lnformation Security Management System Policy
The purpose of this lnformation Security Policy is to protect JEGAN's information assets by identifying risks related to information systems so as to manage them coherently and in line with the Strategic and Management Plan.
The professional activity demanded by our clients is based on the attribute of trust. This attribute is focused on the values of the organisation, which must be reflected in all our processes, in the capabilities and behaviours of our people. We understand that the "raw materials" we manage are:
- Our clients' information.
- Knowledge of the peo ple in the team.
- And the time we devote to the activity.
And all this in order to systematically manage the organisation's main asset, which is its brand reputation.
A Security Committee has been established to ensure compliance with and monitoring of the provisions of this Policy.
For all these reasons, brand, values and raw materials, which are all essential attributes that clients demand, have to be managed according to criteria that allow the following to be maintained:
- their confidentiality, ensuring that only authorised persons can access the information.
- their availability, ensuring that the information and its processing methods are accurate and complete.
- and their integrity, ensuring that users have access to the information and their associated assets when required.
Therefore, actions are put in place at JEGAN to ensure this:
- Providing the necessary means for proper protection against loss of availability, confidentiality and integrity.
- Providing the necessary means for proper protection against unauthorised access.
- Providing the necessary means for compliance with the applicable legal requirements.
- Providing the necessary means for the fulfilment of client requirements, if necessary.
- Providing the necessary means for compliance with business requirements with respect to information security and information systems.
- Appropriate handling and communication in security incident management.
- Establishment of procedures to ensure compliance with the Security Policy.
- Providing the necessary means for the organisation to comply with the Policy and its procedures, technical instructions and other requirements.
As objectives of the ISMS, JEGAN has established the following:
- lmprove the confidence of all stakeholders in JEGAN.
- lmplementation of a digitalisation process in the organisation.
- Ensure that the team, partners and suppliers, know and understand the issues associated with information security. That they assume and are aware of their responsibilities in this matter.
- Provide guidance for establishing the standards, procedures and security measures for developing an lnformation Security System.
- Ensure the confidentiality of the information that our clients deposit and that JEGAN stores in the information systems.
- Maximise the availability and quality of services provided to our clients.
- Reduce or eliminate the hazards and risks inherent in our activities through continuous improvement of safety performance in our processes, products and services.
- Ensure that our current and future operations and processes comply with current information security legislation.
- Make our current Policy, as well as future developments of the Policy, available to interested parties.
This policy is mandatory for all JEGAN stakeholders and non-compliance may lead to appropriate liabilities.
This policy has been approved by JEGAN management and will be reviewed annually.
REVIEWED ANO APPROVED BY : GORKA AIZPITARTE
POSITION: : GERENTE
Date: 23 May 2023