Objectives:
- Provide a framework to increase resilience or resilience for an effective response.
- Ensure the rapid and efficient recovery of services, in the face of any physical disaster or contingency that may occur and put the continuity of operations at risk
- To prevent information security incidents to the extent technically and economically feasible, as well as to mitigate information security risks generated by our activities.
- Guarantee the confidentiality, integrity, availability, authenticity and traceability of the Information.
In order to achieve these objectives, it is necessary to:
- To comply with applicable legal requirements and with any other requirements to which we subscribe, in addition to the commitments made to customers, as well as the continuous updating of the same:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
- Organic Law 3/2018, of 5 December, on the Protection of Personal Data and guarantee of digital rights.
- Royal Legislative Decree 1/1996, of 12 April, Law on Intellectual Property
- Royal Decree-Law 2/2018, of 13 April, amending the revised text of the Intellectual Property Law
- Royal Decree 3/2010, of 8 January, on the development of the National Security Scheme modified by Royal Decree 951/2015, of 23 October.
- Identify potential threats as well as the impact on business operations that those threats have.
- Preserve the interests of its key stakeholders (customers, shareholders, employees, and suppliers), reputation, brand, and value-creating activities.
- Evaluate and guarantee the technical competence of the staff, as well as ensure their adequate motivation for their participation in the continuous improvement of our processes, providing training and adequate internal communication so that they develop good practices defined in the system.
- Guarantee a continuous analysis of all relevant processes, establishing the relevant improvements in each case, based on the results obtained and the established objectives.
The defined security roles or functions are:
| Function | Duties and responsibilities |
|---|
| Information Controller | - Make decisions regarding the information processed
|
| Service Manager | - Coordinate the implementation of the system
- Continuously improve the system
|
| Security Officer | - Determining the adequacy of technical measures
- Providing the best technology for service
|
| System Manager | - Coordinate the implementation of the system
- Continuously improve the system
|
| Address | - Provide the necessary resources for the system
- Leading the system
|
The Security Management and Coordination Committee is the body with the greatest responsibility within the information security management system, so all major security-related decisions are agreed upon by this committee. The members of the information security committee are:
- Responsible for the information.
- Responsible for services.
- Responsible for security.
- System Manager.
- Company Management (partners-administrators)
