Placeholder — final legal copy pending from client. Replace with the official Information Security Policy approved by Flame Analytics legal team.
At Flame Analytics, information security is a strategic commitment. This policy describes our principles and management framework.
1. Scope
This policy applies to all personnel, contractors and third parties with access to information systems and data managed by Flame.
2. Principles
- Confidentiality: only authorized personnel access information.
- Integrity: information is accurate, complete and protected against unauthorized modification.
- Availability: systems remain available to authorized users when needed.
3. Certifications
Flame holds ISO 27001 certification and operates under GDPR compliance with EU-based data processing.
4. Security measures
Encryption in transit and at rest, role-based access, MFA, continuous monitoring, regular penetration testing and security incident response plans.
5. Incident management
Security incidents are managed under a documented procedure with notifications to the AEPD when applicable and to clients in less than 72 hours.
6. Continuous training
All personnel receive regular training in security and data protection, with policy reviews and security drills.
7. Review
This policy is reviewed annually and after any significant change in the business or threat environment.
8. Contact
For security incidents or notifications, write to security@flameanalytics.com.