Integrated Policy for Quality and Information Security

1 Premise

This policy outlines Kelyon’s commitment to achieving excellence in the quality of products and services offered, as well as in the protection of business information and customer data.

Kelyon’s objectives comply with the international standards ISO 9001, ISO 13485 (Quality) and ISO 27001 (Information Security), integrating a structured and proactive management to ensure continuous improvement and effective risk management.

2 Quality Objectives

Kelyon has set the following objectives:

• Customer satisfaction: Understand customer needs and provide products and services that meet their requirements, exceeding their expectations where possible.
• Regulatory compliance: Ensure compliance with ISO 9001 and ISO 13485 standards by obtaining and maintaining certification from an accredited body.
• Process optimization: Monitor and measure the performance of business processes through performance indicators, implementing corrective and preventive actions when necessary.
• Training and competencies: Ensure that all employees have the necessary skills and resources to perform their work in accordance with quality standards. Training plans are reviewed and updated regularly according to business needs and evolving technologies.

 

3 Information Security Objectives

Kelyon ensures that all information, whether related to customers, partners, or internal matters, is:

• Confidential: Protection against unauthorized access, ensuring that only authorized individuals have access to sensitive information.
• Integrity: The information must be accurate and complete, preserving the data from unauthorized modification, corruption, or deletion.
• Available: Ensure that information and systems are accessible when needed, minimizing downtime or service interruptions.

Kelyon also sets the following objectives:

• Regulatory compliance: Ensure compliance with the ISO 27001 standard by obtaining and maintaining certification by an accredited body.
• Proactive cybersecurity management: Implement structured processes to properly prevent, detect, and manage any security incidents, including cyberattacks, data breaches, and other threats.

 

4 Guiding principles of the Policy

The guiding principles of Kelyon’s Integrated Policy for Quality and Information Security are:

• Continuous improvement: Implement a Plan-Do-Check-Act (PDCA) cycle to ensure that information quality and security processes are constantly monitored, evaluated, and improved.
• Risk management: Regularly assess risks related to information quality and security, developing mitigation plans to minimize negative impacts. This includes periodic vulnerability assessments and penetration testing on computer systems.
• Effective communication: Establish internal and external communication channels that promote transparency and timely dissemination of relevant information. Employees are constantly informed about policy updates and security measures implemented.
• Roles and responsibilities: Clearly define the responsibilities of all staff regarding quality management and information security. The Management is responsible for supervising the implementation and effectiveness of the integrated management system, while each employee is responsible for compliance with the defined procedures and controls.

To achieve the set objectives, Kelyon ensures that:

• All employees and external collaborators receive continuous training and awareness-raising, aimed at developing the skills necessary to ensure the quality of processes and the protection of information.
• Advanced tools and technologies are used for monitoring, protecting and backing up company information, with a focus on the security of computer systems, the prevention of unauthorized access and protection against cyber threats.
• The selection and management of suppliers are carried out according to strict criteria, ensuring they also comply with the quality and information security standards set by Kelyon.
• The Integrated Management System is subject to regular audits (internal audits) to assess compliance with established requirements and identify improvement opportunities.

• Management conducts an annual or more frequent review of the integrated management system, as needed, evaluating performance, regulatory and contextual changes, as well as feedback from customers and stakeholders.
• Timely corrective actions are implemented, in response to the results of audits and reviews, to address non-conformities and preventive actions to avoid recurrence of issue.

• This policy is communicated to all personnel, through training sessions and continuous dissemination via company channels, and is made available to interested parties, including customers and partners, through the company website and other official communication methods.