Information is a strategic asset for EDP, providing additional advantages in terms of innovation, coordination with partners and quality of customer service.

EDP's Information Security Policy contributes to the correct management and use of this asset of undeniable value. 

EDP is conscious that the information produced within the EDP Group, particularly sensitive customer and business information, must ensure trust in the market, with customers and employees, and that the following are therefore necessary:

• Guaranteeing and enhancing compliance with current regulations and requirements;
• Maintaining the organisation's commitment to Information Security;
• Ensuring the integrity, confidentiality and availability of information;
• Establishing a quality standard consistent with the size and importance of the organisation. 

To this end, the EDP Group has developed this Policy, in line with best market practice, to provide the basis of the Information Security management and organisational system. 
 

Commitments:

• Confidentiality - The guarantee that information is not disclosed inappropriately to entities or processes;
• Integrity - The guarantee of prevention against unauthorised change and/or destruction of information;
• Availability - Guaranteed accessibility of information where and when it is necessary and without undue delay;
• Non-repudiation - The guarantee of evidence of the occurrence of events, to prevent denial of authorship by the relevant manager;
• Legal compliance - Guaranteed observance of civil and criminal law, contractual regulations or obligations and Information Security requirements.

This policy was approved by the Executive Board of Directors (EBD) on January 31st 2017.