The voice of your reservations
SSI POLICIES
This Policy defines the objective, direction, principles and basic rules for the management of information security of MINT TECHNOLOGY CLOUD, S.L.
Information security is a key factor for MINT TECHNOLOGY CLOUD, S.L.
MINT TECHNOLOGY CLOUD, S.L. considers that the management of information security, together with the provision of training and resources necessary for the development of the activity of this organization, and the implementation or use of ICT systems (Information and Communications Technologies) to achieve its objectives and that support these services, are the main pillars on which the daily work and effort are based.
The company depends on ICT systems to achieve its objectives. These systems are managed diligently, taking appropriate measures to protect them against accidental or deliberate damage that may affect availability (characteristic of the information that can only be accessed by authorized persons when necessary), integrity (characteristic of the information by which it is only modified by authorized people or systems and in a permitted manner) and confidentiality of the information processed or the services provided (characteristic of the information by which it is only available to authorized people or systems).
The general objective of information security is to ensure the satisfaction of our clients, guaranteeing the quality of information and the continued provision of services, acting preventively, supervising daily activity and reacting quickly to incidents to reduce their potential damages. . The goals are in line with the commercial objectives, strategy and business plans of MINT TECHNOLOGY CLOUD, S.L.
The Information Security System of MINT TECHNOLOGY CLOUD, S.L. bases its actions on planning, establishing, implementing, operating, monitoring, reviewing, maintaining and improving to preserve the quality of services, as well as protecting the availability, integrity and confidentiality of the information that supports the company's processes.
To this end, the Information Security Management System has the following objectives:
-
Information Security Management, in accordance with the International Standard UNE-EN ISO/IEC 27001:2017, through the responsibility and participation of all members of the company.
-
Assigment of effecient functions and responsabilities.
-
Effective management and control of the production process through qualified personnel specialized in telecommunications and cloud services, in the search for continuous improvement of processes, procedures, products delivered and services provided to the client, achieving greater maturity over time in the management and execution.
-
Necessary training of personnel in accordance with the technical changes and technological innovations to which the company's activity is subject, for execution of work with the required levels of quality and information security, and promotion of the training of personnel in the weak aspects that are detected.
-
Prevention of possible defects and information security incidents before they occur, working towards improvement and communication.
-
Continuous evolution of the System, in order to adapt to the demands of our clients, through periodic reviews of it, complying with the legal and regulatory requirements important for the organization in the field of information security, as well as with the Contractual obligations.
-
Establishment of safety indicators that allow us to know the degree of effectiveness and safety of our production processes.
-
Implementation of new business management models, methods and systems and search and development of new documents that clearly describe the organization's activities and their subsequent implementation.
-
Implementation of continuous methodologies aimed at knowing the degree of satisfaction and compliance with the needs and expectations of our clients.
-
Establish the security level based on risk analysis.
-
Carrying out periodic security audits to determine the degree of compliance with the security policy.
-
Carry out good management of our resources, both human (specialized personnel) and materials (economic and financial), to optimize results by identifying the costs of non-quality and safety.
-
Awareness and motivation of staff about the importance of the implementation and development of an Information Security System.
This Policy will serve as a framework for establishing the objectives and their corresponding individual controls or groups of security controls, which will be proposed by the Information Security Manager and approved by Management. The process of choosing controls is defined in the risk evaluation and treatment methodology. The selected controls and their implementation status are detailed in the Applicability Statement.
The responsibilities for the Information Security System of MINT TECHNOLOGY CLOUD, S.L. are the following:
Responsible for the Information Security System:
-
Ensure that the System is implemented and maintained in accordance with this Policy and that all necessary resources are available.
-
Operational coordination of the System, as well as reporting on performance and carrying out an internal audit of the system at least once a year.
-
Implement training and awareness programs that correspond to all people who play a role in information security management.
-
Define what information security-related information will be communicated to which interested party (both internal and external), by whom and when.
-
Ensure that this Policy is communicated to all company employees, as well as the appropriate external participants.
-
Define the method to measure compliance with objectives, as well as analyze, evaluate and report the results for review by Management, recording details about the measurement, periodicities and results obtained.
-
Receive information on all security incidents or weaknesses for treatment and reporting to Management.
The Management reviews the Information Security System at least once a year or every time a significant modification occurs in order to establish its convenience, adequacy and effectiveness.
All objectives are reviewed at least once a year by the Head of the Management System and approved by Management.
Protecting the integrity, availability and confidentiality of assets is the responsibility of the owner of each asset.
Through this document, the Management declares that in the implementation and continuous improvement of the Information Security System it has the support of adequate resources to achieve the objectives established in this Policy, as well as to comply with all the identified requirements. It is reviewed annually at the initiative of the System Manager, who must verify and, if necessary, update the document for approval by Management.
When evaluating the effectiveness and adequacy of this Policy, the following criteria, among others, are taken into account:
-
Internal and external personnel who fulfill a function in the Management System but who are not familiar with this document.
-
Non-compliance of the Management System with laws and regulations, contractual obligations and other internal documents of the organization.
-
Ineffectiveness of the implementation and maintenance of the Management System.
-
Ambiguous responsibilities for the implementation of the Management System.