CONTACT
  • EN-MX
    • Buscar
  • EN-MX

    • The Firm

    Practices and Sectors

    News

    Legal knowledge

    Team

    • Find a lawyer
    • Practices and Sectors
      Position
      Office

    Talent

    BCN BOG BRU CDMX LIS LON MAD MDE MTY NYC SGP

    T: +34 91 436 04 20

    Contact us

    Home

    Security policy

    Security policy

    Pérez-Llorca Abogados, S.L.P. recognises the critical importance of Information and Communication Technologies (ICT) for the fulfilment of its objectives and the continuous provision of its legal services. Information security is conceived as a comprehensive and continuous process aimed at preserving the confidentiality, integrity, availability, traceability and authenticity of the firm’s information and services.

    To this end, preventive, detection, response and recovery measures apply, in line with the ISO/IEC 27001 standard and the Spanish National Security Scheme (ENS), monitoring service levels and managing emerging vulnerabilities and threats.

    All departments must integrate security into the entire lifecycle of ICT systems, from design to decommissioning, and be prepared to prevent, detect and manage incidents, ensuring business continuity.

    Scope

    This policy is applicable to all professionals, partners and collaborators of Pérez-Llorca, as well as to the Information Security Management System (ISMS) supporting the firm’s legal services and the processing of client, employee and third party information.

    The fundamental principles of the Information Systems Security Policy are:

    1. Security as an integral process: combining human, technical, organisational and legal factors, promoting awareness among all professionals.
    2. Risk-based security management: continually assessing and addressing threats and vulnerabilities, applying measures proportionate to the value and criticality of the information.
    3. Prevention, detection, response and recovery: establishing the minimum controls required by the ENS, monitoring mechanisms, detecting discrepancies and continuity plans.
    4. Lines of defence: multi-layered protection (organisational, physical and logical) that mitigates the impact of incidents.
    5. Continuous monitoring and reassessment: regularly updating security measures in line with technological and risk developments.

    Security Requirements

    The firm implements measures in the following key areas:

    • Security governance and organisation: defined roles and responsibilities, clear policies and procedures.
    • Risk management: periodic analysis and mitigation measures.
    • Personnel management: training and security awareness.
    • Access control and principle of least privilege.
    • Physical and logical protection of installations and systems.
    • Selecting reliable security products and services.
    • System integrity and upgrades.
    • Protection of information in standby and in transit.
    • Incident management and business continuity.

    Legal and Regulatory Framework

    The policy is aligned with:

    • Royal Decree 311/2022 (National Security Scheme).
    • Regulation (EU) 2016/679 (GDPR) and Organic Law 3/2018 on the protection of personal data and guarantee of digital rights (LOPDGDD).
    • ISO/IEC 27001:2022 standards and internal security regulations.
      The firm maintains an up-to-date Legal Requirements Register and a Privacy Management System with access restricted to authorised personnel.

    Organisational Structure

    The security model is structured around:

    • Information Security Committee
    • Information Manager
    • Service Managers
    • Chief Information Security Officer (CISO)
    • Systems Manager
    • Data Protection Officer

    The Chief Information Security Officer (information.security@perezllorca.com) is the single point of contact for security matters for the whole firm in case any additional information is required.

    Risk Management

    All systems subject to this policy must carry out risk analyses on a regular basis (at least annually or after significant changes), under the coordination of the Security Committee. This Committee will establish homogeneous criteria and promote the necessary resources to maintain adequate security levels.

    Continuous Improvement Commitments

    Pérez-Llorca maintains a constant commitment to the resilience of its systems, ICT security training and awareness, agile response to incidents, collaboration with the competent authorities and continually updating its management model and security controls.

    Documentation and Control

    The ISMS is organised hierarchically in an Information Security Policy, internal rules and procedures, and technical manuals with their respective records, with documentation managed according to the Documented Information Control procedure to ensure its correct approval, review, classification, accessibility and distribution.

    Users’ Obligations

    All professionals should:

    • Be familiar with and comply with the Security Policy and the System User Manual.
    • Participate in annual training and awareness-raising sessions.
    • Report incidents to the Chief Information Security Officer.
    • Use technological resources in accordance with established standards.

    Relationships with Third Parties

    When Pérez-Llorca provides or receives services that involve the processing of information, contracts will include specific clauses on security, incident reporting and responsibilities. Third parties will be subject to the same levels of security and train their staff to the same standards as those of the firm.

    Approval and Applicability

    This Policy, which is public, was approved by Security Committee on 13 October 2025, and will be reviewed annually or earlier in the event of significant changes.