Capgemini Portugal EDMS policy

Capgemini Portugal ER&D’s commitment to engagement delivery:

1. This policy is aligned with the remaining policies that exist at both Capgemini Portugal and Capgemini Group that are applicable to the entire organization.
2. Provide an adequate quality management for engagements (projects and services) at Capgemini Portugal ER&D.
3. Assure the compliance of current legislation, regulatory authorities and regulations, information security, computing, security of buildings and facilities, ethical behavior of employees and third parties involved in the use of information contained in ER&D QMS (Quality Management System). 4. The Bid, Delivery & Risk (BDR) contributes to the organizational objectives, in particular those regarding financial targets, through the implementation and delivery of engagements that fulfil the agreed contractual parameters. Also, contribute in the simplification and optimization of processes and resources by supporting the ER&D QMS continuous improvement.
5. The BDR follows the ER&D QMS processes that comply with the ISO 9001, ISO14001, ISO 27001, NP4457, ISO 20000 and ISO 13485 standards, the ASPICE model, TISAX Maturity Level 3 with Very High Protection and the CMMI-DEV Maturity Level 3 and Level 5 model, which allow for corresponding certifications and maturity ratings.
6. The engagements developed in the scope of the BDR focus on the rigorous application of project management practices (based on PMBoK) and service management practices (based on ITIL), as a way to deliver quality products, solutions and services to clients in the agreed contractual terms.
7. All engagements must have budgeting and accounting for all their components. Distribute indirect costs and allocating direct costs to engagements, to provide an overall cost for each project and service. Ensure effective financial control and approval.
8. Increase the efficiency of the delivery and support processes, analyzing lessons learnt and improvement suggestions, always with focus on the engagements’ delivery continuous improvement.
9. Assure the compliance of the service level agreements and other contractual obligations between Capgemini Portugal ER&D and its clients and suppliers as well as management of possible incidents and problems.
10. Ensure the establishment of a release policy stating the frequency and type of releases, in agreement with the clients.
11. Ensure the provision of resources.
12. The human resources team that participates in BDR engagements has both the adequate skills and training which enable them to perform their designated and accepted roles and tasks.
13. Ensure the capacity to respond to emergency situations, establishing business continuity plans that should be periodically reviewed, updated and validated.
For risk management the policy is:
14. Define a risk and opportunity management system, compliant with the requirements and best practices provided by the standards and models stated above, that can detect, analyze, report, act and correct potential threats, exploit opportunities or gaps on Capgemini Portugal ER&D’s engagements, including information security and/or shortcomings in the defined service level agreements.
15. Define a dedicated risk management strategy for Medical Device products based on ISO 14971 requirements.
16. Reduction of the risks associated with service delivery continuity, protecting the infrastructure that supports the services and the information managed by them against any undue, accidental or deliberate of internal or external origin, preventing possible security incidents and reducing their potential impact.

For change management the policy is:
17. Ensure the fulfilment of the requirements for design and transition of new or changed services. 18. Ensure that all the CIs (Configuration Items) are under the control of change management, and all changes are analyzed according to the defined criteria to determine changes with the potential to have a major impact on services or the client.