INFORMATION SECURITY POLICY

Commitment: EDISA’s management, aware of the critical importance of the information it handles both from the company itself and from its customers through its cloud systems, is committed to establishing a robust framework for information security management, in order to protect the confidentiality, integrity and availability of data. To this end, the following commitments and guidelines are set out:

Regulatory Compliance: The organisation is committed to comply with all applicable information security legislation, as well as to follow the criteria and guidelines set out in ISO 27001. This includes conducting internal audits and periodic reviews to ensure that the policies and procedures implemented are adequate and effective.

Risk Management: A proactive approach will be established to maintain a low level of risk that is in line with industry requirements. This involves identifying, assessing and addressing information security risks and implementing appropriate controls to mitigate them.

Human and Technological Resources: The company will allocate the necessary human and technological resources, including software and other security devices, to ensure compliance with information security objectives. Regular training will be conducted and tools will be provided to facilitate secure information management.

Staff Involvement: Management shall encourage the active involvement of all staff in the information resources management process. Awareness and training programmes will be established to ensure that all employees understand their role and responsibility in information protection, as well as the company’s security policies.

Continuous Improvement: Continuous improvement actions shall be implemented as deemed appropriate to progressively reduce risk. This will include periodic review of security policies, evaluation of the effectiveness of implemented controls and adaptation to new threats and vulnerabilities that may arise.

Gestión de Incidentes: En caso de que ocurra un incidente de seguridad, se activarán inmediatamente todos los procedimientos necesarios para gestionar el incidente de manera eficiente. Esto incluye la contención, investigación y remediación del incidente, así como la implementación de medidas correctivas que eviten su recurrencia en el futuro. Se llevarán a cabo lecciones aprendidas para fortalecer el marco de seguridad y minimizar la probabilidad de futuros incidentes.

Timeliness: This policy will be reviewed at least annually or when significant changes occur in the organisation or in the regulatory environment. The review will ensure that the policy remains relevant and effective in protecting the organisation’s information.

Through these commitments, EDISA. strives to create a secure and resilient environment that protects the critical information of the company and its customers, ensuring the trust and satisfaction of all stakeholders.

Start typing and press Enter to search