Skip to main content


Xeridia is committed to meeting the most rigorous standards, through the quality and continuous improvement of the Management Systems.Our policies aim to meet and exceed the expectations expectations of our clients and collaborators and to integrate them into our activity, reviewing them annually in order to ensure their adequacy.

Quality Policy

1. Vision

In Xeridia our goal is to become an international leading company in the field of advanced custom software development. We are specialized in implementing innovative technological solutions for particularly complex needs, thanks to the expertise and experience of our team of professionals.

2. Mission

Xeridia’s mission is to provide technological services in the form of developing advanced customized software solutions and offering technological consultancy, with a focus on addressing the complex and critical business needs of our clients.

Our products are designed for companies and institutions in both the national and international market, contributing to the development of the business and social network of our local community in León, Spain. This dual approach, combining business activities for clients worldwide with a strong commitment to our local roots, is at the core of Xeridia’s identity and purpose.

Our competitive advantage lies in our team of expert professionals who are committed to delivering high-quality services with added value, while also ensuring that we meet agreed-upon deadlines.

3. Our Values

The principles that govern our activity are the following:

  1. Honesty: Transparency, integrity, and fairness are at the core of our relationships with customers, employees, and suppliers.

  1. People: each member of our team is valued, and maintaining a positive employee experience is a priority. We strive to strike a balance between their personal and professional lives through a wellness plan.

  1. Added value: we rely on the quality of the services provided, based on the knowledge and experience of our employees integrated in multidisciplinary work teams of high responsibility and diligence.

  1. Empathy: we focus on providing value to the client from the perspective and vision of the end user, satisfying real needs and with lasting value.

  1. Innovation: we develop services based on emerging technologies, creating and innovating new products or adopting new ways of working, as a source of growth for the company and the people who work in it.

  1. Passion: all of our team members share a passion for technology and the work we do every day. You will be the best at what you love.

4. Suppliers follow-up

To ensure the responsible performance of our suppliers, Xeridia has established a diagnosis and evaluation system to ensure that the requirements established in the contract are met.

We conduct ongoing assessments of our suppliers, which allows us to prioritise which suppliers to contract with, renew commitments, seek improvements in the quality and efficiency of services and how to interact in the context of the purchase, all under the criteria established in previous planning stages.

In order to evaluate suppliers, we have established the following quantifiable criteria, from which we obtain a value that qualifies each supplier:

  • Capacity to supply products.

  • Experience.

  • Quality – Price.

  • Delivery times and guarantees.

According to these criteria, Xeridia conducts an annual assessment of its suppliers and acts in different ways depending on the non-conformities detected:

  • Continuing the relationship with the supplier.
  • Communicating the non-conformities detected to the supplier, giving them an opportunity to improve.
  • Ending the relationship with the supplier.

Personal Data Protection Policy

At XERIDIA UK Ltd we are concerned about the protection of the personal data that we process within the framework of the activities that we carry out.

The personal data to be protected includes all data that is processed by us (whether it is data of customers, potential customers, suppliers, employees, contacts, external collaborators, etc.).

Therefore, both XERIDIA UK Ltd and all its staff, whether internal or external, who are involved in any way in the processing of personal data, must:

  • Maintain secrecy and confidentiality of the information processed.

  • Protect the personal data it is processing and safeguard them so that unauthorised personnel do not have access to them.

  • Comply with the principles of data protection (lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, limitation of the storage period, integrity and confidentiality and proactive responsibility).

  • Ensure that data subjects can exercise their rights (information, access, rectification, erasure, restriction of processing, data portability, objection and automated individual decisions).

  • Comply with, and where appropriate, enforce compliance with, the controls and security measures that XERIDIA UK Ltd has implemented to protect the security of personal data, preventing the confidentiality, integrity or availability of such data from being compromised.

  • Immediately communicate, according to the procedures provided for this purpose, any incidents that may affect the security of personal data and that may compromise its confidentiality, integrity or availability, as well as non-compliance with the requirements set forth in the personal data protection regulations.

  • Comply with all legal requirements and obligations imposed by personal data protection regulations.

Environmental Management Policy

1. Objective

In Xeridia UK Ltd we are concerned about the environmental effect of our activity. As a result, our goal is to establish a sustainable company where care and respect for the environment prevail, in collaboration with our suppliers and customers.

2. Fundamental principles

We have implemented a policy related to Environmental Management where we we identify, evaluate and mitigate the negative environmental effect generated by the company.

We are optimising the implementation of agreed measures aimed at reducing emissions, pollution or excessive consumption.

3. Major action lines

  • Increasing a sense of responsibility and environmental consciousness among employees, suppliers, and customers to encourage the adoption of positive habits
  • Reducing and recycling waste caused by the company
  • Lower expenses that affect sustainability and the environment such as:
    • Determined commitment to minimise the impact on the environment due to Xeridia’s activity, with special attention to the protection of the environment including the prevention of pollution caused by electronic waste and atmospheric emissions
    • Enhancing energy efficiency to reduce consumption
    • Lowering greenhouse gas emissions
    • Optimising water use
    • Removing paper use
    • Reducing travel by promoting the intensive use of video conferences

Information Technology Service Management System Policy


Xeridia’s IT Service Management System (IMS) aims to:

  • Manage the provision of services provided by Xeridia to customers in an effective and efficient manner, within a life cycle that allows the continuous improvement of the processes implemented.
  • Ensure that the service requirements agreed with customers are met and maintained.
  • Ensure that all IT services indicated in the scope are managed in such a way as to guarantee on-time delivery, fast response, high quality and high customer satisfaction.
  • Seek to ensure uninterrupted service, rapid resolution of incidents and high customer satisfaction.
  • Annually review and update the reference to ongoing services and upcoming services in Current Services and Possible Upcoming Services.

