H&D INFO is an organization specialized in the design, development, integration, delivery, and support of information and communication technology solutions. In conducting its business, H&D INFO recognizes that quality of service delivery, customer satisfaction, information security, service reliability, regulatory compliance, and business resilience are fundamental prerequisites for maintaining client trust, protecting organizational value, and ensuring sustainable growth.

This Integrated Policy establishes a unified management framework aligned with the principles and requirements of ISO 9001 (Quality Management), ISO/IEC 27001 (Information Security Management), ISO 22301 (Business Continuity Management), and ISO/IEC 20000-1 (IT Service Management).

It provides the foundation for consistent governance, risk-based decision-making, customer-focused service delivery, and continual improvement across all organizational activities.

Quality Management (ISO 9001)

H&D INFO is committed to the consistent delivery of high-quality services that meet customer, contractual, and statutory requirements and enhance customer satisfaction.

The organization commits to:

• understanding and fulfilling customer needs and expectations,
• defining, monitoring, and reviewing quality objectives at relevant levels,
• applying a process-based and risk-based approach to service delivery,
• measuring service quality, customer satisfaction, and process effectiveness,
• addressing nonconformities and implementing corrective actions,
• continually improving the effectiveness of the Quality Management System.

Quality considerations are integrated into the planning, delivery, monitoring, and improvement of all services and operational processes.

Information Security Management (ISO/IEC 27001)

H&D INFO is committed to protecting the confidentiality, integrity, and availability of all information assets under its control, regardless of whether information is created, processed, stored, or transmitted internally or on behalf of clients and partners.

Information security risks are systematically identified, assessed, and treated using appropriate administrative, technical, and physical controls proportional to business impact and risk exposure.

Information security is treated as a shared responsibility across all organizational levels and is embedded into business processes, technologies, and human behavior.

Business Continuity Management (ISO 22301)

H&D INFO establishes and maintains a Business Continuity Management System to ensure preparedness for disruptive incidents such as cyber events, system failures, supplier outages, or other extraordinary circumstances.

Critical services and activities are identified and prioritized, recovery objectives are defined, and documented continuity and recovery plans are maintained and regularly tested to ensure timely and effective response and recovery, with minimal impact on customers and stakeholders.

IT Service Management (ISO/IEC 20000-1)

IT service management within H&D INFO is founded on clearly defined, standardized, and measurable processes supporting the consistent delivery of services in line with agreed service levels and contractual obligations.

The organization manages the full service lifecycle – from planning and design through transition, operation, and continual improvement – ensuring that quality, security, availability, continuity, and customer satisfaction are integral elements of every service provided.

Incidents, service requests, problems, changes, and improvements are handled in a controlled, traceable, and measurable manner to minimize disruption and enhance service performance.

Compliance and Governance

H&D INFO commits to full compliance with applicable legal, regulatory, contractual, and statutory requirements, including data protection, cybersecurity, commercial, labor, and industry-specific obligations.

Compliance requirements are identified, documented, monitored, and reviewed on an ongoing basis and integrated into risk management, operational controls, internal audits, and management reviews.

Leadership and Continual Improvement

Top management demonstrates leadership and commitment to this Integrated Policy by:

• ensuring the availability of adequate resources,
• defining strategic objectives,
• assigning roles and responsibilities,
• promoting a culture of quality, customer focus, information security, service reliability, accountability, and continual improvement.

This policy provides the basis for setting measurable objectives, evaluating performance, managing risks, and driving continual improvement through internal audits, service reporting, corrective actions, and management reviews.

The policy is reviewed periodically to ensure its ongoing suitability, adequacy, and effectiveness in relation to organizational strategy, regulatory requirements, technological development, and the expectations of customers and other interested parties.