Information Security

Version 3.0 — May 2025

THE KEY TALENT is aware of the importance of information security and privacy, and is highly committed to offering maximum security in the information processed in the operation of its "talent management" services. For this reason, it has implemented an information security and privacy management system based on the ISO 27001 standard that allows it to identify and minimize the risks to which it is exposed.

THE KEY TALENT establishes a culture of information security, ensures compliance with applicable legal, contractual, regulatory and business requirements, and helps reduce operational and financial costs.

The following describes the security procedures that support the Information Security Management System (ISMS) that THE KEY TALENT has decided to establish, implement, operate and continuously improve.

Security Commitments

  • THE KEY TALENT will protect against the risks of data being collected, generated, processed or stored through different devices, its IT infrastructure and the assets generated from access granted to third parties (e.g., suppliers), or as a result of internal or external services.
  • THE KEY TALENT will protect the confidentiality, reliability, integrity, availability, traceability, authenticity and resilience of information collected, generated, processed or stored through different channels, in order to minimize financial, operational or legal impacts due to misuse. It is essential to apply controls according to the classification of the data being managed.
  • THE KEY TALENT will protect information against internal or external risks to the organization.
  • THE KEY TALENT will protect the processing facilities and IT infrastructure that support critical processes.
  • THE KEY TALENT controls operational processes, ensuring the security of technological resources and data networks.
  • THE KEY TALENT will ensure that security and privacy are an integral part of the information systems lifecycle through comprehensive risk management and threat analysis associated with data management systems.
  • THE KEY TALENT will ensure access to its processes and the continuity of its services based on the impact that major and adverse events may cause.
  • THE KEY TALENT will ensure compliance with established legal, regulatory and contractual obligations.

Responsibilities regarding information security and privacy will be defined, shared, published and implemented by all stakeholders.

Approved by the Security Committee — May 26, 2025, version 3.0