Processes involved:

  1. Strategic Planning and Management System, ensuring an efficient and effective structure.
  2. Capacity and Demand Management: dimensioning technological and human resources to ensure adequate provision of services.
  3. Availability Management: guarantee and improve the availability of services, planning improvement measures and adjusting resources to maintain optimum levels.
  4. Service Level Management, monitoring compliance to ensure quality and customer satisfaction.
  5. Business Relationship Management: periodically reviewing service, measuring satisfaction and managing complaints, using tools such as Jira and meetings as required.
  6. Continuity Management: manage responses to severe events and ensure rapid restoration of affected services.
  7. Incident and Service Request Management: resolve service level impact events, respond to service requests and record actions taken to resolve incidents.
  8. Problem Management: minimise the impact of logged incidents and provide temporary solutions and anticipate potential problems.
  9. Information Security Management, in all service activities, implementing security policies and performing critical risk analysis.
  10. Supplier Management: communicate service needs to suppliers, ensure understanding of obligations and monitor support agreements.
  11. Change and Delivery Management: identifying change needs, evaluating and approving changes according to business criteria
  12. Configuration Management: record and control all configuration items critical to the provision of services.
  13. Financial Management: budget, record and account for service costs to ensure financial viability.
  14. Report management: Ensure that reports are generated in time for their function and their information is accurate and reliable.

Information Security Policy

Statement of Information Security Policy:

This document establishes the information security policy of XERIDIA, based on ISO/IEC 27001:2022, to ensure the confidentiality, integrity, and availability of information, comply with legal requirements, have a continuity plan, train and raise awareness among staff on information security, manage incidents, assign responsibilities, appoint a Security Officer, and continually improve the ISMS.

Objectives of the Security Policy:

To provide guidelines for the secure handling of information, protecting it against potential threats, and ensuring business continuity.

Scope of ISO 27000:

It applies to information systems supporting activities such as analysis, design, implementation, and maintenance of computer applications and consulting, at the León workplace, excluding the workplace in London.


Includes a security study, risk analysis, and establishment of a risk treatment plan, aligned with the Security Policy.


It is the responsibility of the security officer, supported by technical staff and management, including the implementation of ISO 27002 security controls and ISMS procedures to comply with ISO/IEC 27001:2022.


The Policy and ISMS are regularly reviewed by the security committee, with planned and annual reviews, in addition to involvement from management and monitoring procedures.


Improvements are established during reviews or relevant contributions, evaluated, implemented, and managed by the ISMS Manager, framed within the PDCA cycle for information security.

Principles governing specific aspects of information security:

  • Corporate Mobile Devices and Telecommuting: Users are responsible for the proper use and protection of corporate mobile devices. They must prevent theft or loss and not alter security measures. All devices are controlled by management and are blocked in case of loss. In telecommuting, systems must be protected, and unauthorized access avoided.
  • Personal Devices – BYOD Equipment: Personal devices and the data they contain must be protected. Access to corporate email from non-corporate devices requires encryption and pattern lock protection. Basic standards such as antivirus use and regular updates must be followed.
  • Human Resources Security: All employees, suppliers, and third parties must understand their responsibilities in information security and reduce the risk of theft, fraud, or misuse of resources. They must comply with the security policy even after terminating their employment.
  • Asset-related Responsibilities: Users must efficiently use systems, promote responsible network use, and properly safeguard assets in their possession. Media management and information protection are key responsibilities.
  • Access Control to Communication Networks: Access to information systems is controlled so that it is only performed by authorized personnel, and unauthorized access is prevented.
  • User Identification and Authentication: Unauthorized access to network services is prevented, and secure authentication methods are used for external connections.
  • Passwords: Password usage standards are established, including expiration, complexity, and protection against prohibited activities such as password sharing or attempting to decipher keys.
  • Internet Access: Internet use is limited to topics related to company activity, and access rules are established.
  • Unauthorized Software: Installation of software programs without prior authorization and use of unlicensed programs is prohibited.
  • Software Licenses: Unauthorized use of software programs and any unauthorized use of works protected by intellectual property rights is prohibited.
  • Use of Cryptographic Controls: Cryptographic controls are applied in emails and sensitive data storage.
  • Backup: The Systems department is identified as responsible for performing backups, and standards for their execution and management are established.
  • Data Protection and Privacy: Data protection regulations are complied with, and clear responsibilities for the treatment and disclosure of confidential information are established.
  • Physical and Environmental Security: Physical access to facilities is controlled, unauthorized access is prevented, and measures are taken to protect company assets.
  • Operations Security: Standards are established for the responsible use of information, access to operating systems, and prevention of prohibited activities.
  • Communications Security: Efficient use of networks is promoted, access to topics related to work activity is limited, and rules for email use are established.
  • Acquisition, Development, and Maintenance of Systems: Security requirements are considered in all phases of the information systems lifecycle, and test and production environments are separated.
  • Vendor Relationship: Potential security risks from services provided by vendors are evaluated, and appropriate security measures are implemented.
  • Incident Management: A procedure is established to report any security incidents and is recorded through the established system.
  • Business Continuity: Collaboration is provided in resuming critical services in case of severe contingencies to ensure business continuity.