INFORMATION SECURITY MANAGEMENT SYSTEM POLICY
Aware as we are that the information pertaining to our clients and customers is a very valuable resource, NOIVAGRUP has set up an Information Security Management System according to the requirements of standard ISO/IEC 27001:2013 to ensure our information systems security is seamless, minimise any risk of damage and guarantee compliance with the goals set.
The goal of the Security Policy is to establish the action framework needed to protect information resources from threats, be they internal or external, deliberate or unintentional, so as to ensure compliance with confidentiality, integrity and availability of information.
The efficacy and implementation of the Information Security Management System (hereinafrer, ISMS) is the direct responsibility of the Information Security Committee, which is responsible for approving, disseminating and complying with this Security Policy. An ISMS Manager has been appointed to act on behalf of the Committee and granted sufficient authority play an active role in the ISMS, which includes supervising its implementation, development and maintenance.
The Information Security Committee shall proceed to develop and approve the risk assessment methodology used in the ISMS.
Anyone whose activity may be directly or indirectly affected by the requirements of the ISMS will be obliged to strictly comply with the Security Policy.
At NOVAIGRUP all of the necessary security measures will be taken to comply with applicable regulations regarding overall security, computer security, security in the building and facilities, and security regarding the behaviour of employees and third parties linked to NOVAIGRUP when using information systems. The measures taken to ensure information security by applying standards, procedures and control must ensure the confidentiality, integrity and availability of information needed to:
- Comply with current regulations on information systems.
- Ensure the confidentiality of the data managed by NOVAIGRUP.
- Secure the availability of the information systems, both in the services offered to clients and in our internal management.
- Guarantee the capacity to respond in the event of an emergency and restore critical services in the shortest time possible.
- Avoid undue alterations in the information.
- Promote awareness and training on information security.