Quality Policy

PURPOSE

Our Quality Policy exists to ensure every service we deliver consistently meets or exceeds client, customer, regulatory, and contractual requirements. We are committed to embedding quality as a core value across all operations, driving continual improvement through a robust Quality Management System (QMS).

SCOPE

This Policy applies to all stakeholders who engage with the Arriba group to refer, receive or by any other means, have engaged us through our operations or services.

INTEGRATED MANAGEMENT APPROACH

We operate an Integrated Management System (IMS) aligned with ISO 9001:2015 and ISO/IEC 27001:2022, anticipating the 2026 sustainability update and embedding Environmental, Social, and Governance (ESG) principles.

OUR COMMITMENTS

• Quality Excellence. Maintain a robust Quality Management System (QMS) that promotes continuous quality improvement in compliance with ISO 9001.
• Information Security. Protect confidentiality, integrity, and availability of information assets in compliance with ISO/IEC 27001.
• Sustainability & ESG. Reduce environmental impact, promote social responsibility, and uphold governance standards.
• Customer Focus. Delivery of services that meet contractual, regulatory, and ethical standards, ensuring high customer satisfaction.
• Regulatory & Legal Compliance. Comply with all applicable legislation, regulations, standards and contractual obligations relevant to the services we deliver
• Risk-Based Thinking. Identify and manage risks and opportunities across the business including health and safety risks, cybersecurity risks and compliance risks.
• Client and Customer Feedback. Actively seek, analyse, and use client and customer feedback, complaints, and insights to drive service improvement and enhance outcomes.
• Continuous Improvement. Use data-driven insights, audits, and feedback loops to enhance processes and outcomes.
• Internal Audit. Apply an agile, risk-based internal audit program that anticipates emerging issues, strengthens governance, and provides independent assurance of compliance, performance, and continuous improvement

STRATEGIC OBJECTIVES

• Achieve measurable improvements in service quality, security compliance, and sustainability performance.
• Reduce carbon footprint and improve resource efficiency.
• Strengthen governance and transparency across all business units.
• Enhance stakeholder engagement and satisfaction through proactive communication and innovation.

ROLES & RESPONSIBILITIES

• Board & CEO. Provide leadership, approve the policy, and ensure resources and oversight for the IMS, QMS, and ISMS.
• Executive Risk Committee. Monitor enterprise risk and governance; review performance, audit outcomes, and continuous improvement plans.
• Quality & Compliance Business Partner. Custodian of the QMS; maintain policy, quality manual and documented information; coordinate audits, corrective actions, and CQI within Momentum QMS.
• Information Security Lead (Head of IT or delegate). Custodian of the ISMS; ensure controls, incident management, supplier security, and awareness aligned to ISO/IEC 27001.
• Business Unit Leaders. Embed customer focus, risk-based thinking, and continual improvement within their operations; ensure compliance with contractual and regulatory obligations.
• All Employees & Contractors. Apply QMS and ISMS requirements; report incidents and improvement opportunities; participate in training and feedback loops.

COMPLIANCE STATEMENT

This policy satisfies ISO 9001:2015 requirements for a quality policy (Clause 5.2), including alignment with the organisation’s purpose and strategic direction, a framework for setting quality objectives, commitments to satisfy applicable requirements, and continual improvement. It also supports Clause 6.2 by establishing measurable, aligned quality objectives and planning to achieve them across relevant functions and levels. This policy satisfies ISO/IEC 27001:2022 requirements for an information security policy (Clause 5.2), including alignment to organisational purpose, a framework for setting information security objectives, commitment to satisfy applicable requirements, and continual improvement of the ISMS. It references Annex A controls by committing risk-based selection and implementation to protect confidentiality, integrity, and availability.

GOVERNANCE, COMMUNICATION & REVIEW

• Documented Information. Policy and related procedures are version-controlled within ArribaQA and distributed via MiCasa intranet as required.
• Communication. The policy is communicated and made available to employees and relevant interested parties; understanding is verified through induction and periodic training
• Internal Audit & Management Review. Performance, risks, opportunities, and objectives are reviewed at planned intervals to ensure ongoing suitability, adequacy, and effectiveness.
• Continuous Improvement. Corrective actions and improvement initiatives are tracked through Momentum QMS CQI workflows.

APPROVAL

Approved by:

Marcella Romero

Group CEO

Signature: Marcella Romero

Date: 13 April 202