INFORMATION SECURITY SYSTEM POLICY
SITUM TECHNOLOGIES, S.L. is an organization that develops its activities on technology-based products and services. The commitments to its customers make Situm has a special consideration for the use of information technology taking the security of its operations as a key point of your business.For this reason Situm has implemented and developed an information security management system based on ISO 27001.
MISSION AND OBJECTIVES
Our mission is to generate confidence in our customers in cybersecurity, minimizing security risks that could compromise the continuity of their business.
Our ISMS defines the basic principles, the framework and the organization of Situm Information Systems on the following principles:
1. Implement a risk approach: identifying, assessing and addressing the organization’s risks.
2. Implementing awareness, sensitization, information, training and accountability actions to make each stakeholder aware of their rights and duties in relation to the risks to which the Information System may be exposed.
3. To have and maintain a detailed inventory of the means made available to the different stakeholders to protect the Information System in all activities,
4. Disseminate and adapt the framework for the provision, access and use of Information System resources (data, hardware, software, etc.), as well as the activities of design, development, maintenance, integration and exploitation of these resources.
5. To ensure compliance with the regulatory framework applicable to the use and processing of information, personal data and the use of information and telecommunication technologies.
VALUES AND COMMITMENTS
The Management of SITUM TECHNOLOGIES, S.L., has established a Security Policy for the activities it carries out in relation to the management of services to its customers based on the following principles:
Legal compliance and information security risk management.
Comply with current applicable legislation, from the point of view of information security established internally or with interested parties, adopting efficient management criteria to eliminate, minimize, transfer or, where appropriate, accept the risks and opportunities in all processes of the organization.
Collaboration with stakeholders
Encourage communication, both internally and externally with our clients, advising them to achieve the best results in the services required.
Customer Satisfaction
Maintain and improve the Quality and Information Security of the work and services provided, fully satisfying our customers.
Training and Competence
To provide adequate training to our employees in order to be able to offer qualified personnel to develop the activities included in our Information Security Management System.
Continuous improvement and transparency
Commitment to continuous improvement and ensuring the effectiveness of our Information Security Management System.
Internal communication
Provide the appropriate means for this policy is communicated, understood, internalized, implemented and followed by all persons working in SITUM TECHNOLOGIES, SL, directly or indirectly or who provide their services for it.
Security Incident Management
Establish effective criteria and protocols that allow us to anticipate possible failures of information security, taking into account the impact that could cause a loss of confidentiality, integrity or availability of the assets managed.
COMMITMENT TO COMPLIANCE
All persons belonging to SITUM TECHNOLOGIES, S.L. are formally obliged to comply with the policies and internal codes that may be established by the Management.