Information security policy

IDEATI Policies

Information security policy

The organization’s management recognizes the importance of identifying and protecting the organization’s information assets. To this end, it will prevent the destruction, disclosure, modification and unauthorized use of any information, committing itself to develop, implement, maintain and continuously improve an Information Security Management System.

The organization’s Management declares compliance with the regulations and legislation in force in relation to aspects of information security.

Information Security is characterized as the preservation of:

  1. its confidentiality, ensuring that only those authorized can access the information;
  2. its integrity, ensuring that the information and its processing methods are accurate and complete;
  3. its availability, ensuring that authorized users have access to the information when required.

Information security is achieved by implementing an appropriate set of controls, such as policies, procedures, organizational structures, software and infrastructure. These controls shall be established to ensure the security objectives of the organization.

The organization shall appoint an Information Security Committee, which shall be responsible for the guidance, implementation and maintenance of the Information Security Management System.

This Information Security Policy must be known and complied with by all personnel of the organization, regardless of their position and contractual status.

It is the policy of the organization:

  • Establish annual objectives in relation to Information Security.
  • Develop a process of evaluation and treatment of security risks, and according to its result implement the corresponding corrective and preventive actions, as well as elaborate and update the action plan.
  • Classify and protect information in accordance with current regulations and assessment criteria in relation to the importance it has for the organization.
  • Comply with service, legal or regulatory requirements and contractual security obligations.
  • Provide information security awareness and training to all personnel.
  • Establish that all personnel are responsible for recording and reporting confirmed or suspected security breaches in accordance with the relevant procedures.
  • Establish the necessary means to ensure the continuity of the organization’s operations.
  • Ensure that all IDEATI employees, as well as relevant external stakeholders, are familiar with this Policy.