compliance
Security Policy
CRO
TAG 2
Tag 3

This Information Security policy focuses on the management and protection of information security within IOMED, ensuring the confidentiality, integrity, availability, authenticity, and traceability of information assets.

To this end, the following commitments are adopted, which support the Strategic Direction of the organisation:

  • Commitment to Security: IOMED is committed to protecting its information assets against unauthorised access, disclosure, modification, or destruction, while complying with applicable regulations.
  • Risk Management: Information security risks will be identified, assessed, and mitigated through the implementation of controls defined in the internal Risk and Opportunity Management SOP. Risks related to personal data processing are managed separately in the Personal Data Protection (Policy).
  • Access Control: Access to information assets will be granted on a need-to-know basis and periodically reviewed. Unauthorised access will be strictly prohibited. The use of personal devices (Bring Your Own Device - BYOD) for accessing or processing IOMED’s information systems or data is expressly prohibited to reduce exposure to unmonitored and uncontrolled environments. All work-related activities must be conducted using approved and managed corporate assets.
  • Incident Management: Security incidents will be reported, documented, and addressed promptly in line with the Security Incident Management (Procedure). Personal data breaches are handled according to the Data Breach Management (Procedure) described in the Personal Data Protection (Policy).
  • Employee Awareness: All personnel will receive regular training to ensure awareness of their responsibilities related to information security.
  • Continuous Improvement: The IMS will be regularly reviewed and updated to reflect changes in technology, regulations, and the threat landscape.
  • Information Security Objectives: This policy serves as a framework for setting SMART information security objectives as stated in IOMED Company Goals (Master).

Non-compliance with this policy may lead to disciplinary actions, in accordance with the applicable IOMED - Disciplinary Code.

This Information Security Policy shall come into effect immediately upon approval by IOMED's management and will remain in effect until revised or replaced. It will be made available to IOMED members and provided to relevant external interested parties as appropriate and necessary, either upon request or as part of contractual agreements.

Signed by IOMED’s CEO (25/Aug/2025)

Mr. Rohit Mistry

Keep Updated!
Join our newsletter to receive updates and news about the healthcare data sector.
IOMED Medical Solutions, S.L. will process your data to send you its newsletter, based on your consent. Data may be shared with our IT, marketing, and advertising service providers. International data transfers will occur. You may withdraw your consent by clicking the unsubscribe link included in each newsletter. You have the right to access, rectify, delete, restrict, or request the portability of your data by sending an email to dpo@iomed.health or to the postal address indicated in the additional information available at: https://www.iomed.health/policies/privacy-policy
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
About
R + D + I
EHDS
Life at IOMED
Peer-reviewed Scientific Publications
Data Space Platform
Data Space Enablement
Data Space Mediation
Our Technology
Explore DSP Mediation Features
For Whom
Healthcare Organizations
Contract Research Organizations
Life Science Companies
Use Cases
What´s New
News
Blog
Contact Us
LINKEDIN
GITHUB
YOUTUBE
Copyright © 2024 IOMED
Compliance
Privacy Policy
Cookie Policy
Legal Notice
Quality Policy
DPO
Security Policy