Security Policy

All the information regarding our Security Policy

Labhouse Mobile, S.L., hereinafter Invoice Fly, as a company dedicated to the development, maintenance, and delivery of IT solutions, acknowledges that the security of customer-related information is a critical asset. Accordingly, we have established an Information Security Management System aligned with the ISO/IEC 27001 requirements to ensure the continuity of our systems, minimize risk, and support the achievement of our security objectives.

The purpose of this Security Policy is to establish the necessary framework to protect information resources from internal or external threats, whether intentional or accidental, and to ensure compliance with the principles of confidentiality, integrity, and availability of information.

The effectiveness and implementation of the Information Security Management System is the direct responsibility of the Information Security Committee, which oversees the adoption, dissemination, and enforcement of this Security Policy. A dedicated Information Security Manager has been appointed to act on its behalf, with the authority to actively implement, monitor, and maintain the system.

The Information Security Committee is also responsible for developing and approving the risk analysis methodology used within the Information Security Management System.

All individuals whose actions may directly or indirectly impact the requirements of the Information Security Management System are strictly required to comply with this Security Policy.

Invoice Fly will take all necessary measures to comply with applicable security and IT regulations, covering computer policies, the security of physical infrastructure, and the conduct of employees and third parties in their use of IT systems. The rules, procedures, and controls implemented to safeguard information security aim to guarantee:

  • Compliance with applicable legislation on information systems
  • Confidentiality of data managed by Invoice Fly
  • Availability of systems, both in customer-facing services and internal operations
  • Emergency responsiveness to restore critical services as quickly as possible
  • Prevention of unauthorized data modification
  • Promotion of security awareness and training
  • Establishment of goals and objectives to assess and continuously improve information security performance, as governed by the Management System implementing this policy