Quality and Information Security Policy

1. Introduction

SCHAMAN is a company that focuses its activities on the design, development, marketing, and implementation of a SaaS tool that automates incident diagnosis and resolution, providing distinctive Customer Service experiences. This is achieved by understanding the root cause of customer interactions, improving customer service quality, and enhancing the customer journey.

For this reason, SCHAMAN has implemented a Quality and Information Security Management System, aimed at achieving the expected customer satisfaction through established processes based on continuous improvement. This ensures the continuity of information systems, minimizes risks, and guarantees the achievement of set objectives, ensuring at all times the confidentiality, integrity, and availability of information.

To accomplish this, we commit to quality and information security in accordance with the reference standards UNE/EN-ISO 9001:2015 and ISO/IEC 27001:2022. In this regard, the Management establishes the following principles:

• Competence and leadership by Management as a commitment to developing the Quality and Information Security Management System.
• Identifying internal and external stakeholders involved in the quality management system and meeting their requirements.
• Understanding the Organization's context and determining its opportunities and risks as a basis for planning actions to address, assume, or mitigate them.
• Ensuring customer satisfaction, including stakeholders interested in the company’s results, concerning the development of our activities and their potential impact on society.
• Establishing objectives and goals focused on performance evaluation in terms of quality, as well as continuous improvement in the activities regulated within the Management System.
• Complying with the legal requirements applicable to our activities, the commitments made with customers and stakeholders, and all internal regulations or operational guidelines the company adheres to.
• Ensuring the confidentiality of managed data and the availability of information systems, both in services provided to customers and in internal management, preventing unauthorized alterations of information.
• Ensuring the ability to respond to emergency situations by restoring critical services as quickly as possible.
• Establishing appropriate measures for risk management derived from asset identification and evaluation.
• Motivating and training all personnel working in the Organization, both for the correct performance of their job roles and to act in accordance with the requirements of the three reference standards, providing an adequate environment for process development.
• Maintaining open and effective communication both internally and with customers.
• Evaluating and ensuring the technical competence of staff for their roles, as well as fostering their motivation to participate in the continuous improvement of our processes.
• Controlling and maintaining a continuous evaluation system for suppliers and subcontractors in their activities, especially those related to the ISMS.
• Ensuring that facilities and equipment are in optimal condition, aligned with the company’s activities, objectives, and goals.
• Conducting ongoing analysis of all relevant processes, implementing appropriate improvements based on obtained results and established objectives.

These principles are upheld by Management, which provides the necessary means and allocates sufficient resources to employees to ensure compliance. They are formalized and made publicly known through this Quality and Information Security Policy.

Management
01/10/2025