The Management of INBENTA, aware that information and PII (Personal Identifiable Information) is a highly valued asset within the Organization and one which requires adequate protection, has decided to implement an Information Security and Privacy Management System (ISMS/PIMS) in order to protect it from threats and to ensure the continuity of business lines, to minimize damage and to maximize return on investments and business opportunities.
Our Information Security and Privacy Management System scope is “Design, development and commercialization of software for ICT”, according to the requirements of ISO 27001, ISO 27017, ISO 27701 and applicable privacy regulations such as GDPR.
The Management of INBENTA defines information security and privacy information as the preservation of these fundamental characteristics:
- Confidentiality, ensuring that only those who are authorized can access the information.
- Integrity, ensuring that the information is not altered during storage, processing or transit.
- Availability, ensuring that authorized users have access to the information and its associated assets when required.
- Proportionality and lawfulness of PII processing.
The Management of INBENTA establishes the following objectives as a base, starting point and support for the objectives and principles of information security:
- The protection of PII and the privacy of individuals.
- The protection of intellectual and industrial property rights.
- Complying with the applicable legislations and regulations regarding Information security and privacy information.
- The establishment of a system for classifying information and safeguarding the records of the organization.
- The assignment of information security and privacy information responsibilities.
- Training and supporting persons to contribute to the effectiveness of the Information Security and Privacy Management System.
- Ensuring the availability of the resources needed.
- Recording security and privacy incidents and learning from them.
- Managing business continuity.
- The assurance of the confidentiality, integrity and availability of information that supports the service covered by this Management System.
The Management of INBENTA, through the elaboration and implementation of this Information Security and Privacy Management System, adheres to the following commitments:
- Annual objectives are established in relation to Information Security and Privacy Management.
- A process of risk analysis is developed and, depending on the results, the corresponding actions are implemented in order to treat any risks considered to be unacceptable.
- Control objectives are established, as well as their corresponding controls, based on the needs arising from the process of risk management analysis.
- Comply with the business, legal or regulatory requirements as well as contractual security and privacy obligations.
- Awareness and training on information security and privacy is provided to all personnel.
- Promote and support the implementation of the necessary measures to minimize the risks of information exposure while fulfilling the strategic objectives defined each year.
- Management of business continuity and developing continuity plans according to internationally recognized methodologies.
- Act at all times within the strictest professional ethics.
The Management of INBENTA provides direction and support for information security and privacy in accordance with business requirements and relevant laws and regulations.
- As a customer, Inbenta’s main cloud hosting provider has certifications and policies that implement all regulations Inbenta is compliant with.
- Inbenta as a provider, assures data isolation, capacity provisioning, controlled and segregated access to assets, as well as systems/network hardening and segmentation. Related procedures, best practices, guidelines, and quality policies are available to all employees and relevant external parties.
This Policy provides the frame of reference for the continuous improvement of the Information Security and Privacy Management System as well as to establish and review the objectives of security and privacy, communicated to the entire Organization, reviewed annually for its adequacy, and under extraordinary circumstances, when special situations and/or substantial changes occur, being available to the public in general.
Last Revision: October 25, 2022, Rev08
Approved by CEO