Information Security Policy

Cuatrecasas information security policy


Cuatrecasas considers that information, particularly that concerning clients, and the different information-related systems are critical assets that must be protected correctly to ensure the firm's correct operation.

This security policy is aimed at enabling the firm to (i) guarantee the confidentiality, integrity, availability and privacy of the information; and (ii) meet the applicable regulations and standards at all times, while keeping a balance between the risk levels and the efficient use of the resources by applying proportionality criteria. It provides a reference framework to establish information security goals.

This policy applies to everyone at Cuatrecasas, including support staff, directors, partners and lawyers, and the investee companies over which Cuatrecasas has effective control. Cuatrecasas will promote principles and guidelines coherent with that established in this policy in the investee companies over which it does not have effective control.

In line with the firm’s express commitment to continually improve the management system, General Management establishes the following principles of information security management:

  • To guarantee that the Cuatrecasas information systems have the appropriate security level and resilience proposed by the firm’s Information Security Committee.
  • To make everyone at the firm aware of the security risks, guaranteeing that they have the training and skills necessary to protect the security of the firm’s information systems.
  • To provide the firm with analysis, prevention, detection, response and recovery procedures and tools that can be easily adapted to technological changes and new threats.
  • To cooperate with the corresponding government bodies and agencies to improve the firm’s security and meet the applicable regulations.
  • To establish security duties and responsibilities that are clearly defined and assigned in the firm’s organizational chart.
  • To ensure all employees and colleagues diligently report possible security incidents.
  • To endorse a process to review and update the security management model regularly, to keep it up to date at all times with new threats that could affect the firm.

This policy was reviewed and approved by Cuatrecasas Top Management on 10/24/2022.

If you need additional information on our information security policy or have any suggestions, please send a message to: informationsecurity@cuatrecasas.com.