SECURITY POLICY:
Last update: 14-09-2023
Information corresponds to an asset, which is exposed to risks and threats that may come from within or outside the organization, and may be intentional or accidental. Its occurrence may cause material and/or economic losses, damage to the institutional image and customer trust, legal violations, regulatory non-compliance, violation of the rights of customers, employees, collaborators or third parties. In light of this reality, it is important to adequately protect the organization’s information assets.
The Security Policy’s mission is to establish global security guidelines for the organization, as well as protect information assets.
These guidelines include the adoption of a series of organizational measures and standards that are presented in this document and developed in its associated documents and whose purpose is to protect the information resources of ALDIA CONSULTECH S.L. the information systems used for processing, against threats, internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity, availability and legality of the information.
In view of the above, the Board of Directors of ALDIA CONSULTECH S.L. supports the strategic objectives of Information Security and ensures that they are aligned with business strategies and objectives.
This Policy is based on good practice recommendations to guarantee Security in Information Systems Management (International Standards ISO 27001 and ISO 27002) as well as current applicable legislation.
GOALS
The Information Security Policy aims to:
- Minimize the risk in the most important functions of ALDIA CONSULTECH S.L..
- Comply with information security principles.
- Maintain the trust of your customers, employees and other interested parties.
- Implement the information security management system.
- Protect technological assets.
- Establish policies, procedures and instructions regarding information security.
- Strengthen the information security culture of employees and suppliers of ALDIA CONSULTECH S.L.
- Guarantee the continuity of services in the event of incidents.
INFORMATION SECURITY POLICY
Below are the security policies that support the Information Security Management System (ISMS) that ALDIA CONSULTECH S.L. has decided to define, implement, operate, and continuously improve.
- ALDIA CONSULTECH S.L. will protect against risk the information generated, processed, or stored by the different processes, its technological infrastructure, and assets generated from the access granted to third parties (e.g., suppliers), or as a result of an internal or external service.
- ALDIA CONSULTECH S.L. will protect the confidentiality, integrity, availability, and legality of the information generated, processed, or stored by the different processes, in order to minimize financial, operational, or legal impacts due to its incorrect use. To this end, it is essential to apply controls according to the classification of the information owned or held in custody.
- ALDIA CONSULTECH S.L. will protect its information against threats originating internally or externally to the organization.
- ALDIA CONSULTECH S.L. will protect the processing facilities and technological infrastructure that support its critical processes. ALDIA CONSULTECH S.L. controls the operation of its processes by ensuring the security of technological resources and data networks.
- ALDIA CONSULTECH S.L. will ensure that security is an integral part of the information systems lifecycle through proper management of risks and weaknesses associated with information systems.
- ALDIA CONSULTECH S.L. will ensure the availability of its processes and the continuity of its services based on the impact that adverse events may generate.
- ALDIA CONSULTECH S.L. will ensure compliance with established legal, regulatory, and contractual obligations.
- Responsibilities regarding information security will be defined, shared, published, and accepted by all interested parties.
MAINTENANCE, APPROVAL AND REVIEW OF THE POLICY
The Information Security Manager is responsible for establishing and maintaining the Security Policies, Manuals and Procedures of ALDIA CONSULTECH S.L..
The General Management of the Company is responsible for approving and publishing the Policy, distributing it to all employees and affected third parties, as well as reviewing and evaluating the ISMS Security Policy.
Any change or evolution that affects or could affect the content of the ISMS Security Policy document will be recorded in a new signature of the approval document. In this way, the commitment of these entities to information security is specified and confirmed.
Periodically, and in any case not exceeding a period of one year, the validity and reasonableness of this policy will be reviewed and the required improvements, adaptations or modifications will be carried out based on the applicable organizational, technical or regulatory changes.
DISTRIBUTION OF POLITICS
The ISMS Security Policy document will be accessible to all internal staff, it will be delivered upon the incorporation of a new employee and every 12 months it will be distributed by email to all internal and external employees subcontracted by ALDIA CONSULTECH S.L. that manage data and resources belonging to it for knowledge and awareness of the established security regulations.
Likewise, commitment will be obtained from the reading and acceptance of this by all employees.
The policy will be included in the document “41-MA-01 – Employee Safety Manual”
Any substantial change to the document will be distributed to all users through a formal notification, sent by email or by internal communication in media accessible to them through a communication model enabled for this purpose.
SANCTIONS
Any premeditated or negligent violation of security policies and standards that entails potential damage, whether consummated or not, to ALDIA CONSULTECH S.L., will be sanctioned in accordance with the mechanisms enabled in the Company’s agreement and in legal, contractual and corporate regulations. current.
All actions in which the security of ALDIA CONSULTECH S.L. is compromised. and that are not provided for in this policy, must be reviewed by the General Management and the Head of Security to issue a resolution subject to the criteria of the company and the anticipated legislation.
Disciplinary actions in response to non-compliance with the Security Policy are the responsibility of the Department Heads in conjunction with the Administration and General Management.