top of page

Information Security Policy/Trust Center

  1. Commitment to Information Security 

Wiimer – Serviços de Analítica Avançada, Unip, Lda (“Wiimer”), recognises information security as a core pillar of its operations and a fundamental condition for building trust with clients, partners, and employees. The company's commitment to information protection is realised through the implementation of an Information Security Management System (ISMS), in line with the international ISO/IEC 27001:2022 standard. 

2. Scope of Application 

Information is a critical asset for Wiimer and essential to the delivery of its services. Protecting this information, regardless of its form, format, or media, is a strategic priority for the organisation. 

This Information Security Policy is part of Wiimer’s Information Security Management System (ISMS) and applies to all information assets, systems, processes, employees, contractors, suppliers, and external parties with direct or indirect access to information under Wiimer’s responsibility. It covers all physical and digital environments of the organisation, including remote work operations. 

This policy encompasses: 

  • Information in digital, physical, oral, or any other representational or communicative form; 

  • Business processes, applications, services, and IT infrastructure; 

  • Interactions with clients, partners, regulators, and other stakeholders. 

All individuals handling or accessing Wiimer’s information in the course of their duties must fully comply with the principles and requirements set forth herein. 

3. Information Security Principles 

Wiimer’s information security is based on solid foundations designed to ensure the appropriate protection of the organisation’s information assets. These principles guide the definition of controls, processes, and practices across all operations and activities: 

  • Confidentiality: ensuring information is accessible only by those authorised to access it. 

  • Integrity: safeguarding the accuracy and consistency of information throughout its life cycle. 

  • Availability: ensuring information is accessible whenever needed. 

4. Objectives of the Information Security Policy 

The objectives of this policy reflect Wiimer's commitment to effective information security management. Its implementation aims to ensure business continuity, stakeholder trust, and compliance with legal and contractual obligations. 

Wiimer is committed to: 

  • Embedding information security across all business processes; 

  • Supporting service continuity and innovation through robust security controls; 

  • Anticipating and mitigating risks through continuous monitoring and proactive risk management practices; 

  • Continuously improving security controls, processes, and policies; 

  • Allocating appropriate resources to protect the most sensitive and critical assets; 

  • Raising awareness among all employees and relevant parties about their individual responsibility in protecting information. 

5. Responsibilities 

Wiimer defines clear roles and responsibilities to ensure effective information security management across the organisation. All employees, suppliers, partners, and other stakeholders with access to company information must understand and comply with their specific duties in this area. 

  • Top Management provides strategic leadership and ensures alignment between information security and business goals. 

  • The ISMS Governance Board oversees the system’s effectiveness, approves policies, and monitors corrective actions and improvements. 

  • The Information Security Leader coordinates the ISMS’s operational activities and implements the required technical and organisational controls. 

  • All internal and external users must comply with policies, protect their access credentials (e.g., passwords, tokens), and promptly report any incidents or suspicions. 

  • Stakeholders with access to information must commit to complying with applicable legal, ethical, and contractual standards. 

6. Disclosure, Update, and Review 

This policy is structured according to its purpose and intended recipients, and is accessible to all internal and external stakeholders. 

It is considered valid from the date of its approval and remains in force until it is formally replaced. It will be reviewed at least once a year or whenever relevant changes occur in the organizational, regulatory or technical context. 

 

7. Version and Classification 

This document is publicly available and was last updated on 30/06/2025. 

bottom of page