Information Security Policy

Healios AG is a medical device software manufacturer dedicated to finding solutions in clinical research and patient monitoring through innovative digital technologies.
This document is issued by the Executive Management of Healios AG and constitutes a formal and responsible commitment to the development, implementation and improvement of the Information Security Management System based on ISO 27001:2013.
This policy is established as the framework within which all the company’s activities must be carried out, the scope of which is “the information that supports the services provided by the organisation aimed at measuring with unprecedented sensitivity changes in motor and cognitive functions in patients with neurological disorders”, in such a way as to guarantee customers and other stakeholders the commitment acquired, to ensure the availability, confidentiality and integrity of the information.
The Information Security Management System of Healios AG is based on:

  • Continuous improvement of safety management through prevention and analysis of the causes of problems encountered.
  • Compliance with legislation and other requirements to which Healios AG subscribes, so as to ensure that activities are and will be carried out in accordance with these requirements.
  • The objective of ensuring business continuity, the protection of personal data and of the organisation’s records.
  • The Company’s Executive Management commits to train personnel on security controls and measures, and the disciplinary process defined in the Workers’ Statute (Spain), or, if applicable, those defined in the laws and regulations of the country in which the worker is working, may be applicable in the event of intentional breaches of security.
  • The level of risk accepted by Management is reflected in the Risk Management procedure.

This policy is known to and subscribed to by all Healios AG staff, as required by the Executive Management.
This policy shall be reviewed on an annual basis, and changes to it shall be approved by the Executive Management.

Revision history:
August 2021: Initial version (1.1) published
September 2022: version 2.0
March 2024: version 13.0