Latest release

Introducing Dash to deploy your apps

Information Security Policy

This Information Security Policy is established to protect the confidentiality, integrity, availability, traceability, and authenticity of Resizes Platform Engineering SL’s (hereinafter Resizes) information assets. It complies with the ISO/IEC 27001 and RD 311/2022 (National Security Framework in Spain) standards and applies to all employees, contractors, and external users who access or use Resizes's information assets. This Information Security Policy is effective from the date of approval until it is replaced by a new Policy.

Introduction


Resizes depends on information systems to achieve its objectives. These systems must be managed diligently, taking appropriate measures, based on risk, to protect them against accidental or deliberate damage that may affect the authenticity, traceability, integrity, or confidentiality of the information processed or the availability of the services provided.


The ultimate goal of information security is to ensure that Resizes can meet its objectives, perform its functions or competencies, and provide the services for which it was constituted, maintaining the quality of information and the continuous provision of services, acting preventively, monitoring daily activity, and reacting quickly to incidents.


ICT systems must be protected against rapidly evolving threats with the potential to affect the confidentiality, integrity, availability, intended use, and value of information and services. To defend against these threats, a strategy is required that adapts to changes in environmental conditions to ensure the continuous provision of services. This implies that departments must apply the minimum security measures required by the National Security Framework (ENS), as well as continuously monitor service provision levels, track and analyze reported vulnerabilities, and prepare an effective response to incidents to ensure the continuity of services provided.


Resizes ensures that ICT security is an integral part of every stage of the system life cycle, from its conception to its withdrawal from service, including development or acquisition decisions and operational activities. Security requirements and funding needs must be identified and included in planning, in requests for proposals, and in bidding documents for projects involving the processing of personal data, the acquisition of ICT services, or the provision of services that affect information systems.


Purpose


The purpose of this policy is to ensure the protection of information assets against all threats, whether internal or external, deliberate or accidental. Its objective is to ensure compliance with all applicable laws, regulations, and contractual obligations.


The policy establishes a framework for establishing, reviewing, and achieving information security objectives and defines the responsibilities of employees, contractors, and external users in protecting Resizes's information assets.


Furthermore, the policy aims to promote awareness, educate employees, and guide decision-making processes related to information security within the organization.

Scope


This policy applies to all information assets owned, leased, managed, or otherwise controlled by Resizes, including information stored on physical or electronic media, information transmitted over networks or any communication channel, and information processed or managed by employees, contractors, or external users.

Mission


Resizes is an organization specializing in the orchestration and deployment of cloud-native infrastructure, enabling clients to seamlessly launch their web applications.


The security objectives that Resizes aims to ensure with this Policy will be:

  • Guaranteeing the confidentiality, integrity, availability, traceability and authenticity of the information, and the continuity in the provision of services.

  • Implementing security measures based on risk.

  • Training and raising awareness among Resizes members regarding information security.

  • Implementing security measures that allow for the traceability of access and respect, among others, the principle of least privilege, also reinforcing the duty of confidentiality of users in relation to the information they know in the performance of their duties.

  • Deploying and controlling physical security by ensuring that information assets are located in secure areas, protected by access controls, in consideration of the risks detected.

  • Establishing security in communication management through the necessary procedures, ensuring that information transmitted through communication networks is adequately protected.

  • Controlling the acquisition, development, and maintenance of information systems in all phases of the information systems lifecycle, guaranteeing their security by design.

  • Controlling the compliance of security measures in the provision of services, maintaining control in the acquisition and incorporation of new system components.

  • Managing security incidents for the correct detection, containment, mitigation, and resolution of these, adopting the necessary measures so that they do not recur.

  • Protecting personal information, adopting technical and organizational measures in view of the risks derived from the processing in accordance with data protection legislation.

  • Continuously monitoring the security management system, improving and correcting detected inefficiencies.


Security Measures


Aligned with our commitment to safeguarding information assets and maintaining the integrity of our operations, we have established a comprehensive set of security measures. These measures encompass a range of strategies and technologies aimed at protecting our systems, data, and resources from potential threats, ensuring the confidentiality, integrity, and availability of information critical to our business.


  • Human Resources: Human resource security measures are implemented to ensure that employees, contractors, and third-party users are aware of their responsibilities and are equipped to safeguard information assets.

  • Physical Security: Physical security measures are implemented to protect information assets from unauthorized access, damage, or interference.

  • Asset Management: Asset management measures are implemented to ensure that all information assets are properly identified, classified, and secured throughout their lifecycle. This includes maintaining an accurate inventory of assets, assigning ownership, and defining usage guidelines. Regular audits and reviews are conducted to ensure assets are adequately protected.

  • Access Control: Access to information assets is limited to authorized users only. Strong authentication and authorization mechanisms are implemented, and access rights are periodically reviewed to ensure they remain appropriate.

  • Network Security: Measures are implemented to secure the company’s network infrastructure against unauthorized access, breaches, and other security threats. This includes firewalls, intrusion detection systems, and regular network monitoring.

