The Management of INBENTA, aware that information and PII (Personal Identifiable Information) is a highly valued asset within the Organization and one which requires adequate protection, has decided to implement an Information Security and Privacy Information Management System (ISMS/PIMS) in order to protect it from threats and to ensure the continuity of business lines, to minimize damage and to maximize return on investments and business opportunities.
Our Information Security and Privacy Management System scope is “Design, development and commercialization of software for ICT”, according to the requirements of ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27701 and GDPR.
The Management of INBENTA defines information security and privacy as the preservation of these fundamental characteristics:
- Confidentiality, ensuring that only those who are authorized can access the information.
- Integrity, ensuring that the information is not altered during storage, treatment or transit.
- Availability, ensuring that authorized users have access to the information and their associated assets when required.
- Proportionality and lawfulness of PII processing.
The Management of INBENTA establishes the following objectives as a base, starting point and support for the objectives and principles of information security:
- The protection of PII and the privacy of individuals.
- The protection of intellectual and industrial property rights.
- The establishment of a system for classifying information and safeguarding the records of the organization.
- Assignment of security and privacy information responsibilities.
- Training in and capability for information security and privacy.
- Recording security and privacy incidents and learning from them.
- Managing business continuity.
- Compliance with legislation and other regulations regarding information security and privacy.
- The assurance of the confidentiality, integrity and availability of information that supports the service objectives of this system.
The Management of INBENTA, through the elaboration and implementation of this Information Security and Privacy Information Management System, adheres to the following commitments:
- Annual objectives are established in relation to Information Security and Privacy Information Management.
- A process of risk analysis is developed and, depending on results, the corresponding actions are implemented in order to treat any risks considered to be unacceptable.
- Control objectives are established, as well as their corresponding controls, based on the needs arising from the process of risk management analysis.
- Comply with the business, legal or regulatory requirements as well as contractual security and privacy obligations.
- Awareness and training on information security and privacy is provided to all personnel.
- Promote and support the implementation of the necessary measures to minimize the risks of information exposure while fulfilling the strategic objectives defined each year.
- Management of business continuity and developing continuity plans according to internationally recognized methodologies.
- Act at all times within the strictest professional ethics.
The Management of INBENTA provides direction and support for information security and privacy in accordance with business requirements and relevant laws and regulations.
- As a customer, Inbenta’s main cloud service provider has certifications and policies that implement all regulations Inbenta is compliant with (ISO 9001, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27701, GDPR).
- Inbenta as a provider, assures data isolation, capacity provisioning, controlled and segregated access to assets, as well as systems/network hardening and segmentation. Related procedures, best practices, guidelines, and quality policies are available to all employees and relevant external parties.
This Policy provides the frame of reference for the continuous improvement of the Information Security and Privacy Information Management System as well as to establish and review the objectives of the ISMS/PIMS, communicated to the entire Organization, reviewed annually for its adequacy, and under extraordinary circumstances, when special situations and / or substantial changes occur in the ISMS/PIMS, being available to the public in general.
Last Revision: November 2021, Rev07
Approved by CEO