Extract Security Policy
Information Security
1. CONTEXT
Information is essential for virtually all business processes of MAPAL SOFTWARE, S.L (hereinafter, MAPAL), serving as the crucial thread for executing these processes with guarantees of efficiency and quality, thereby achieving compliance with the strategic objectives formally set by the Management.
The main dimensions of information security that must be guaranteed in the execution of any business process are:
- Confidentiality: Ensures that information is only accessible to authorised persons, entities, or processes.
- Integrity: Ensures that information is generated, modified, and deleted only by authorised persons, entities, or processes.
- Availability: Ensures that information is accessible when required by authorised persons, entities, or processes.
- Traceability: Ensures that information related to accesses and activities carried out by persons, entities, or processes is available for any analysis of anomalous behaviour patterns that must be performed.
Furthermore, other dimensions of security, such as authentication of the parties or non-repudiation, must similarly be guaranteed when the security value of the information in the context of the business process in which it is being stored, processed, or transmitted, requires it.
The Information Security Policy is based on the adoption of clear and well-defined principles that ensure compliance with strategic guidelines, legal requirements, as well as those of a contractual nature formalised with third parties or stakeholders, and thus, it constitutes the main instrument on which MAPAL relies for the secure use of information and communication technologies.
The regulations (standard, procedures, and security instructions) that emanate from or are derived from the Information Security Policy of MAPAL will become part of it once they have been disclosed, being mandatory for all employees and third parties who use information owned by MAPAL.
The Management of MAPAL will ensure that this Information Security Policy is understood and implemented throughout the organisation, providing the necessary resources to achieve the objectives defined in this framework of action.
2. OBJECTIVES
The Information Security Policy is established as the high-level document that formalises the various guidelines for action on security adopted by MAPAL, and which will be developed in greater detail in the corresponding security regulations prepared for this purpose.
Under this premise, therefore, the Information Security Policy contemplates the following main objectives:
- To comply with the applicable legal regulations in the field of information security.
- To contribute to the fulfilment of the mission and strategic objectives formalised by MAPAL.
- To align the information security as a principal asset with the requirements demanded by the business through the formalisation of the information value model and the execution of the process of analysis and risk evaluation to which the various information assets are exposed, achieving the definition of a strategy for mitigating the risks related to the environment of information security.
- To guarantee adequate protection of the various information assets depending on the degree of sensitivity and criticality achieved by them (security value of the information assets according to the various dimensions considered with the application of the inheritance criterion and the principle of proportionality).
- To guarantee an effective response capacity to eventual information security incidents, minimising the respective operational, financial, and reputational impact.
- To facilitate the sizing of the necessary resources for the correct implementation of the technical and organisational security measures collected in the documented security regulations.
- To promote the use of good practices in information security, as well as to create the appropriate security culture in the context of the organisational structure of MAPAL.
- To establish the mechanisms for review, monitoring, auditing, and continuous improvement in order to maintain the appropriate security levels demanded by the business model of MAPAL.