Espiral MS considers that information is one of the relevant assets to offer products and services to our customers and, therefore, requires adequate protection. Therefore, Espiral MS includes Information Security Management within its Management System as a mechanism to establish clear guidelines and security measures to:
- guarantee the confidentiality, integrity and availability of information,
- ensure compliance with the security requirements established by the organization itself and those agreed with its customers,
- guarantee compliance with applicable legislation, regulations and standards,
- guarantee the continuity of the organization and its business operations.
The infrastructure that supports the services, as well as the information and applications that manage the services provided by Espiral MS are within the scope of the Information Security Management System, which is integrated into the Management System, so the policies, objectives and procedures established therein are applicable.
The application used for asset management and risk analysis makes it possible to evaluate risk by service. For this purpose, the services included in the Management System have been defined and the information assets involved in each of them have been identified.
The internal support staff of Espiral MS is responsible for establishing and maintaining the necessary security measures for the correct provision of services. Any security incident in the systems that support the service must be reported and recorded.
The objective of this Information Security Policy is to establish clear guidelines and security measures to protect the organization's confidential information, guarantee the availability and reliability of the information systems, and comply with the applicable security regulations and standards.
The Security Policy is mandatory for all personnel. It is also applicable to the entire scope established in the Framework indicated below.
The Security Committee will promote the implementation of all organizational, procedural, physical and logical controls necessary to adequately protect the information assets of Espiral MS, as indicated in this policy or other elements of the regulatory body (derived policies, procedures, baselines, technical instructions, etc.), and channeling them to the different areas and business processes.
In Espiral MS the importance of Information Security is manifested in a more concrete way in:
- Commitment to confidentiality: The company is committed to protecting the confidentiality of information, ensuring that only authorized persons have access to it. Access to systems and data should be restricted and granted only to authorized users based on their role and need-to-know. And timely authentication controls should be implemented.
- Commitment to information integrity: The company is committed to ensuring the integrity of the information, avoiding any unauthorized modification or alteration.
- Commitment to information availability: The company is committed to ensuring the continuous availability of information for authorized users. This implies the implementation of protection measures against interruptions and failures, applying the appropriate business continuity plans.
- Commitment to adequate response to security incidents: the company has established an incident management process that includes notification, investigation, response and recovery from security incidents. The organization will seek to implement any improvements that can help prevent similar incidents in the future.
- Commitment to risk management: The company is committed to identifying, assessing and managing information security risks.
- Commitment to privacy protection: The company is committed to protecting the privacy of individuals' personal information by complying with applicable data protection laws and regulations and obtaining appropriate consent where necessary.
- Commitment to education and awareness: The company is committed to information security awareness and training for all employees, as well as the promotion of good practices in the use of technology resources.
- Commitment to monitoring and compliance: The company undertakes to conduct periodic internal and external audits to ensure compliance with security policies and standards. In addition, it is committed to taking timely action when security violations are identified.
- Commitment to continuous improvement: The company is committed to continuously review and improve information security controls, considering technological advances, new threats and lessons learned from previous incidents.
- Commitment to external collaboration: The company is committed to collaborating with external bodies and entities, such as government agencies and threat intelligence sharing organizations, to share relevant information and collaborate in the fight against cybercrime.
If you would like to learn more about our entire Security Policy, click here.