Information Security Policy
The objective of the managed services and the CLOC is to maintain the operation and support the technological architecture in the cloud of the services that customers put in charge of ITERA, so that all the resources available to deliver these services must be aligned with the protection of information assets as part of a comprehensive strategy aimed at the continuity of service delivery, risk management, compliance with national and international regulations and the consolidation of an information security philosophy in the delivery of services.
Information is an asset that the company considers essential for service delivery activities and must be protected in accordance with the principles of confidentiality, integrity and availability.
Through this Policy, the company’s information security objectives are disseminated, which are achieved through the application of security controls, to manage an acceptable level of risk.
All personnel assigned to the operation of managed services and the Cloud Operations Center (CLOC), vendors, customers, personnel assigned to the operational support areas, suppliers and agents external parties that have access, contact or carry out treatment on the information, information systems, documents, resources and services in the cloud, must adopt the guidelines contained in this document and the related documents in order to preserve the security of the information of Mandatory form and as part of their functions that contribute to the delivery of managed services and the CLOC.
The modification or additions of the Information Security Policy will be proposed by the personnel assigned to the delivery functions of managed services in the cloud and the CLOC service desk and the representatives of the management, through a formal document presented to the Information Security Committee, which will be responsible for verifying and approving them. In turn, the Committee will have the obligation to review the Information Security Policy at least once a year or whenever the conditions of service delivery are modified.
The Information Security Policy for the delivery of managed services and the CLOC service desk is supported by specific policies, rules and procedures, which will guide the proper handling of information in the delivery of services, additionally policies will be established information security specifications aligned with the control objectives of ISO 27001: 2013
Cases that have not been considered as part of this policy and that put the operation, resources and / or reputation of the delivery of services at risk, should be treated as special cases and reviewed through extraordinary review meetings. to verify its applicability and control guidelines.
Failure to comply with the provisions established in the Information Security Policy will result in the application of various sanctions, according to the magnitude and characteristic of the non-compliance aspect.