Information has become one of the main assets of our organization, and that is why taking care of it and protecting it becomes an absolute priority objective.
From now on, information security is part of our strategy as a critical and fundamental element. This challenge is multiplied in demand and importance if we apply it to an environment as specific and critical as ours, where the treatment and secure management of information are imposed as a necessity to compete and improve in the future.
Likewise, current legislation is clear regarding information security, having a very specific legal framework that requires strict compliance by all, but that helps to adopt the appropriate security measures in the systems of the information.
The principles underlying the Security Policy of NUEVOS SISTEMAS TECNOLÓGICOS, SL (hereinafter NEOSISTEC AND NAVILENS PROJECTS CORP. ) are described below . This set of fundamental principles has been formulated based on valid business needs, recognition of the added value of the systems to be protected and an understanding of the risks associated with these systems.
The purpose of this High Level Policy is to define the objective, direction, principles and basic rules for the management of information security.
This Policy applies to the entire Information Security Management System (ISMS) and to all employees of NEOSISTEC AND NAVILENS PROJECTS CORP. and extensible to third parties that process information owned by NEOSISTEC Y NAVILENS PROJECTS CORP.
Information Security is a joint effort, therefore requires the involvement and participation of all members of the organization working with the Information Systems organization . Therefore, each employee must comply with the requirements of the Security Policy and its associated documentation.
Employees who knowingly or negligently violate the Security Policy will be subject to disciplinary action as contemplated in this document.
This Policy affects all information assets of the company, both personal computers or servers, networks, applications, company processes that belong and / or are managed by NEOSISTEC AND NAVILENS PROJECTS CORP. This policy covers the aspects most directly related to the responsibility and good use of personnel.
This Security Policy is widely known and complied with by any external person belonging to third parties that performs any type of treatment on the information owned by NEOSISTEC Y NAVILENS PROJECTS CORP.
Likewise, this Policy and its associated procedures will be mandatory for third-party providers. The paper copies of this document will be solely and exclusively INFORMATIVE. For the purposes of compliance with the procedures, the only valid reference will be the document in electronic format available on the corporate intranet contracted for the execution of professional services in the areas considered appropriate, in the event that they carry out any activity that implies access or treatment of any system or information owned by NEOSISTEC Y NAVILENS PROJECTS CORP. and so it will be defined contractually.
The Information Security Committee is in charge of building and maintaining the Information Security Policy, although it is the Directorate of NEOSISTEC AND NAVILENS PROJECTS CORP. responsible for the approval and publication of said Policy, as well as for distributing it to all employees and affected third parties.
Any change or evolution that affects or could affect the content of the Information Security Policy will be recorded in a new signature of the approval document. In this way, the commitment of these entities to information security is specified and confirmed.
Periodically, and in any case not exceeding a period of one year, the validity and reasonableness of this policy will be reviewed and the improvements, adaptations or modifications required based on the applicable organizational, technical or regulatory changes will be carried out.
The distribution of the security policy will be distributed in the following ways depending on the stakeholder it is addressed to:
Any premeditated or negligent violation of the security policies and regulations and that involves potential damage, consummated or not, to NEOSISTEC AND NAVILENS PROJECTS CORP. , will be sanctioned in accordance with the mechanisms enabled in the Company agreement and in the current legal, contractual and corporate regulations.
All actions in which the security of NEOSISTEC Y NAVILENS PROJECTS CORP. and that are not provided for in this policy, must be reviewed by the Executive Management and by the person responsible for Information Security to issue a resolution subject to the criteria of the company and the foreseen legislation.
Disciplinary actions in response to breaches of the Information Security Policy are the responsibility of the Executive Directorate of NEOSISTEC AND NAVILENS PROJECTS CORP. and of the governing bodies according to the applicable legislation.
There is a complaints channel and an incident management protocol made available to workers through which any member of the company can report a possible incident or non-compliance to the safety committee or the safety manager.
This infraction and the corresponding sanction will be communicated to the offender by a member of the management by email with a request for confirmation of receipt.
In response to a new technological environment where the convergence between computing and communications is facilitating a new productivity paradigm for companies, NEOSISTEC AND NAVILENS PROJECTS CORP. , is highly committed to maintaining the Promotion of research, technological development and innovation projects, in a quality environment , where the development of good practices in Information Security is essential to achieve the objectives of confidentiality, integrity, availability and legality of all the information managed. Consequently, to the foregoing, NEOSISTEC AND NAVILENS PROJECTS CORP. , defines the following application principles to be taken into account within the framework of the Information Security Management System (ISMS):
The Management of NEOSISTEC Y NAVILENS PROJECTS CORP. , understands its duty to guarantee information security as an essential element for the correct performance of the organization's services , and, therefore, supports the following objectives and principles:
This Policy will be maintained, updated and adequate for the purposes of the Organization, aligning with its risk management context. To this end, it will be reviewed at planned intervals or whenever significant changes occur, in order to ensure that its suitability, adequacy and effectiveness are maintained.
Similarly, to manage the risks faced by NEOSISTEC AND NAVILENS PROJECTS CORP. a formally defined risk assessment procedure is established. For its part, all the policies and procedures included in the ISMS will be reviewed, approved and promoted by the Executive Direction of NEOSISTEC AND NAVILENS PROJECTS CORP. .
This policy has been approved and reviewed by management on September 23, 2021