Information Security Policy
BIAI Technology Project S.L. — Last revision: 23/02/2026 (v1.2)
Revision history
| Version | Reason | Owner | Date |
|---|---|---|---|
| 1.0 | Document created | ISMS Owner | 02/12/2025 |
| 1.1 | Addition of ISMS Owner to the document | ISMS Owner | 19/02/2026 |
| 1.2 | Addition of redistribution deadline | ISMS Owner | 23/02/2026 |
Management commitment
GPU Solutions, as a company dedicated to computer programming activities and GPU computing infrastructure, assumes its commitment to information security, committing to its proper management in order to offer all interested parties the maximum guarantees regarding the security of the information used.
Security objectives
- Provide a framework to increase resilience and the ability to effectively respond to critical security situations.
- Ensure rapid and efficient recovery of services in the event of any physical disaster or contingency that may occur and endanger business continuity.
- Prevent information security incidents to the extent technically and economically viable, and mitigate the security risks generated by our activities.
- Guarantee the confidentiality, integrity, availability, authenticity and traceability of information.
Security principles
In accordance with the reference standards ISO/IEC 27001:2022 and Royal Decree 311/2022 (Spanish National Security Framework), the General Management establishes the following principles:
- Management competence and leadership as a commitment to develop the Information Security Management System.
- Identify relevant internal and external interested parties and satisfy their requirements.
- Understand the context of the organisation and determine opportunities and risks related to information security.
- Meet legal and regulatory requirements applicable to our activity, commitments made with clients and interested parties.
- Ensure the confidentiality of data managed by the company and the availability of information systems, preventing unauthorised alterations.
- Ensure the response capacity in emergency situations, restoring the operation of critical services as quickly as possible.
- Establish adequate measures for the treatment of risks derived from the identification and evaluation of assets.
- Motivate and train all personnel working in the organisation.
- Ensure continuous analysis of all relevant processes, implementing appropriate improvements in each case.
Legal and regulatory framework
- Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR)
- Spanish Organic Law 3/2018 on Personal Data Protection and guarantee of digital rights
- Royal Decree 311/2022 — Spanish National Security Framework (ENS)
- Regulation (EU) 910/2014 — Electronic identification and trust services (eIDAS)
- Spanish Law 34/2002 on Information Society Services and Electronic Commerce (LSSI-CE)
- Spanish Royal Legislative Decree 1/1996 — Intellectual Property Law
- Spanish Law 31/1995 on Occupational Risk Prevention
Security roles and functions
| Function | Responsibilities |
|---|---|
| ISMS Owner | Planning, implementation, supervision and continuous improvement of the ISMS |
| Information Owner | Decisions about the information processed |
| Service Owner | Coordination of implementation and continuous improvement of the system |
| Security Owner | Suitability of technical measures and provision of the best technology |
| System Owner | Coordination of implementation and continuous improvement of the system |
| Management | Provision of necessary resources and system leadership |
Information Security Committee
The Information Security Committee is the body with the ultimate responsibility within the Information Security Management System. All relevant security decisions are agreed by this committee.
The Security Committee is an autonomous executive body with decision-making capacity that does not subordinate its activity to any other element of the company.
Current certifications
ISO/IEC 27001:2022
Information Security Management System
ENS — Medium
Spanish National Security Framework (RD 311/2022)
This policy is complemented by all other policies, procedures and documents in force for the development of our management system, and will be redistributed annually as a reminder, unless it is modified, in which case it will be reissued after such changes.
Granada, 23/02/2026
CEO — BIAI Technology Project S.L.