<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=4668217&amp;fmt=gif">

AI Agents for Customer Service See more

Quality and Information Security Policy

1. Introduction

SCHAMAN is a company focused on the design, development, commercialization, and implementation of a SaaS tool that automates the diagnosis and resolution of incidents, providing differential experiences in Customer Service through understanding the root cause of customer interactions, improving customer service quality and their journey.

For this reason, it has implemented an Integrated Management System aimed at achieving the expected customer satisfaction through established processes based on continuous improvement, ensuring the continuity of information systems, minimizing risks, and guaranteeing the fulfillment of set objectives, to ensure at all times the confidentiality, integrity, and availability of information, including specifically the personal data processed in our services and their protection in cloud computing environments.

To this end, we commit ourselves to quality and information security according to the reference standards UNE/EN-ISO 9001:2015, ISO/IEC 27001:2022, ISO/IEC 27017, and ISO/IEC 27018, for which Management establishes the following principles:

  • Competence and leadership by Management as a commitment to develop the Integrated Management System.

  • Identify internal and external interested parties involved in the quality management system and meet their requirements, including cloud service providers and personal data owners.

  • Understand the Organization’s context and determine opportunities and risks, both locally and within the cloud ecosystem, as a basis for planning actions to address, assume, or treat them.

  • Ensure customer satisfaction, including interested parties in the company’s outcomes, in all activities and their potential impact on society, especially concerning the ethical and secure use of information.

  • Establish objectives and goals focused on performance evaluation in quality, as well as continuous improvement in regulated activities under the Management System, with special attention to cloud services and responsible personal data processing.

  • Comply with applicable legislation to our activity, commitments acquired with clients and interested parties, and all internal regulations or guidelines to which the company is subject, including compliance with personal data protection regulations and cloud security best practices.

  • Ensure data confidentiality and availability of information systems, both in services offered to clients and internal management, avoiding improper information alterations and guaranteeing specific controls for cloud environments that protect data from unauthorized access, loss, or destruction.

  • Ensure the ability to respond to emergencies, restoring critical service operations, both in local infrastructure and cloud services, as quickly as possible.

  • Establish appropriate measures for managing risks derived from asset identification and evaluation, with special attention to personally identifiable information (PII) hosted on cloud services and the isolation of shared environments.

  • Motivate and train all personnel working in the Organization for the proper performance of their roles and to act according to the requirements of the reference standards, including the proper use of cloud technologies.

  • Maintain fluid communication internally and with clients, users, cloud providers, and competent authorities, especially regarding any incidents related to information security or personal data protection.

  • Evaluate and ensure the technical competence of personnel to perform their functions, as well as ensure their adequate motivation for participation in the continuous improvement of our processes.

  • Control and maintain a continuous evaluation system of suppliers and subcontractors regarding their activity performance, especially those related to the ISMS, including secure cloud service management and commitment to personal data protection.

  • Guarantee the proper condition of facilities and equipment to correspond with the company’s activities, objectives, and goals.

  • Ensure continuous analysis of all relevant processes, including those related to the processing and storage of data on cloud platforms, establishing improvements as appropriate based on the results obtained and objectives set.

These principles are assumed by Management, which provides the necessary means and sufficient resources to its employees for compliance, formalization, and making them publicly known through this Integrated Management System Policy.

Management.

Management
01/10/2025