On June 13th and 14th CIDAUT will be present at meetechSpain 2024.

meetechSpain is a disruptive event, referent in the Spanish innovative ecosystem, focusing this year on safe, smart, and sustainable mobility.

It is a unique place for meeting, connecting, and cooperating among Technology Centers, Research Organizations, and Companies, all united by the main and common element: the technology.

meetechSpain takes place around a Showroom (a showcase of the technological and innovative capabilities of the participating entities and a space for networking) and an innovative scenario. The event organization proposes a Challenge (this year baser on safe, smart, and sustainable mobility) to the attending researchers and technologists in order they can develop innovative solutions to this real need or problem.

The event has an innovative format that promotes connection among attendees and offers interesting content in pitch formats and roundtable discussions with numerous high-level experts.

More info: https://www.meetechspain.com/

Supplier policy

Guidelines for the evaluation, selection, performance monitoring and re-evaluation of external suppliers of the CIDAUT Foundation

1. Objeto

This document is established to inform CIDAUT Foundation suppliers of the general guidelines followed for the evaluation, selection, performance monitoring and re-evaluation of external suppliers.

2 Area of ​​application

In accordance with the requirements of ISO 9001:2015, this document applies to external suppliers of the CIDAUT Foundation that supply products and services that may adversely affect the ability to deliver the results of the projects, technological services and tests that develops the CIDAUT Foundation. Below is a non-exhaustive list of processes, products and services to which these guidelines would apply:

Services and/or processes of:

  • tests, proficiency tests, calibrations or sampling
  • design
  • manufacturing of parts, molds, tools, electrical and/or electronic components, elements or assemblies necessary for the manufacture of prototypes, machines or any element that will be delivered to the client or on which tests or tests will be carried out that will constitute the results to deliver to the customer
  • analysis, evaluation, audit or technical advice whose conclusions and/or results will be integrated into the results to be delivered to the client
  • development of specific facilities for the development of projects, technological services or trials
  • key support services that can affect the outcome of projects, technological services or tests: maintenance of facilities and equipment, software administration and maintenance, etc.


  • standards and auxiliary equipment for calibration/verification of measurement and monitoring equipment
  • reference elements and materials
  • measurement and monitoring equipment
  • raw materials that must meet specific requirements of the Project, Technological Service or Test
  • materials, reagents, additives, etc. necessary for the development of a new material that will be the result of the technological project or service or on which the tests or tests that will constitute the outputs/results of the technological project or service will be carried out.
  • consumables that must meet specific requirements for the correct operation of key equipment / installation for the development of the project, technological service or test
  • key equipment and facilities for the development of the project, technological service or test
  • software that can determine the results of the project, technological service or test (CAD/CAE/CAM)

3. Development
3.1. Evaluation and selection of suppliers
The Foundation Purchasing Manager establishes the criteria based on which the evaluation and selection is carried out in order to guarantee that the selected supplier supplies the products and services in accordance with the necessary requirements. The selection criteria are a combination of the following depending on the type of product/service:

  • Ability to meet legal requirements and customer requirements
  • Adaptation to the specific need: For complex products/services, the proposal of the supplier that best meets the need
  • Technical Capacity: The supplier has the appropriate material and human resources
  • ENAC accreditations: The supplier is accredited by ENAC for the development of calibrations, tests, etc.
  • Certifications: The supplier has a current ISO 9001 certification and within its scope are the products and/or services that are the object of the need.
  • Provider recommended or established by the Client
  • Previous experience: Provider in other departments or projects
  • Market recognition
  • References from clients, competitors, etc.
  • Risk and guarantees: Level of risk assumed by the supplier and/or guarantees offered
  • Financial Capacity: For large purchases
  • Supply Capacity
  • Flexibility towards changes
  • Accessibility
  • Ability to meet deadlines
  • Price
  • Payment method
In addition to the established criteria, whenever possible, for purchases exceeding the amount of 3.000? The selection of the supplier will be carried out by requesting offers from at least 3 suppliers.

3.2. Monitoring performance and reevaluation of suppliers.
To ensure that controlled external suppliers continue to supply in accordance with established requirements, suppliers are subject to periodic monitoring and control. Depending on the type of provider, it is established:

Supplier type Tracking Re-evaluation
Regular: regular suppliers X X
About project: specific suppliers for a given project X Does not apply
Occasional: single purchase suppliers Does not apply Does not apply

Monitoring of external suppliers is carried out continuously:

  • Checking the maintenance of the ISO 9001 certification or ENAC accreditation that served as the basis for the approval. In case of loss, approval could be withdrawn.
  • Checking compliance with commercial agreements
  • Review of the quality of purchases made.
  • Anomalies attributable to the supplier are tracked. When an incident gives rise to a customer claim or significantly affects the outputs or results of the project, technological service or test, a Non-conformity is opened. When the supplier's response is not adequate or when the severity of the anomaly causes the CIDAUT Foundation to lose confidence in the supplier, the approval is withdrawn.
Continuous monitoring also takes into account response times and price developments. When necessary, the Purchasing Manager may define other monitoring activities. Some possible follow-ups are:
  • Audits
  • Service quality reviews
  • Visits to the supplier
  • Product inspections
  • Monitoring of indicators
  • Meetings with service users

