Epika Comunicación, S.L.U., hereinafter referred to as EPIKA, considers information—especially client-related information—and the associated systems to be critical assets that must be adequately protected to ensure the proper functioning of the company, always aligning this policy with the ISO/IEC 27001:2022 standard, which EPIKA obtained certification for on September 19, 2025, from the company Applus+.
This security policy aims to guarantee the confidentiality, integrity, availability, and privacy of information, as well as compliance with the different applicable regulations and requirements in force at any given time, maintaining a balance between risk levels and the efficient use of resources based on proportionality criteria. Indeed, it provides a reference framework for establishing information security objectives.
The information security management system supports the processes, resources, and activities related to:
The management, planning, design, execution, and evaluation of advertising campaigns and communication strategies.
The management and administration of social media on behalf of clients.
The organization and coordination of corporate and promotional events, both in-person and virtual, including the processing of information from clients, suppliers, and external collaborators, in accordance with the current Statement of Applicability.
All of this is based on people development, a sense of belonging to the organization, personal fulfillment, optimal and efficient use of resources, process management, and risk analysis as essential elements to achieve continuous improvement.
Aware of the need for internationally recognized standardized systems, the organization has aligned its Information Security Management System with ISO/IEC 27001:2022.
Therefore, Management commits to leading and maintaining an Information Management System within the organization based on continuous improvement and the following guidelines:
A strong commitment to understanding the needs and expectations of our clients and other interested parties, in order to achieve their satisfaction, and continuous improvement by establishing and periodically verifying the fulfillment of established objectives.
Commitment to comply with applicable laws and regulations, as well as any subscribed requirements.
Ensuring the security of information for both the organization and its clients. Our activity involves processing various information as a means of executing essential business processes. Recognizing that information systems, applications, communication infrastructures, files, and databases are significant company assets, management prioritizes confidentiality, integrity, and availability of information when defining and delimiting objectives and responsibilities for various technical and organizational activities, and monitors compliance with the legal framework, specific directives and policies, and established procedures.
Commitment to continuously review competencies and promote ongoing improvement to guarantee the security of service information and the organization’s capacity to meet the increasing challenges presented by our clients.
To develop the organization’s explicit commitment to continuous improvement of the management system, Management establishes the following principles for information security management:
Ensure that EPIKA’s Information Systems have an appropriate level of security and resilience as proposed by the company’s Information Security Committee.
Raise awareness among all collaborators about security risks and ensure that they have the necessary training and technological capabilities to protect the security of the company’s information systems.
Equip the company with procedures and tools for analysis, prevention, detection, response, and recovery that allow agile adaptation to technological changes and emerging threats.
Collaborate with relevant governmental bodies and agencies to enhance company security and ensure compliance with current legislation.
Define a set of security functions and responsibilities, clearly assigned and detailed in the corporate organizational chart.
Ensure diligence by all employees and collaborators in reporting potential security incidents.
Support a process of continuous review and updating of the security management model to adapt at all times to emerging threats that could affect the company.
This policy applies to all employees, managers, partners, and administrators of EPIKA.
This policy is reviewed and approved annually by EPIKA Management.
For any additional information about our Information Security Policy or to provide suggestions, you may send an email to hola@epikacomunicacion.com.
Last updated: October 1, 2025
