The management of PriorityZero declares its personal participation and responsibility for the implementation of the announced Policy, by undertaking to maintain the relevance and continuous improvement of the adequacy and efficiency of the implemented Quality Management and Information Security System, which meets the requirements of the ISO 9001:2015 and ISO 27001:2022 standards.

"BRR CONSULTING" Ltd. , using the trade name PriorityZero follows and applies the principles of managing the quality of its services and the security of information, ensuring its integrity, confidentiality and availability. The main priority of the company is to achieve complete satisfaction of its customers and sustainable development. In its activity, the company complies with rules ensuring the continuity of business processes, always striving to maintain the highest level of quality of the services offered, as well as to guarantee the security and confidentiality of information.

PriorityZero's team aims to establish itself as a preferred and reliable partner in the field of information security, vulnerability testing and information protection, offering high-quality, effective and efficient solutions for its customers.

To achieve the set goals, PriorityZero implements a quality management system and information security and is guided by the best practices for quality management of the services and products offered. This policy is a guarantee of their compliance.

With this policy, we commit and guarantee to our clients and partners that they will receive high-quality services, as well as implement measures to ensure and maintain confidentiality, availability and integrity of information.

We have adopted a methodology containing criteria for risk assessment, guaranteeing information security and the quality of the services offered. We have determined a level of acceptable risk aganst which the likelihood of threats occurring and the severity of their impact on the company's activities and assets are assessed. We have adopted rules for their periodic review and update, as well as a plan for their management.

We have identified the owners of these risks and assessed the likelihood of them materializing. Based on this assessment, we have created a plan for their management and measures have been taken to protect against internal and external, deliberate and accidental actions and threats.

Any existing and/or potential security threat or breach is investigated in detail, reported to management and remedial measures are taken to prevent reoccurrence.

We have provided rules for managing critical business processes in the organization to ensure the continuity of the services offered and information security.

In the context of the organization, we have identified all external and internal stakeholders, related to the management of information security and the quality of services offered. We have defined a periodic review and update of the policy, paying significant attention to the requirements of all interested parties.

Furhtermore, PriorityZero has developed measures to protect and protect against unauthorized access and loss of information, as well as continuous improvement of the information security and quality management system.

The main aspirations of the company are: development, professionalism and correctness, with a main focus on customer satisfaction, regulatory compliance and continuous development of the offered products and services. It is extremely important to us that our employees comply with the stipulated information security requirements.

In order to ensure that all employees comply with the processes in the organization and are familiar with the rules for managing information security and the quality of the services offered, they undergo strict training before being employed by the company.

In order to satisfy the expectations for the quality of the services offered, we constantly increase the qualification and expertise of our employees. We expand and develop new services and products to meet the latest trends and regulatory requirements in the field. We guarantee continuous improvement of the processes of performance of the activity, good knowledge and application of the requirements of the applicable national and international regulatory requirements.

When using external specialists and subcontractors, they are required to sign strict guarantees of confidentiality. We require familiarization, application and compliance with the policies for information security management and quality of performance at PriorityZero .

Every year, we set goals to increase and improve the information security management system and the quality of the services and products offered. The goals are systematically reviewed and updated by the management of the company, bringing them to the knowledge of our employees and expecting their contribution with their implementation.

The general manager and all management of PriorityZero are responsible for implementing, maintaining and updating this policy. We commit to continuous improvement of the information security and quality management system. We continously keep informed all PriorityZero employees who are directly responsible for the implementation and application of this Policy and guarantee its implementation.