GCON4

Information Security Policy

This document explains the rules for protecting information.

What is it?

Information Security is an essential element in ensuring business continuity, protecting digital assets, and maintaining the trust of customers, employees, partners, and other interested parties.

GCON4 Spain S.L. recognizes that the current environment is characterized by the continuous evolution of threats, including the increasing use of emerging technologies such as Artificial Intelligence (AI), as well as risks arising from environmental factors such as climate change, which may affect the availability, resilience, and sustainability of information systems.

Therefore, GCON4 Management considers it essential to establish, implement, maintain, and continually improve an Information Security Management System (ISMS) based on the ISO/IEC 27001 standard, with the objective of ensuring:

The confidentiality, integrity, and availability of information.
Compliance with applicable legal, regulatory, and contractual requirements.
Protection against emerging threats, including those arising from the use of AI.
Operational resilience against disruptive events, including risks associated with climate change (e.g., infrastructure disruptions, critical supplier failures, and energy-related issues).
Fulfilment of the requirements and expectations of interested parties.

Principles and Commitments

The Management of GCON4 Spain S.L. is committed to:

Integrating the ISMS into the overall corporate governance framework.
Establishing appropriate controls in the areas of:
- Access control.
- Data protection and encryption.
- Network and systems security.
- Incident management.
- Security in the use of emerging technologies (including AI).
Promoting the secure, ethical, and controlled use of AI by ensuring:
- The protection of sensitive information.
- The validation of critical outputs and results.
- The management of risks associated with AI service providers.
Incorporating environmental and business continuity risk management, considering climate change-related scenarios within business continuity and recovery plans.
Ensuring continuous training and awareness for personnel regarding information security and emerging threats.
Fulfilling commitments made to customers, employees, suppliers, and other interested parties.
Establishing a continual improvement process for the ISMS.

Governance

Management, through the Security Committee, leads and promotes information security at all levels of the organization by defining objectives, monitoring their achievement, and ensuring the availability of the necessary resources.

All policies, standards, and procedures derived from this policy shall be made available to employees and shall be mandatory.

Review and Improvement

This policy shall be reviewed at least annually, or whenever significant changes occur in the organization’s context, to ensure its continued suitability and effectiveness. Any modifications shall be communicated to the relevant interested parties.

Version 1.2

Last review: May 28 – 2026

Contact Us

GCON4

Information Security Policy

What is it?

GCON4 Accolades

Solutions

Unit4 ERP

Unit4 ERPx

Unit4 FP&A

Unit4 Source-to-Contract

Unit4 ERP Financial Localization

GCON4 MFL

GCON4 iConnect

GCON4 Exchange Rates Loader

Services

Unit4 ERP Implementation

Unit4 ERP Support

Unit4 ERP Training

Industries

Nonprofit

Professional Services

Higher Education

Public Services

Company

About Us

Client Reviews

News

Blog

Career

Contact