Information Security Policy

Image
Revision Control
Version Date Reason Responsible
01 15-01-2023 First version Security manager
00

Index

  1. INTRODUCTION
  2. SCOPE
  3. INFORMATION SECURITY OBJECTIVES
  4. INFORMATION SECURITY MANAGEMENT APPROACH
  5. RESPONSIBILITIES
  6. AWARENESS AND TRAINING
  7. COMPLIANCE
  8. REVIEW
01

INTRODUCTION

0invader Cybersecurity SL recognizes the importance of information security for the continued success of its operations and the fulfillment of its objectives. This policy establishes its commitment to information security and provides a basis for establishing and reviewing security controls in accordance with ISO/IEC 27001 standards.

02

SCOPE

This policy applies to all organization information assets, including information stored, processed, or transmitted in any format for consulting and forensic analysis services.

03

INFORMATION SECURITY OBJECTIVES

The organization is committed to achieving the following information security objectives:

  • Protect information against unauthorized access or disclosure.
  • Maintain the accuracy and completeness of information and associated business processes.
  • Ensure that information is available and used by those who need it when they need it.
  • Verify and confirm the authenticity of information and the users accessing it.
  • Assign clear responsibilities for information security management and promote awareness and accountability among all employees.
  • Comply with laws, regulations, and contractual requirements applicable to information security.
04

INFORMATION SECURITY MANAGEMENT APPROACH

0invader Cybersecurity SL has adopted a systematic approach to managing information security based on the principles of ISO/IEC 27001. This includes:

  • Identifying and evaluating information security risks throughout the organization.
  • Selecting and applying appropriate security controls to mitigate identified risks.
  • Implementing the selected controls and ensuring their continuous effectiveness.
  • Regularly monitoring the effectiveness of implemented controls and reviewing the information security management system to ensure its continuous adequacy.
  • Pursuing continuous improvement of the information security management system through learning from past experiences and adopting best practices.
  • Systems are designed and configured with Security by Default in mind. The system provides the minimum required functionality because operational, administrative, and activity logging functions are kept to the bare minimum.
  • Ensuring the business continuity of 0invader Cybersecurity SL and minimizing risks by preventing security incidents and reducing their potential impact.
  • Achieving, within the established contractual framework, maximum satisfaction of its clients and employees regarding the services provided.
  • Carrying out, in Management System Review meetings, the establishment and revision of service management objectives and criteria for evaluating improvement opportunities.
  • 0invader Cybersecurity SL undertakes a commitment to confidentiality for all documentation related to all aspects of the work carried out.
  • Compliance with applicable legislation and regulations regarding its activity, as well as with requirements and recommendations considered necessary within the Information System environment.
  • Ensuring the organization's information assets against accidental or deliberate threats, both internal and external.

0invader Cybersecurity SL Management assumes the responsibility that the Information System is sufficiently documented, communicated, and understood by its staff. To achieve this, it commits to providing the necessary resources in terms of information, training, and awareness.

Both the detection of threats and vulnerabilities and the estimation of intrinsic risk will be carried out through periodic meetings where the impact and likelihood of risks occurring will be evaluated.

Management, through the development and implementation of the Information System, will ensure that:

  • Information integrity is maintained.
  • Information confidentiality is mandatory.
  • Information availability meets business requirements.
  • Information is protected from unauthorized access.
  • Legal requirements are met, especially regarding the protection of personal data.
  • Business continuity plans will be developed, maintained, and tested.
  • Personnel will be trained to be aware of their roles and obligations regarding information security.
  • Security incidents will be reported obligatorily and subsequently evaluated.
  • The ISMS will be reviewed, particularly this security policy, to keep it continuously updated and appropriate for continuously changing needs.

0invader Cybersecurity SL Management is aware of the importance of developing proper change management and commits to establishing a system to ensure control of the configuration items that require such control, as well as the criteria for carrying them out, with the purpose of achieving a greater impact of its services.

0invader Cybersecurity SL will promote all Information Systems and all necessary policies, procedures, and protocols, taking into account current legislation on equality and non-discrimination.

05

RESPONSIBILITIES

As a result of the principles and requirements outlined above, 0invader Cybersecurity SL has determined the responsibilities of all organization members as follows:

  • The responsibility for information security lies with all organization employees.
  • Employees must comply with information security policies and procedures and report any security incidents or vulnerabilities they encounter.
  • Management approves the system documentation and provides resources of all kinds for the implementation of the information security management system.

0invader Cybersecurity SL will be entitled to claim damages of any kind that it may suffer, as a result or consequence of the breach of any of the obligations previously stated, in the event of commission of any of the crimes or offenses typified by the current Penal Code, or in the event of observing any conduct that, in its opinion, is contrary to this policy, the Law, the established rules, or may disturb its proper functioning, image, credibility, and/or prestige.

06

AWARENESS AND TRAINING

0invader Cybersecurity SL will provide periodic awareness and training programs to ensure that all employees understand their responsibilities regarding information security and are trained to fulfill them.

07

COMPLIANCE

The organization is committed to complying with all applicable legal and contractual requirements.

08

REVIEW

0invader Cybersecurity SL reviews the Systems policy either annually or upon a significant change or modification in its organizational structure, and ensures that the policy is appropriate.

This policy has been approved by 0invader Cybersecurity SL Management and takes effect from January 2023.

Your privacy matters to us

We use cookies to ensure you get the best experience on our website.