INFORMATION SECURITY POLICY – ISMS
Scope: This policy applies to activities, services, assets, resources and third parties involved in the provision of services:
- A) Public financing for R+D+i projects and industrial investments. Integral financing cycle of R+D+i projects through European funds. Development of projects at international level, financed by multilateral organisations. Public funding for environmental projects, energy efficiency and sustainability consultancy. Tax savings in local and regional taxation related to real estate. Management of operating cost savings for companies.
- B) Provision of advisory and consultancy services in the area of Public Funding for R&D&I projects and industrial investments.
- C) Provision of advisory and consultancy services in the area of Public Funding from European Public Institutions.
- D) Provision of advisory and consulting services in the area of Public Funding for activities and projects at the global level, including projects financed by multilateral organizations.
- E) Provision of advisory and consulting services in the area of public financing for environmental projects, energy efficiency and sustainability consulting.
- F) Provision of advisory and consultancy services on tax savings in local and regional taxation related to real estate.
- G) Provision of advisory and consultancy services in the area of operating cost savings for companies.
Since the creation of the company, information security was established as a value proposition in each and every one of the activities. Since then, this added value has allowed us to differentiate ourselves from the competency, guaranteeing, in addition to availability, the correct functioning of systems and services, and compliance with any legal, regulatory or contractual requirement in relation to information security.
An effective management of the ISMS is especially relevant for our services because of:
- The sensitivity and volume of personal information treated.
- Decrease the impact of potential risks without the need for major changes.
- Obtain a global vision of the state of the information systems without falling into technical details, in addition to being able to observe the security measures applied and the results obtained.
- In conclusion, an ISMS must be considered when managing security in an organization, especially when the structure has a high level of complexity, in order to achieve greater efficiency and guarantee in the protection of its information assets.
In conclusion, the integrity, confidentiality and availability of information and systems are crucial for the security and continuity of our business, as well as that of our customers.
This Information Security Policy shows the commitment of Management, and has as high level objectives:
- Ensure compliance with applicable legislation, regulations and standards, as well as all those requirements that the organization considers appropriate to carry out to maintain an Information Security Management System, allowing it to achieve continuous improvement of its performance.
- Meet the needs and expectations of stakeholders involved within the scope of the ISMS, preserving the Availability, Integrity and Confidentiality of information.
- Demonstrate leadership by management by ensuring that the Information Security policy and security objectives are established and are compatible with the strategic direction of the organization.
- Assign the necessary roles and responsibilities in the field of security and provide the necessary support.
- Commit to “continuous improvement” as the primary mechanism for the evolution and adaptation of the organization.
- Implement effective and efficient security measures.
- Establish and periodically review the level of security (risk appetite) based on risk analysis.
- Train, raise awareness and motivate staff on the importance of complying with ISMS requirements.
- Take into account the security of information in suppliers and subcontractors.
Víctor Tarruella de Oriol