The Management of INBENTA, aware that information is a highly valued asset within the Organization and one which requires adequate protection, has decided to implement an Information Security Management System (ISMS) in order to protect it from threats and to ensure the continuity of business lines, to minimize damage and to maximize return on investments and business opportunities.
The Management of INBENTA defines information security as the preservation of its three fundamental characteristics:
- Confidentiality, ensuring that only those who are authorized can access the information.
- Integrity, ensuring that the information is not altered during storage, treatment or transit.
- Availability, ensuring that authorized users have access to the information and their associated assets when required.
The Management of INBENTA establishes the following objectives as a base, starting point and support for the objectives and principles of information security:
- The protection of personal data and the privacy of individuals.
- The protection of intellectual and industrial property rights.
- The establishment of a system for classifying information and safeguarding the records of the organization.
- Assignment of security responsibilities.
- Training in and capability for information security.
- Recording security incidents and learning from them.
- Managing business continuity.
- Compliance with legislation and other regulations regarding safety.
- The assurance of the confidentiality, integrity and availability of information that supports the service objectives of this system.
The Management of INBENTA, through the elaboration and implementation of this Information Security Management System, adheres to the following commitments:
- Annual objectives are established in relation to Information Security.
- A process of risk analysis is developed and, depending on results, the corresponding actions are implemented in order to treat any risks considered to be unacceptable.
- Control objectives are established, as well as their corresponding controls, based on the needs arising from the process of risk management analysis.
- Comply with the business, legal or regulatory requirements as well as contractual security obligations.
- Awareness and training on information security is provided to all personnel.
- Promote and support the implementation of the necessary measures to minimize the risks of information exposure while fulfilling the strategic objectives defined each year.
- Management of business continuity and developing continuity plans according to internationally recognized methodologies.
- Act at all times within the strictest professional ethics.
This Policy provides the frame of reference for the continuous improvement of the Information Security Management System as well as to establish and review the objectives of the Information Security Management System, communicated to the entire Organization, reviewed annually for its adequacy, and under extraordinary circumstances, when special situations and / or substantial changes occur in the Information Security Management System, being available to the public in general.
Last Revision: February 2021
Approved by CEO