Quality Policy

Quality Policy

PURPOSE
Our Quality Policy exists to ensure every service we deliver consistently meets or exceeds client, customer, regulatory, and
contractual requirements. We are committed to embedding quality as a core value across all operations, driving continual
improvement through a robust Quality Management System (QMS).

SCOPE
This Policy applies to all stakeholders who engage with the Arriba group to refer, receive or by any other means, have
engaged us through our operations or services.

INTEGRATED MANAGEMENT APPROACH
We operate an Integrated Management System (IMS) aligned with ISO 9001:2015 and ISO/IEC 27001:2022, anticipating
the 2026 sustainability update and embedding Environmental, Social, and Governance (ESG) principles.

OUR COMMITMENTS

  • Quality Excellence. Maintain a robust Quality Management System (QMS) that promotes continuous quality
    improvement in compliance with ISO 9001.
  • Information Security. Protect confidentiality, integrity, and availability of information assets in compliance with
    ISO/IEC 27001.
  • Sustainability & ESG. Reduce environmental impact, promote social responsibility, and uphold governance
    standards.
  • Customer Focus. Delivery of services that meet contractual, regulatory, and ethical standards, ensuring high
    customer satisfaction.
  • Regulatory & Legal Compliance. Comply with all applicable legislation, regulations, standards and contractual
    obligations relevant to the services we deliver
  • Risk-Based Thinking. Identify and manage risks and opportunities across the business including health and safety
    risks, cybersecurity risks and compliance risks.
  • Client and Customer Feedback. Actively seek, analyse, and use client and customer feedback, complaints, and
    insights to drive service improvement and enhance outcomes.
  • Continuous Improvement. Use data-driven insights, audits, and feedback loops to enhance processes and
    outcomes.
  • Internal Audit. Apply an agile, risk-based internal audit program that anticipates emerging issues, strengthens
    governance, and provides independent assurance of compliance, performance, and continuous improvement

STRATEGIC OBJECTIVES

  • Achieve measurable improvements in service quality, security compliance, and sustainability performance.
  • Reduce carbon footprint and improve resource efficiency.
  • Strengthen governance and transparency across all business units.
  • Enhance stakeholder engagement and satisfaction through proactive communication and innovation.

ROLES & RESPONSIBILITIES

  • Board & CEO. Provide leadership, approve the policy, and ensure resources and oversight for the IMS, QMS,
    and ISMS.
  • Executive Risk Committee. Monitor enterprise risk and governance; review performance, audit outcomes, and
    continuous improvement plans.
  • Quality & Compliance Business Partner. Custodian of the QMS; maintain policy, quality manual and
    documented information; coordinate audits, corrective actions, and CQI within Momentum QMS.
  • Information Security Lead (Head of IT or delegate). Custodian of the ISMS; ensure controls, incident
    management, supplier security, and awareness aligned to ISO/IEC 27001.
  • Business Unit Leaders. Embed customer focus, risk-based thinking, and continual improvement within their
    operations; ensure compliance with contractual and regulatory obligations.
  • All Employees & Contractors. Apply QMS and ISMS requirements; report incidents and improvement
    opportunities; participate in training and feedback loops.

COMPLIANCE STATEMENT


This policy satisfies ISO 9001:2015 requirements for a quality policy (Clause 5.2), including alignment with the organisation’s
purpose and strategic direction, a framework for setting quality objectives, commitments to satisfy applicable requirements,
and continual improvement. It also supports Clause 6.2 by establishing measurable, aligned quality objectives and planning
to achieve them across relevant functions and levels.
This policy satisfies ISO/IEC 27001:2022 requirements for an information security policy (Clause 5.2), including alignment
to organisational purpose, a framework for setting information security objectives, commitment to satisfy applicable
requirements, and continual improvement of the ISMS. It references Annex A controls by committing risk-based selection
and implementation to protect confidentiality, integrity, and availability.

GOVERNANCE, COMMUNICATION & REVIEW

  • Documented Information. Policy and related procedures are version-controlled within ArribaQA and distributed via
    MiCasa intranet as required.
  • Communication. The policy is communicated and made available to employees and relevant interested parties;
    understanding is verified through induction and periodic training.

GOVERNANCE, COMMUNICATION & REVIEW

  • Documented Information. Policy and related procedures are version-controlled within ArribaQA and distributed via
    MiCasa intranet as required.
  • Communication. The policy is communicated and made available to employees and relevant interested parties;
    understanding is verified through induction and periodic training
  • Internal Audit & Management Review. Performance, risks, opportunities, and objectives are reviewed at planned
    intervals to ensure ongoing suitability, adequacy, and effectiveness.
  • Continuous Improvement. Corrective actions and improvement initiatives are tracked through Momentum QMS
    CQI workflows.

APPROVAL
Approved by:
Marcella Romero
Group CEO
Signature: Marcella Romero
Date: 13 April 202