  • Operations Security: Operations security measures are enacted to preserve the integrity of operational processes and guarantee the secure execution of daily activities. This includes implementing robust monitoring systems and logging mechanisms to swiftly identify and respond to suspicious activities.

  • Configuration Management: A configuration management procedure is implemented to ensure that all configurations of information systems and related assets are systematically managed, documented, and monitored throughout their lifecycle. This process supports the organization's information security objectives by maintaining the integrity and consistency of configurations.

  • Secure Development: Security practices are integrated into the software development lifecycle to ensure that applications are designed, developed, and maintained securely. This includes code reviews, vulnerability assessments, and regular security testing.

  • Change Management: A procedure is established to control and document changes to information systems and infrastructure. This ensures that changes are reviewed, approved, and implemented in a controlled manner, minimizing the risk of security incidents and operational disruptions.

  • Risk Management: Regular risk assessments are conducted to identify and evaluate risks to information assets. Appropriate controls are implemented to mitigate identified risks, and the effectiveness of these risk management activities is continuously monitored and reviewed.

  • Data Management: Information is classified based on its sensitivity and criticality. Appropriate handling procedures are defined for each classification level to ensure the protection of information throughout its lifecycle.

  • Incident Management: An incident management process is established and maintained to detect, respond to, and recover from information security incidents. All security incidents must be reported promptly to the designated incident response team. Incidents are investigated to determine the root cause and to prevent recurrence.

  • Business Continuity: Plans are established and maintained to ensure the continuation of critical business functions in the event of a disruption. Regular tests and updates to these plans are conducted to ensure their effectiveness.

  • Third-Party Management: Security requirements are defined and enforced for third-party vendors and partners. Regular assessments and reviews are conducted to ensure that third parties comply with the company’s information security standards.

  • Compliance: Compliance with all relevant laws, regulations, and contractual obligations related to information security is ensured. Regular audits and reviews are conducted to verify compliance with this policy and the information security management system.

  • Awareness and Communication: Regular information security training is provided to all employees, contractors, and third-party users. Awareness of information security policies, procedures, and best practices is promoted throughout the organization.

Third Parties / Service Providers / Solution Providers


When Resizes provides services to other entities or handles information from others, they will be made aware of this Information Security Policy, without prejudice to respecting the obligations of data protection regulations if it acts as a data processor in the provision of the aforementioned services, and channels will be established for reporting and coordination of the respective Security Committees and action procedures for reaction to security incidents. In addition, the Security Manager (or person delegated by them) will be the Point of Contact (POC).


When Resizes uses third-party services or transfers information to third parties, they will be made aware of this Security Policy and the Security Regulations that concern said services or information, without prejudice to compliance with other data protection obligations. In the contracting of service providers or acquisition of products, the obligation of the awardee to comply with the ENS will be taken into account.


Said third party will be subject to the obligations established in said regulations, being able to develop its own operational procedures to satisfy them, so that Resizes can supervise them or request evidence of compliance with them, including second or third-party audits. Specific procedures for reporting and resolving incidents will be established, which must be channeled through the POC of the third parties involved and, also, when personal data is affected, through the correct channels according to Privacy Policy. Third parties will ensure that their personnel are adequately aware of security matters, at least at the same level as that established in this Policy or that which may be specifically required in the contract.


When any aspect of the Policy cannot be satisfied by a third party as required in the preceding paragraphs, the Security Manager will issue a report that specifies the risks incurred and how to treat them. Approval of this report by the managers of the affected information and services will be required before the start of the contracting or, where appropriate, the award. The report will be forwarded to the Resizes representative who must authorize the continuation with the processing of the third party's contract, assuming the detected risks.


When Resizes acquires, develops, or implements an Artificial Intelligence system, in addition to complying with the provisions of current regulations on the matter, it must have the report of the Security Manager, who will consult the Information and Service Manager and, when necessary, the System Manager must also give their opinion.


Last updated: 28th April 2026

Dash is a self-service developer platform that simplifies cloud infrastructure management and application deployment.

Dash Status

Privacy Policy

Information Security Policy

Terms and Conditions

Links

Home

Careers

Pricing

Docs

Contact

Partnering with

AWS Startup Logo

Supported by

Tetuan Valley Logo
EBT Logo

Public Support

Copyright ©2026 Resizes

Dash is a self-service developer platform that simplifies cloud infrastructure management and application deployment.

Dash Status

Privacy Policy

Information Security Policy

Terms and Conditions

Partnering with

AWS Startup Logo

Supported by

Copyright ©2026 Resizes

Dash is a self-service developer platform that simplifies cloud infrastructure management and application deployment.

Dash Status

Privacy Policy

Information Security Policy

Terms and Conditions

Links

Home

Careers

Pricing

Docs

Contact

Partnering with

AWS Startup Logo

Supported by

Tetuan Valley Logo
EBT Logo

Public Support

Copyright ©2026 Resizes

Pricing

Docs

Services

Blog

Contact

Sign up

Login