Information security is the protection of information against a wide range of security threats in order to guarantee business continuity, minimize business risks and maximize the return on investments and business opportunities.
The Management of Cybergenix and it’s parent companies is aware of the importance of identifying and protecting its information assets, avoiding the disclosure, modification and unauthorized destruction of all information related to our customers, employees, knowledge base, manuals, documents, cases, the source codes, strategies, management and other concepts; committing to develop, implement, maintain and continuously improve the Information Security Management System (ISMS).
The Management wants to affirm its support, approval and the assignment of the necessary resources for its execution, urging that it is distributed to all the staff with the associated documentation so that they know and comply with the requirements.
This Security Policy affects the Information Systems managed by Cybergenix and it’s parent companies. That should be carried out on a compulsory basis by all the personnel of the organization. In the same way, it should be applicable to all the collaborating entities that use the information and the systems owned by our work groups
The scope of this Security Policy applies to the development of the platforms within the environment managed by Cybergenix and it does not apply to the developments within the environment managed by our customers.
The main goal of this Security Policy is to establish an action model that allows us to develop a company culture, the process and making decisions in Cybergenix as well as making sure that the information security and confidentiality of the Personal Data is protected and consistent:
- Confidentiality: Make sure that only authorised people can access the information and the systems.
- Integrity: Ensure the accuracy of the information and protection of the systems against any changes, losses or destruction, whether accidental or fraudulent.
- Availability: Ensure that the information and the systems can be used as required and on time.
The above mentioned parameters are essential for compliance with the current legislation relating to the information security and the provision of quality service.
Our company management values the importance of availability and confidentiality of its information as its main criteria for risk estimations and even more for its clients. Thus, it commits to develop, implement, maintain and constantly improve its Information Security Management System (ISMS) with the aim of continuous improvement of the way we provide our services and how we treat the information of our clients. Therefore, the policy of Cybergenix and it’s parent companies is the following:
- To establish the objectives with relation to the Information Security annually.
- To fulfill the legal, contractual and business requirements.
- To carry out the training and the Information Security awareness activities for all the personnel.
- To develop the analysis process, management and risk assessment for the information assets.
- To establish the control objectives and the corresponding controls to mitigate the detected risks.
- To establish employee responsibility in relation to:
- Reporting security violations.
- Preserving the confidentiality, integrity and availability of information assets in compliance with the current policy.
- Complying with the policies and the inherent procedures to the Information Security Management System.
The Security Manager will be directly in charge of the maintenance of this policy, providing his guidance and advice for its implementation and corrections in case of a failure of its compliance.
System Policy Management
The present Information Security Policy will always be aligned with the company General Policy and with the other internal management systems, such as the quality and the environmental policies.
The basis for the deployment of procedures and compliance with the principles of information security resides in the adequate awareness of all the users, both internal and external.
Therefore, the necessary training and awareness actions must be undertaken in order to reduce the IT security risks related to the lack of knowledge or inappropriate use.