Disclaimer: You are using Google Translate. The ICESCO is not responsible for the accuracy of the information in the translated language .

your opinion

User Feedback

Overall, how satisfied are you about the website?

    Extremely Dissatisfied Extremely Satisfied

    Last updated: [October 2024]

    1. OBJECTIVES OF THE ISSPP

    The main objective of the Information Systems Security policy and procedure is to put in place rules and principles concerning the use and protection of information, throughout its life cycle.

    These rules and principles derive from the international standards ISO/IEC ISO27001 and ISO/IEC 27002 and other relevant regulations and best practice standards.

    The basis of this policy and procedure are based on the establishment of an Information Security Management System (ISMS) which sets a framework within which the processing of information and the operation of information systems must evolve and defines the basis for continuous improvement in this area.

    The Management System aims to formally assign all corporate responsibilities for information protection. It defines a governance structure that allows for ongoing management of security risks, as well as the scope of the scope of information security.

    Subsequently, directives, procedures and guides will follow for the implementation of the information security policy and procedure.

    It aims, among other things, to:

    • Protect know-how and sensitive data, related to the activities of the organization.
    • Guarantee the availability, integrity and confidentiality of the information system, and the information itself.
    • Ensure that the inventory of resources is established and updated and secured in accordance with the classification of information.
    • Ensure the implementation of a risk management process according to a documented method for all critical processes.
    • Ensure continuous improvement of information security.
    • Integrate required security requirements into an agreement for subcontractors and Suppliers.

    2. CONSTRAINTS

    It is imperative to comply with all legal, regulatory, normative or contractual obligations as well as information security requirements, as well as the protection of intellectual property rights.

    In addition, associated with this policy and procedure a set of documents have been created and are to be implemented to comply with Information Security Management processes.