arrow_back_ios_new

IMS Policy

At Silent4Business, we provide comprehensive cybersecurity and artificial intelligence solutions, ensuring quality, information security, and business continuity. We are committed to meeting applicable requirements and agreed service levels, promoting customer satisfaction and continuous improvement of the IMS, in alignment with business objectives.

AI Policy

Silent4Business S.A de C.V (hereinafter and for practical purposes only S4B) establishes and maintains the following policy for the development or use of AI systems:

2.2.1 Purpose

To establish the guiding principles, responsibilities and expectations of S4B in the development, acquisition, operation and use of artificial intelligence (AI) systems, ensuring their alignment with business strategy, corporate values, risk management framework and compliance with legal and ethical obligations.

2.2.2 Alignment with business strategy and organizational culture

This policy reflects S4B's commitment to responsible innovation, transparency and continuous improvement. AI is considered a key capability to achieve competitive advantages, operational efficiency and new business models, always respecting ethical principles, human rights and regulatory compliance.

2.2.3 Risk profile and operating environment

S4B defines its risk appetite in AI matters as medium: it accepts risks derived from the use of emerging technologies as long as they are mitigated by evaluation, monitoring and governance processes. The level of risk associated with each AI system will be evaluated according to its complexity, level of autonomy, potential impact on people and operational criticality.

2.2.4 Legal and contractual compliance

All AI systems must comply with applicable local and international legal requirements, applicable technical standards, contractual clauses and agreements with stakeholders. This includes, but is not limited to, personal data protection legislation, consumer rights, intellectual property and sectoral regulations.

2.2.5 Impact on stakeholders

S4B will evaluate the potential impacts of AI systems on I) Partners and Shareholders, II) Business partners, III) Society, IV) Suppliers, V) Legal and regulatory entities, VI) Personnel and VII) Clients. Inclusion, non-discrimination, explainability and equity must be principles present throughout the system's lifecycle.

2.2.6 AI guiding principles at S4B

Legality and compliance: Every AI system must be developed and operate in compliance with applicable laws and regulations.
Responsibility and human oversight: Every automated decision must be subject to supervision by trained personnel.
Transparency and explainability: Systems must be understandable to users and auditably justifiable.
Justice and non-discrimination: Biases in data, models and automated decisions will be avoided.
Security and resilience: AI systems must operate safely, with controls to prevent misuse and errors.
Privacy by design: Personal data protection will be integrated from the design stage.
Proportionality: The complexity of the system must be aligned with its potential impact.

2.2.7 Management of deviations and exceptions

Any exception to this policy must be documented, justified and approved by the S4B SGIA Committee.

The committee will review the acceptability of the risk and compensatory measures. Detected deviations will be subject to root cause analysis and the generation of an F-SGI-016 corrective action.

2.2.8 Thematic considerations

AI resources and assets: All data, tools, infrastructures and human resources used in AI must be documented, evaluated and subject to quality and security controls.
AI system impact assessments: Each system must have an ethical, social and fundamental rights impact assessment according to the methodology defined in the SGIA.
AI system development: The processes of design, training, testing, validation, deployment and monitoring must follow controls A.6.1.3 to A.6.2.8, ensuring that responsible development objectives are present at all stages.

2.2.9 Cross-cutting application

This policy applies to all internal and external activities related to AI, including third-party acquisitions, integrations in business processes and services provided to clients. Other corporate policies (for example, Information Security, Privacy, Change Management) must complement it and make cross-reference when dealing with coincident aspects.

2.2.10 Entry into force and review

This policy enters into force from its approval by General Management and must be reviewed annually by the Compliance area and the SGIA Committee (during annual strategic planning, management review(s) and internal audits) or when significant changes occur in the regulatory, technological or organizational environment of S4B.

The policy review must also include the evaluation of opportunities for improvement in S4B policies and the approach to manage AI systems in response to changes in the environment, commercial circumstances, legal conditions or technical environment.

Anti-bribery Policy

At Silent4Business we offer Comprehensive Cybersecurity Solutions in compliance with applicable legal requirements, as well as the requirements of the Anti-Bribery Management System (ABMS), therefore any act or attempt of bribery by stakeholders inside and outside the organization is prohibited, promoting good faith reports and commitment to continuous improvement.

In order to ensure adherence to this policy, the responsibility of "Compliance Function" has been established, appointed by Senior Management, who independently has the authority to supervise, ensure and report on the performance of the ABMS, providing guidance and advice to stakeholders.

Anyone who intends or performs an act of bribery will be sanctioned according to the established internal administrative process, which can range from a warning to termination of the contractual relationship and legal actions that Silent reserves.

Continuity Policy

Silent4Business recognizes and accepts that the protection of its assets and continuity of operation is the responsibility of management, collaborators and stakeholders.

Silent4Business is committed to supporting the recovery efforts of its processes, safeguarding its own and third-party information, having the necessary measures for such purpose.

General Management must ensure the proper development and maintenance of the Business Continuity Plan that fits the needs, regulatory practices and compatibility with the provisions and guidance of the strategy, with the purpose of:

Identify the risks to which the company is exposed and design strategies to reduce or mitigate them.
Develop and implement a Business Continuity Plan to protect its operation.
Have the necessary resources to recover its operation in case of an interruption.
Disseminate information regarding the Business Continuity Plan so that employees know how to act in case of a contingency.
Provide adequate training so that critical personnel adopt Business Continuity Plan activities as part of their daily activities.
Respect the plan's lifecycle by testing and maintaining their plans as part of continuous improvement.

In this way, the company will ensure having the capacity to continue with its functions and responsibilities in case of contingency and to minimize the impact they may cause with respect to its areas of interest.

Report

Your report will be:

Anonymous

I will provide my information

Who are you reporting?

Name

Position

Department

Report Description:

Indicate the type of report

Date and time of occurrence

Exact location

Describe your report in detail

Attach evidence No files selected