INFORMATION SECURITY POLICY
SEVENTECH establishes the present policy as an action framework of the whole company in the of information security matter.
This policy is based on the following principles:
- Protect the information resources and technology used for its processing, against deliberate or accidental internal or external threats, to ensure compliance with the information confidentiality, integrity, and availability.
- Implement security measures in the information systems from their development and implementation as well as during their maintenance, in order to reduce the risks of human error, accidents and natural disasters.
- Guarantee the continuous improvement of the Information Security Management System (ISMS)
- Maintain the Information Security Policy updated, in order to ensure its validity and effectiveness.
- Prevent unauthorized access to information systems, databases and information services.
- Establish a clear and efficient information security management methodology through guidelines and policies.
- Ensure secure access to information and with complete confidence to users through the design and operation of an IT and communication infrastructure according to the current risks of the technology.
- Establish Security objectives under a continuous improvement approach.
- Control risks constantly with the collaboration of all critical areas.
- Information Security awareness in order to avoid situations that may involve a security incident
- Providing the appropriate investments according to the identified risks and the protection needs.
- Guarantee security in the exchange of information, internally and to all interested parties.
- Comply with the regulations on privacy and personal data protection of our customers, employees and suppliers.
- Obtain measurable results that will allow the analysis of information security analysis and evolution.
- Review annually Information Security Policy, in order to keep it updated, making any changes that may be necessary depending on possible changes that may affect its definition, such as technological changes, the impact of security incidents, etc.
All economic, financial, technical, commercial, strategic, administrative, economic or other nature information, which at any time during the term of the work contract is known or created by the parties (and the employee), shall be considered as Information, within the framework of the execution of the labour or that is disclosed to him by the other party orally, in writing or on any other medium, as well as documentation of another type, which has been classified as exclusive or confidential property.
An information classification will be established with the appropriate treatment for each case.
The employee will only treat and use the Information that is necessary for the development of the professional functions of the position, which is assigned within the structure of SEVENTECH
In the event that, for reasons directly related to the job, the employee comes into possession of information from SEVENTECH under any type of support, it should be understood that such possession is strictly temporary, with an obligation of secrecy and without this giving rise to any right of possession, ownership or copy of said information.
The employee is obliged to keep and treat with the utmost diligence and confidentiality all the Information and, in particular, not to disclose to any third party, unless it is an administrative or jurisdictional body, without the prior consent of the other party.
For the correct risks management derived from the security of information, a set of control policies are established:
- Access control policy
- Network use policy
- Mobile devices policy
- Prototype policy
- Backup policy
- Asset destruction policy
- Project management policy
In addition, in order to preserve the assets that contain information, a contingency plan and a continuity plan are available.
Do not comply of some of the terms; conditions, and obligations of this policy will determine the responsibility of all claims and actions that SEVENTECH can exercise. The non-compliance will be qualified as a very serious fault and could be sanctioned in accordance with the applicable legal regulations.