Information security policy

Target

Tecnología en sus Manos S.L. (TCMAN), in order to address the problems related to information security, issues the following Information Security Policy, within the framework of the Information Security Management System implemented in the organisation, in accordance with the international reference standard ISO/IEC 27001:2013.

The purpose and objective of this Information Security Policy is to protect the organisation’s information assets from all threats, whether internal or external, deliberate or accidental, seeking to ensure continuity of operations, minimisation of damage arising from incidents, and maximisation of return on investment and relevant opportunities in its sector.

Development

  1. The Senior Management of TCMAN has approved this Information Security Policy.
  2. It is TCMAN’s policy to ensure that:
      • Information and systems identified as vulnerable to cyber-attacks will be protected from loss of confidentiality, integrity and availability.
      • Applicable regulatory and legislative requirements shall be met.
      • Cybersecurity contingency plans will be developed.
      • Cybersecurity training will be available to all staff.
      • All information security breaches, actual or suspected, shall be reported to and investigated by the Information Security Officer.
      • Third party partners (service providers, manufacturers, etc.) will be monitored in relation to their own commitment to information security, and their own policies.
      • The implemented Information Security Management System will be continuously improved.
  3. Other procedures have been developed to support this Policy. These include, but are not limited to, incident management, information backup management, system access control, malware controls, password management, and encryption.
  4. The role, and responsibility, of the Information Security Officer is to manage information security, and to provide advice and guidance on the implementation of this Information Security Policy in the organisation.
  5. The designated owner of the Information Security Policy has direct responsibility for reviewing this Policy on a regular basis.
  6. All heads of department are directly responsible for implementing the Information Security Policy within their departments.
  7. It is the responsibility of every TCMAN employee to comply with this Information Security Policy, and all regulations arising from it.

Code: P-SI
Rev. 2

Created by: Eloy Ortega
Position: CEO

Classification: Public
Date: 19/03/2021