Vigo, 06 November 2024
Asenjo-Montenegro Vigo Soluciones SL sets out the Information Security Policy (hereinafter ISMS) to which the organization is committed, within the framework of the ISO 27001 Standard, with the aim of guaranteeing that all information technology assets and resources are used and managed in such a way as to protect their confidentiality, integrity and availability, ensuring business continuity, minimizing damage and maximizing the return on investment and business opportunities and continuous improvement.
With the implementation of ISMS the management is committed to:
- Develop solutions and services in compliance with legislative requirements, identifying the legislation applicable to the lines of business developed by the organization and included in the scope of the ISMS.
- Establish and meet contractual requirements with stakeholders.
- Provide information security training and awareness programs for all employees and other stakeholders.
- Prevent and detect any cyber-attacks by developing specific policies and establishing contractual arrangements with specialized organizations.
- Conduct information security risk assessments to identify and implement controls to mitigate the impact of identified risks.
- Develop and maintain business continuity and disaster recovery plans.
- Establish consequences for breaches of security policy, which will be reflected in contracts signed with stakeholders, suppliers and subcontractors.
- Promote a culture of continuous improvement in information security management and implement improvements based on incident analysis, audits and periodic reviews.
- Act at all times within the strictest professional ethics.
- Ensure that access to and use of information systems is secure and in accordance with established policies.
- Maintain the reputation of the brand with respect to data security.
- Properly manage the information lifecycle, avoiding misuse.
- Workers shall be involved in the management of service-related incidents and information security management in order to restore normal service levels as quickly as possible and to minimize the adverse impact of such incidents on the organization.
- Ensure the protection of intellectual property rights.
- Periodically establish a set of objectives and indicators, which allow management to adequately monitor the service levels offered and management activities.
- Senior management is committed to providing the necessary resources to maintain and improve the Information Security Management System (ISMS).
This policy is a fundamental part of the Entity’s Integrated Planning and Management System (SIPG) and is permanently communicated to all interested parties in its current version.
Alberto Montenegro Correa
CEO AMV Soluciones S.L.