INFORMATION SECURITY POLICY OF SGSI - HISPASEC SISTEMAS, S.L.

1. INTRODUCTION
Information is an asset that, like other important business assets, is essential to an organization's operations and therefore needs to be adequately protected. This is especially important in the increasingly interconnected business environment. As a result of this growing connectivity, information is now exposed to an increasing number and wider variety of threats and vulnerabilities.
Information can exist in many forms. It can be printed or written on paper, stored electronically, transmitted by mail or using electronic media, displayed in movies, or spoken in a conversation.
Whatever form the information takes or medium by which it is stored or shared, it should always be appropriately protected.
2. OBJECTIVE OF THE INFORMATION SECURITY POLICY OF SGSI
The purpose of the security policy of Hispasec Sistemas, S.L. is to establish the organization's objectives, the framework for planning, operation, and improvement of the SGSI.
3. SCOPE OF THE INFORMATION SECURITY POLICY OF SGSI
This security policy applies to all information systems of Hispasec Sistemas, S.L. and to all employees of the company and third parties affected, without exceptions.
4. DEVELOPMENT OF THE INFORMATION SECURITY POLICY OF SGSI
Hispasec Sistemas, S.L. specializes in providing auditing services, statistical studies, early warning, and anti-fraud services in the area of Information Security.
Our MISSION is to provide companies with the necessary tools to solve their problems related to computer security.
Our VISION is to be a benchmark in security services, providing added value to all our clients by offering the greatest expertise in the sector and having the best professionals in the national and international scene.
On the path set by our mission and vision, we have defined some VALUES to be shared, which always take into account key aspects in the management of information security, that allow us to develop a company culture, a way of working and making decisions at Hispasec Sistemas, S.L..
Our specialization and continuous updating.
Achieving that information security and respect for personal data are a constant:
· Preserving the confidentiality of information and avoiding its disclosure and access by unauthorized persons.
· Maintaining the integrity of information by ensuring its accuracy and avoiding its deterioration.
· Ensuring the availability of information in all media and whenever it is necessary.
The Management of Hispasec Sistemas, S.L. values and establishes the confidentiality of its information and that of its clients as the primary criterion for the estimation of its risks.
Thus, Hispasec Sistemas, S.L. is committed to developing, implementing, maintaining, and continuously improving its Information Security Management System (ISMS) with the aim of continuous improvement in the way we provide our services and the way we handle information from our clients and our organization. Therefore, it is the policy of Hispasec Sistemas, S.L. that:
· Annually, information security objectives are established.
· Comply with business, legal, or regulatory requirements and contractual obligations.
· Carry out training and awareness activities on Information Security processes for all staff.
· Establish the necessary means to ensure business continuity for the company.
· Develop a risk analysis process for information assets.
· Establish control objectives and corresponding controls to mitigate detected risks.
· Establish employee responsibility in relation to:
- Reporting security breaches.
- Preserving the confidentiality, integrity, and availability of information assets in compliance with this policy.
- Complying with policies and procedures inherent to the Information Security Management System.
· The Security Manager is directly responsible for maintaining this policy, providing advice and guidance for its implementation.
5. REFERENCES
· UNE-ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection. Information security management systems. Requirements.
· UNE-EN ISO/IEC 27002:2022. Information security, cybersecurity and privacy protection. Information security control.
This policy has been approved and reviewed by the management of Hispasec Sistemas, S.L. on March 1, 2023.