Security policy

Security policy

Pérez-Llorca has obtained the ISO 27001 certification, which is an endorsement of our commitment to the security of our systems. This international standard describes how to manage information security within companies and seeks to ensure confidentiality, integrity and availability by minimising possible risks and threats. The BSI consultancy was in charge of certifying our information security management systems, awarding us the ISO 27001 certification.

PÉREZ-LLORCA ABOGADOS, S.L.P. (hereinafter referred to as the Firm) is aware of the value for its clients, providers, employees, partners, alumni and candidates of having the highest level of security in the use of information systems, in the safekeeping of documentation and information necessary for providing advice, as well as the importance of guaranteeing the protection of their information.The Firm is expressly committed to continuous improvement of the information and security management systems (hereinafter collectively referred to as the Information Systems), for which the following principles have been established

1.  Promoting the necessary measures to ensure that the Firm’s Information Systems have an adequate level of confidentiality, security and resilience. In this regard, the Firm shall keep information securely archived at all times through robust encryption systems, and access to Information Systems shall only be possible for duly authenticated users and through secure connection systems.

2. Promoting measures that allow for all members of the Firm to be made aware of the security risks and the importance of the appropriate use of the Information Systems, as well as training plans to enable members of the Firm to acquire the knowledge and skills necessary to protect the security of the Firm’s Information Systems.

3. Equipping the Firm with procedures and tools for analysis, prevention, detection, response and recovery, which allow it to adapt quickly to changes in the technological environment, to possible incidents in the Information Systems and to new threats.

4. Collaborating with the relevant bodies and governmental agencies for the improvement of security and, generally speaking, the Firm’s Information Systems and compliance with the legislation in force.

5. Establishing a set of security roles and responsibilities that are clearly defined and assigned in the corporate structure.

6. Collaborating in the detection and communication of possible security incidents that put at risk the confidentiality, integrity and availability of the Information Systems, as well as establishing mitigation measures that minimise the effects of any security breach. In the event that a security event is detected in the Information Systems, the Firm shall record and analyse it in order to apply the corrective or preventative measures that it deems appropriate. Should personal data be involved in the incident, the Firm shall at all times comply with what is set forth in the applicable law.

7. Promoting the continuous review and updating of the security management model to ensure that it is constantly adapted to emerging threats that may affect the Firm.The aim is to protect the confidentiality, integrity and availability of the information, as well as the privacy and protection of personal data therein, complying with the legislation in force and the Firm’s internal rules, while maintaining an appropriate balance between risk levels and the efficient use of resources through principles of proportionality.

All members of the Firm (support staff, lawyers, partners, suppliers and third parties involved in the Firm’s operations) must observe the above principles in the performance of their activities and ensure that they are complied with.This Security Policy shall be revised and endorsed annually by the Firm’s Executive Committee; however, should there be significant changes in the Firm, whether at a technical, operational, regulatory or organisational level, which justify a review earlier than initially scheduled, the Firm undertakes to carry out such a review as soon as possible.

This policy was approved by the Executive Committee


The information contained in this document is PUBLIC and is the property of PÉREZ-LLORCA ABOGADOS, S.L.P.