Public Declaration of the Information Security Policy

Transparent Edge considers information security to be a fundamental pillar and a strategic value in the delivery of its infrastructure and Edge Cloud services. The company’s Management assumes the highest level of commitment to protecting information assets — both its own and those of its clients — ensuring operational continuity and market trust.

The purpose of this declaration is to transparently communicate our security principles to clients, suppliers, partners, and other stakeholders, while maintaining the rigour and confidentiality required regarding our internal control procedures.

1. Fundamental Principles

Our security strategy is structured around the following guiding principles:

• Confidentiality, Integrity, and Availability: We ensure that information is accessible only to authorised personnel, that it remains accurate and complete, and that it is available whenever services and users require it.
• Risk Management: We proactively identify, assess, and address technological and security risks that may affect our infrastructure, minimising the impact of potential incidents.
• Legal and Regulatory Compliance: We ensure strict compliance with all applicable legislation in force, including the General Data Protection Regulation (GDPR), the Spanish Organic Law on Data Protection and Digital Rights Guarantee (LOPDGDD), as well as any contractual commitments made to our clients.
• Continuous Improvement: We periodically evaluate the effectiveness of our security controls, promoting the constant optimisation of the system through audits, management reviews, and the ongoing training of our team.

2. Operational Security and Technical Mechanisms

To ensure the resilience, high availability, and perimeter defence of our Edge Cloud infrastructure, we implement advanced technical controls.

As part of these protective measures, our systems use strictly technical and essential cookies, which are formally recorded, regulated, and identified within the internal body of our Information Security Policy. The sole purpose of these identifiers is to ensure service security, enabling the mitigation of automated threats (such as Distributed Denial of Service or DDoS attacks), secure session management, and legitimate traffic validation. As tools used exclusively for operational security purposes, they do not collect information for commercial purposes nor are they used to track user activity.

3. Certification and Compliance Framework

To underpin this commitment, Transparent Edge has a fully implemented, audited, and certified Information Security Management System (ISMS) aligned with the most demanding standards in the industry:

• ISO/IEC 27001 Certification: Validating international best practices in information security management and protection.
• National Security Framework (ENS) — High Category: Certifying that our systems, infrastructure, and support services meet the highest security measures required by the Spanish public sector, ensuring the protection of data and services against advanced threats.

4. Transparency and Access to Control Information

In application of the principles of minimisation and proportionality that are essential in ENS High Category environments, control manuals, technical guidelines, operational procedures, and detailed risk analyses are maintained under strict confidentiality to safeguard the physical and logical security of our systems.

Nevertheless, Transparent Edge reaffirms its commitment to transparency with its legitimate stakeholders:

Request for Full Copy: If for audit or regulatory compliance purposes your organisation requires detailed access to the full body of our Information Security Policy or associated control documentation, you may formally request it by sending an email to our security team: security@transparentedge.eu.

Clients and Partners: They have access to an executive summary of the control measures adopted, current certifications, and relevant audit reports, always subject to the prior signing of a Non-Disclosure Agreement (NDA).