Regular suppliers are periodically re-evaluated. For this, it is reviewed:

  • the criteria by which they were initially approved
  • the maintenance of ISO 9001 certification or ENAC accreditation if they were determining elements in the approval of the supplier
  • compliance with trade agreements
  • the history of incidents and follow-ups carried out
  • the level of service of the provider taking into account in particular unanswered requests, response times and accessibility
  • price variations and its comparison with other competitors

Guarantee of impartiality

Impartiality and independence are basic principles of the CIDAUT Foundation's activity. CIDAUT Foundation acts impartially and independently of all types of pressures, whether commercial or otherwise, in its activities and services provided to clients, institutions and organizations.

CIDAUT Foundation continuously evaluates each possible conflict/risk that may affect the independence and impartiality of its activities, carrying out the pertinent consultations and inquiries to ensure that it does not incur any incompatibility and loss of independence in the aforementioned terms. Limiting activity and/or implementing relevant actions in case of doubt or conflict.

Personal Data Protection Policy

The personal data to be protected includes all those that are processed by us (whether data of clients, potential clients, suppliers, workers, contacts, external collaborators, etc.).

Therefore, both FUNDACION CIDAUT, and all its staff, whether internal or external, who are involved in some way in the processing of personal data, must:

  • Maintain secrecy and confidentiality of the information processed.
  • Protect the personal data you are processing and safeguard it so that unauthorized personnel do not have access to it.
  • Comply with data protection principles (legality, loyalty and transparency, limitation of purpose, data minimization, accuracy, limitation of retention period, integrity and confidentiality and proactive responsibility).
  • Guarantee that interested parties can exercise their rights (information, access, rectification, deletion, limitation of processing, data portability, opposition and automated individual decisions).
  • Comply with, and where appropriate, enforce, the controls and security measures that FUNDACION CIDAUT has implemented to protect the security of personal data, preventing the confidentiality, integrity or availability of said data from being compromised.
  • Immediately communicate, according to the procedures enabled for this purpose, any incidents that may affect the security of personal data and that may compromise its confidentiality, integrity or availability, as well as non-compliance with the requirements established by the personal data protection regulations.
  • Comply with all legal requirements and obligations imposed by personal data protection regulations.

Information Security Policy

CIDAUT FOUNDATION (hereinafter, CIDAUT) is an entity dedicated to research and development in Transportation and Energy, with the objective of enhancing competitiveness and industrial development in companies in the transportation, energy and industry sectors in general. .

Aware of the importance that information security has for the development of its business, it has decided to implement a management system and subscribes to this policy.

CIDAUT establishes, defines and reviews objectives within its Information Security Management System (ISMS) aimed at improving its security, understanding it as the preservation of the confidentiality, availability and integrity of its information, as well as the systems that support it. support, increasing the confidence of our customers and other interested parties; along with compliance with all applicable legal, regulatory and contractual requirements.

The design, implementation and maintenance of the ISMS will be supported by the results of a continuous risk analysis and management process from which the actions to be carried out in terms of security within the scope of its system are derived, which is:

"Information systems that support the processes linked to the implementation of research, development and technological innovation projects, technological services and tests in the areas of: product design, energy and environment, materials, transformation processes, safety in vehicles, road safety, mobility, acoustics and vibrations and information technologies and industry 4.0 that are of interest to the industry in general and especially to the transport and energy sectors."

The CIDAUT Management will establish the risk evaluation criteria so that all scenarios that imply an unacceptable level of risk are treated appropriately.

As part of the ISMS, Management will develop, implement and keep updated a Business Continuity Plan according to the needs of the company and dimensioned to the risks that affect it.

The CIDAUT Management is committed to the implementation, maintenance and improvement of the ISMS, providing it with those means and resources that are necessary and urging all staff to assume this commitment. To this end, CIDAUT will implement the measures required for the training and awareness of personnel with information security. In turn, when workers fail to comply with safety policies, Management reserves the right to apply disciplinary measures in accordance with the application agreement and within the applicable legal framework, and according to the impact this has on the organization.

Everything defined in this policy will be specified and developed in regulations and procedures of the ISMS, which will be integrated to the extent possible with other management systems of the organization, sharing those resources in favor of optimization and seeking continuous improvement of the efficiency and effectiveness of process management.

Every user will have the obligation to report security incidents using the guidelines established by CIDAUT.

This policy will apply to all personnel and resources that are within the scope of the ISMS, it is brought to their attention and is communicated to all interested parties.