Corporate Policy on Information Security

General information

At ICP, information is a fundamental asset for the provision of its services and efficient decision-making, which is why there is an express commitment to protecting the company’s most significant properties, including information, as part of a strategy aimed at business continuity, risk management and the consolidation of a security culture.

Aware of its current needs, ICP implements an Information Security Management System as a tool that allows us to identify and minimise the risks to which the information we hold is exposed, establish a security culture and guarantee compliance with the legal and contractual requirements in force and other requirements of our clients and stakeholders.

A fundamental point of the policy is the implementation, operation and maintenance of an ISMS based on the ISO 27001 standard.


  • Comply with all applicable legal requirements.
  • Have a continuity plan that enables disaster-recovery as fast as possible.
  • Train and raise awareness of information security among all employees.
  • Appropriately manage all incidents that occur.
  • Inform all employees of their security duties and obligations and that they are responsible for fulfilling them.
  • Inform all ICP personnel and all those working on its behalf of their duty to comply with this Policy, including contractors and visitors to our facilities.
  • Our security officer is in charge of the organisation’s information security management system (ISMS).


  1. Ensure the confidentiality, integrity, and availability of information.
  2. Ensure that information assets receive an appropriate level of protection.
  3. Classify information to indicate its sensitivity and criticality.
  4. Define levels of protection and special processing measures in accordance with its classification.
  5. Constantly improve the ISMS and, therefore, the security of the organisation’s information.