Last Updated on September​ 23rd, 2025.

​

• Our Core Commitment

  At kommit, information security is fundamental to our business model. As a provider of specialized talent, the trust of our clients is paramount. This trust is built on how we secure client information, according to the highest industry standards.
   

• Security Management and Governance
  Our approach to security is formalized through our Information Security Management System (ISMS), a systematic framework for keeping sensitive information secure. These core commitments guide this system:
  
  Continuous Improvement: Our security committee leads the continuous improvement of our ISMS. We promote a culture of operational excellence and provide the necessary resources to strengthen our security controls consistently.
  
  Leadership and Compliance: Our leadership is committed to all applicable information security requirements. This commitment extends to the proactive management of risks that could impact our services, including those derived from environmental factors like climate change. We comply with the ISO/IEC 27001:2022 international security standard and all legal, contractual, and governmental requirements in our areas of operation, including the United States and Colombia.
   

• Key Security Objectives
  Our security commitment is realized through these key objectives:
   

1. Protecting Client Information: We ensure all client information's confidentiality, integrity, and availability. All data is managed based on our information classification policy, applying specific controls according to its sensitivity.
    

2. Ensuring Personnel Compliance: All personnel receive comprehensive training on information security. Our policies and procedures are communicated clearly to ensure our team is competent enough to maintain our security standards.
    

3. Maintaining Effective Access Controls: We maintain formal access control procedures, ensuring only authorized personnel have access to critical information.
    

4. Guaranteeing Business Continuity: We ensure business continuity through regular backups of critical information and a comprehensive disaster recovery plan designed to minimize the impact of potential data loss.
    

5. Establishing Supervision Mechanisms: We continuously monitor system events and activity logs to ensure information traceability and integrity, enabling a prompt response to any anomalies.
    

6. Adapting to Evolving Threats: We regularly review and adapt our ISMS to address evolving threats and new technologies, ensuring the ongoing improvement of our security posture.
    

• Communication with Stakeholders
  Our security policies are communicated to all employees. We also believe in transparency with our partners and will share relevant security guidelines with clients through our public channels.