle of service management.

  • Commitment and active participation of all ZAPP members in the activities included in the scope of the SMS, providing them with adequate training and awareness in service management.

  • Identify and analyze existing needs regarding service provision and develop them in a way that adequately addresses these needs.

  • Implement an efficient management methodology that regulates the conditions under which the organization must conduct its activities to meet the requirements of ZAPP’s IT services.

  • Implement appropriate measures to ensure the highest level of services and their availability, properly managing any incidents that may arise during their execution.

  • Establish a set of IT Services objectives and indicators to adequately monitor the service levels offered.

  • Comply with all applicable legal, regulatory, and statutory requirements.

  • Allocate the necessary resources and means for all of this.

Scope

The scope of this policy covers:

  • ZAPP STUDIO S.L.’s headquarters, as well as any other company, entity, facility, or premises owned or managed by ZAPP STUDIO S.L.


In the following activities:

  • User interface design based on mobile applications, web applications, web pages, and other computer systems.
  • Development of applications for mobile devices, wearables, smart TVs, etc.
  • Web application development.
  • Development of process optimization tools.
  • General software design and development
  • IT services provided by ZAPP.
  • All ZAPP processes based on information technology (acquisition, storage, transportation, and distribution), as well as critical and sensitive information assets, including paper documents.
  • ZAPP assets: all hardware, software, network, telecommunications services, and maintenance assets, as well as the organization’s intranet.


Its subjective scope is:

  • The decision-making bodies and senior management personnel, as well as ZAPP STUDIO employees, and any external organizations or personnel who, where applicable, may carry out activities or collaborate in any way with ZAPP STUDIO.


The Management of ZAPP STUDIO, through this declaration, expresses its commitment to this policy and communicates it to the entire organization, requesting all its members, at all levels, to be aware of it, disseminate it, and actively participate in it so that it becomes our hallmark, serves as an element of added value in the software development and information technology sector, and, ultimately, achieves the objectives and commitments set forth herein.

March 2023