Management System Policy

1. INTRODUCTION

METADROP has decided to implement, maintain and adopt an Integrated Management System (IMS) that complies with the requirements of the ISO 9001:2015 (Quality Management), ISO 14001:2015 (Environmental Management) and ISO 27001:2022 (Information Security Management) standards.
This Integrated Management Policy constitutes the strategic framework that guides all the organisation’s activities in the areas of quality, the environment and information security, ensuring excellence in our services, respect for the environment and the protection of information assets.

2. SCOPE

This Policy applies to all METADROP activities related to:

  • Consultancy, project management and digital strategy
  • UX/Digital design
  • Drupal development and mobile applications
  • Support, ongoing maintenance and security updates
  • DevOps / SysAdmin optimised for Drupal
  • Accessibility analysis of websites and mobile applications
  • Training courses

Compliance is mandatory for all METADROP staff, as well as for contractors, clients and third parties who have access to the organisation’s information or systems.

3. REGULATORY FRAMEWORK

This Integrated Policy is based on the following standards and legal frameworks:

3.1 Reference standards

  • UNE-EN-ISO 9001:2015 – Quality Management Systems. Requirements
  • UNE-EN-ISO 14001:2015 – Environmental Management Systems. Requirements with guidance for use
  • ISO/IEC 27001:2022 – Information Security Management Systems. Requirements

3.2 Applicable legal framework

  • Regulation (EU) 2016/679 (GDPR) – Protection of Personal Data
  • Organic Law 3/2018 (LOPDGDD) – Data Protection and Guarantee of Digital Rights
  • Current environmental legislation (waste, air, water)
  • Other legislation and requirements applicable to the organisation’s activities

4. PRINCIPLES AND COMMITMENTS OF THE INTEGRATED MANAGEMENT SYSTEM

The Management of METADROP establishes the following principles and commitments as the basis of its Integrated Management System:

4.1 Customer and stakeholder focus

  • Customer satisfaction as a fundamental priority, offering products and services of the highest quality that meet their requirements and expectations.
  • Promoting communication with customers to identify needs and suggestions for improvement.
  • Identifying and taking into account the needs and expectations of all relevant stakeholders.

4.2 Continuous improvement

  • Commitment to the continuous improvement of the Integrated Management System, involving all company staff.
  • Achievement of the established quality, environmental and information security objectives.
  • Analysis of the causes of problems and non-conformities in order to implement effective corrective actions.
  • Periodic evaluation of performance through records that demonstrate the system’s performance.

4.3 People management and development

  • Development of human resources through continuous training in quality, the environment and information security.
  • Raising awareness amongst all staff of the importance of their activities and their contribution to achieving the objectives.
  • Dissemination and understanding of this Integrated Policy at all levels of the organisation.

4.4 Environmental protection

  • Commitment to environmental protection through the prevention of soil, air and water pollution.
  • Integration of environmental considerations into decision-making, planning and the execution of activities.
  • Responsible waste management and efficient use of resources.
  • Identification, assessment and control of significant environmental aspects of our activities.

4.5 Information security

  • Ensuring the confidentiality, integrity and availability of information through appropriate security controls.
  • Prevention, detection and effective response to information security incidents.
  • Systematic and documented management of information security risks.
  • Protection of customer and organisational information against internal and external threats.
  • Continuity of ICT services through contingency and recovery plans.

4.6 Legal and regulatory compliance

  • Compliance with applicable legislation in the areas of quality, the environment and information security.
  • Compliance with other requirements to which the organisation subscribes in relation to its management aspects.
  • Regular review and updating of compliance with legal and regulatory requirements.
  • Respect for the protection of personal data in accordance with the GDPR and LOPDGDD regulations.

4.7 Ethics and professional responsibility

  • Ethical and professional conduct at all levels of the organisation.
  • Transparency in relations with customers, suppliers and other stakeholders.

  • Establishment of confidentiality agreements where necessary.

    4.8 Risk and Opportunity Management

  • Systematic identification and assessment of risks and opportunities relating to quality, the environment and information security.
  • Implementation of controls to mitigate risks and capitalise on opportunities for improvement.
  • Continuous monitoring and review of the effectiveness of the actions implemented.

5. RESPONSIBILITIES

5.1 Management

METADROP’s Management assumes leadership and commitment to the Integrated Management System, ensuring:

  • The establishment of the Integrated Policy and the system’s objectives.
  • The provision of the necessary resources for its implementation and maintenance.
  • The integration of the system’s requirements into the organisation’s processes.
  • Communication of the importance of integrated management to the entire organisation.
  • Periodic review of the system’s performance and the promotion of continuous improvement.

5.2 Integrated Management System Manager

Coordinates the implementation, maintenance and improvement of the Integrated System, ensuring it complies with the requirements of applicable standards and reporting to Management on its performance.

5.3 Quality and Environment Manager

Maintains quality and environmental procedures and processes, verifying compliance with this Policy and the associated objectives, and managing the assessment of customer satisfaction and environmental performance.

5.4 Information Security Officer

Defines, coordinates and implements information security requirements, monitors security incidents, oversees compliance with security measures and coordinates the necessary audits.

5.5 All staff

All METADROP staff are responsible for:

  • Being familiar with, understanding and applying this Integrated Policy.
  • Applying the procedures relevant to their work.
  • Ensuring that their actions do not result in non-compliance with the Policy.
  • Reporting any incidents related to quality, the environment or security.
  • Actively contributing to the continuous improvement of the system.

6. OBJECTIVES AND PLANNING

On the basis of this Policy, Management sets measurable and consistent objectives annually for the three areas of the system (quality, environment and information security), allocating the necessary resources to achieve them. The objectives are documented in the Improvement Plan and are reviewed periodically to ensure their compliance and relevance.

7. REVIEW AND COMMUNICATION

This Integrated Policy shall be reviewed:

  • At least annually, during the Management Review of the system.
  • When significant changes occur in the organisation, its activities or its context.
  • When applicable legal or regulatory requirements change.


This Policy is available to everyone in the organisation and is communicated to relevant stakeholders. It is made available to employees, customers, suppliers and other stakeholders as appropriate.
Should you wish to make any suggestions regarding any of these aspects, we invite our customers to contact us via the following email address: customers@metadrop.net