INFORMATION SECURITY MANAGEMENT SYSTEM POLICY
Ecomanagement Technology (ECOMT), aware of the high value of the security of information related to our clients, has established an Information Security Management System in accordance with the requirements of the ISO/IEC 27001 standard:2013 to guarantee the continuity of the information systems, minimize the risks of damage and ensure compliance with the objectives set.
This Policy is established in order to guide the management of the organization, such guidance orientation is reflected in the following guidelines:
The objective of the Security Policy is to establish the framework of action necessary to protect information resources against threats, whether internal or external, deliberate or accidental, in order to ensure compliance with the confidentiality, integrity and availability of information. The effectiveness and application of the Information Security Management System is under the direct responsibility of the Information Security Committee, which is responsible for the approval, dissemination and compliance with this Security Policy. In their name and representation, an Information Security Management System Manager has been appointed, who has sufficient authority to play an active role in the Information Security Management System, supervising its implementation, development and maintenance. The Information Security Committee will proceed to develop and approve the risk analysis methodology used in the Information Security Management System. Any person whose activity may, directly or indirectly, be affected by the requirements of the Information Security Management System, is obliged to strictly comply with the Security Policy. ECOMT will implement all the necessary measures to comply with the applicable regulations on security in general and computer security, relating to computer policy, the security of buildings and facilities and the behavior of employees and third parties associated with ECOMT in the use of computer systems. The necessary measures to guarantee the security of the information through the application of standards, procedures and controls must ensure the confidentiality, integrity and availability of the information, essential to be able to:
- Comply with current legislation on information systems.
- Ensure the confidentiality of the data managed by ECOMT.
- Ensure the availability of information systems, both in the services offered to customers and in internal management.
- Ensure the capacity to respond to emergency situations, restoring the operation of critical services in the shortest time possible.
- Avoid undue alterations in the information.
- Promote awareness and training in information security
May 2018 vO