• What is the Confialis Seal of Excellence?

The Confialis Seal of Excellence recognises and guarantees the organization goes beyond just simple compliance with the DPEA, ISSA and the Security Measures Regulation and has adopted as its philosophy, being a socially responsible company, a true commitment with the security, trust, quality and reliability of the information systems and data processing of a personal nature.  

• What does it mean to the company? What are its benefits?

This commitment involves the adoption of a series of measures beyond those that are compulsory by law, such as the implementation of the ISO 27001 standard, the implementation of the SGE21 standard and having passed a Data Protection Audit.

This philosophy not only impacts the company at an internal level but also at an external one.

Internally, it shows in the optimizing and security of the information resources, an improvement in the internal organization, an increase in the employees’ trust towards the company, and as a result, an increase in productivity and profitability.

Externally, a deeper trust is consolidated, generated not only in the customers, but also in the suppliers and collaborators. Eventually, this means not only an outstanding position among the competitors but also in general in our socioeconomic environment.

As we are aware that there is an increasing demand from the companies that the different systems used in the management of their specific organizations do not mean a loss in money and in their employees’ time, the CONFIALIS Seal of Excellence is a complementary tool to those systems, providing them with a comprehensive approach and highlighting the most beneficial qualities of each system.  

• What are the requirements to obtain the Seal of Excellence?

 To obtain the Confialis Seal of Excellence, the company must fulfil the three following requirements:

1. Carrying out a “data protection” AUDIT that must have a positive result.

• The Data Protection Audit is compulsory for data at Intermediate and High level, at least every two years, in accordance with the DPEA. It is also recommendable at these levels to carry out a computer Audit to ensure that the protection levels in your computer system are appropriate.

2. The company has the ISO 27001 standard of Information Security implemented.

• The standard was developed to create a common structure of information security covering the technical, administrative and legal aspects. Through ten controls, it draws up a list of the best practices that must be established by your Organization to efficiently administer your computer security.
  Applying these principles allows detecting, analysing and decreasing the risks linked to the Information sub-system.

3. The Organization has implemented the SGE21 standard.

• The SGE21 standard covers the principles and values defining and reflecting the organization’s behaviour; it also includes a series of norms regulating the company’s actions both at the internal and the external level and concerning different areas such as the human resources management, safety and health, data protection of a personal nature, the relationship with the customers, etc. It is a tool that shows the company’s ethical commitment to all its stakeholders: customers, suppliers, collaborators, employees, etc.