Corporate Policy on Information Security
General information
At ICP, information is a fundamental asset for the provision of its services and efficient decision-making, which is why there is an express commitment to protecting the company’s most significant properties, including information, as part of a strategy aimed at business continuity, risk management and the consolidation of a security culture.
Aware of its current needs, ICP implements an Information Security Management System as a tool that allows us to identify and minimise the risks to which the information we hold is exposed, establish a security culture and guarantee compliance with the legal and contractual requirements in force and other requirements of our clients and stakeholders.
A fundamental point of the policy is the implementation, operation and maintenance of an ISMS based on the ISO 27001 standard.
FOUNDATIONS OF ICP’S INFORMATION SECURITY POLICY
- Comply with all applicable legal requirements.
- Have a continuity plan that enables disaster-recovery as fast as possible.
- Train and raise awareness of information security among all employees.
- Appropriately manage all incidents that occur.
- Inform all employees of their security duties and obligations and that they are responsible for fulfilling them.
- Inform all ICP personnel and all those working on its behalf of their duty to comply with this Policy, including contractors and visitors to our facilities.
- Our security officer is in charge of the organisation’s information security management system (ISMS).
THE OBJECTIVES OF THIS POLICY WILL BE
- Ensure the confidentiality, integrity, and availability of information.
- Ensure that information assets receive an appropriate level of protection.
- Classify information to indicate its sensitivity and criticality.
- Define levels of protection and special processing measures in accordance with its classification.
- Constantly improve the ISMS and, therefore, the security of the organisation’s information.