Information Security Policy

Introduction

At Rauda AI, we consider information security and privacy as critical foundations of trust and customer satisfaction. Our commitment to security spans all levels of our operations and services, particularly in a dynamic and constantly evolving digital environment. In this context, we not only address traditional threats but also proactively prepare to counter emerging forms of attack.

‍

Given the digital nature of our company and the innovative character of our artificial intelligence services for customer engagement, we recognize that managing information security is a continuous challenge. This challenge drives us to remain at the forefront of security practices, ensuring confidentiality, integrity, and availability of information.

‍

In addition, in a world where regulations on personal data protection and customer expectations for security are steadily increasing, Rauda AI is committed to complying with relevant regulatory frameworks, such as the GDPR, and to implementing an Information Security Management System (ISMS) based on the principle of continual improvement. This approach not only ensures legal compliance but also positions security and privacy as distinctive attributes and added value in our services.

‍

This Information Security Policy establishes the principles and guidelines under which Rauda AI will identify, assess, and proactively manage security risks, adapting to new cybersecurity trends and ensuring that our products and services integrate security best practices from design through to delivery and ongoing support.

Through this policy, we reaffirm our commitment to information security, not only as a regulatory obligation but as an essential component of our business value and our promise to customers.

‍

Objectives

The primary objective of Rauda AI’s Information Security Policy is to ensure the confidentiality, integrity, and availability of all information managed by the company, minimizing security risks and safeguarding business continuity. This includes:

Protecting Customer Information and Intellectual Property: Ensuring that customer personal data and company intellectual property are protected against unauthorized access, disclosure, alteration, or destruction.
Compliance with Legal and Regulatory Obligations: Adhering to all applicable laws, regulations, and contractual requirements related to information security and privacy.
Promoting a Security Culture: Building an organizational culture that prioritizes information security through continuous training and awareness across all employees.
Risk Management: Identifying, assessing, and treating information security risks systematically and consistently, reducing them to an acceptable level.
Continual Improvement: Adopting a continual improvement approach in managing information security, by regularly reviewing and updating policies, procedures, and controls to address changes in threats, technology, and business needs.
Continual Improvement: Adopting a continual improvement approach in managing information security, by regularly reviewing and updating policies, procedures, and controls to address changes in threats, technology, and business needs.
Business Continuity Assurance: Establishing and maintaining business continuity plans that enable Rauda AI to effectively respond to and recover from information security incidents.

Scope and Applicability

This Information Security Policy applies to to the engineering area of Rauda AI , as this area is primarily responsible for handling, processing, and storing customer information. The scope ensures focused and effective management of all critical and sensitive information security risks. It includes:

Customer Information: All information relating to Rauda AI’s customers and their end users, regardless of form (electronic, paper, verbal), origin, or location.
Information Systems and Technology: The information systems and technologies used within Rauda AI’s technology operations, including cloud infrastructures, integrations with customer support platforms, networks, servers, workstations, and mobile devices.
Technology Personnel: Employees, contractors, and third parties within the technology area who have access to information and systems supporting Rauda AI’s services.
Technological Processes and Operations: Business processes and technology operations involving the handling, processing, or storage of customer information, including the development, maintenance, and support of AI products and services.