At F. Franco e Hijos, SL, a company dedicated to the manufacture of home furnishings, we are aware of the importance of information security for the daily development of our business and the proper management of our organization's information and assets.

To ensure this management, at F. Franco e Hijos, SL we have implemented an Information Security Management System in accordance with the requirements of the ISO/IEC 27001:2022 standard to guarantee the continuity of information systems, minimize risks, and ensure compliance with the established objectives.
To ensure the effectiveness and implementation of the Information Security Management System, an Information Security Committee has been established. This Committee will be responsible for the approval, dissemination, and compliance with this Security Policy, as well as for the supervision, implementation, development, and maintenance of the Management System.

The objective of this Security Policy is to establish the necessary framework for protecting information resources from threats, whether internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity, and availability of information. To this end, the following commitments are issued:

● Comply with current legislation on information security.
● Ensure the privacy of data managed by F. Franco e Hijos, SL of clients, employees, suppliers, and third parties.
● Ensure the confidentiality, availability, and integrity of our organization's information assets.
● Identify and reduce information security risks relevant to our organization.
● Ensure response capacity in emergency situations, restoring the operation of critical services in the shortest possible time.
● Protect information assets according to their value or importance.
● Promote awareness and training in information security.
● Establish a framework for meeting information security objectives and goals, as well as for continuous improvement in our activities and processes.

Any person whose activity may, directly or indirectly, be affected by the requirements of the Information Security Management System is required to strictly comply with the Security Policy.