Information Security Policy
Ver. 1.0. Date of publication: 16 FEB 2023
1. OBJECTIVE
The purpose of this document is to establish the General Information Security Policy of DELTA PROTECT.
2. SCOPE
This policy applies to all DELTA PROTECT personnel.
3. RESPONSIBILITIES
The CISO of DELTA PROTECT is responsible for the compliance, updating and improvement of this policy.
4. information security policy
DELTA PROTECT establishes as "INFORMATION SECURITY POLICY", through its Information Security Management System, the preservation of the Confidentiality, Integrity and Availability of the information of its customers and the organization.
Confidentiality ensures that the information is obtained only by authorized persons. The integrity allows maintaining the accuracy and validity of the information and the availability, corresponds to the access and use only and at the time of being requested by an authorized person.
Information is a critical factor in today's business world; consequently, policies are implemented and enforced by different levels of the organization, as well as by external service providers.
Management commitment
DELTA PROTECT's Senior Management approves this Information Security Policy as a sign of its commitment and support in the design and implementation of efficient policies that guarantee Information Security in the organization.
DELTA PROTECT's Senior Management demonstrates its commitment through:
- The review and approval of the Information Security Policy contained in this document at least once a year.
- Active promotion of a safety culture.
- Facilitate the dissemination of this Security Policy through communications, presentations and publication on the DELTA PROTECT portal.
- Ensuring adequate resources to implement and maintain the necessary Information Security controls and policies.
- Satisfy the applicable requirements related to Information Security.
- Verification of compliance with the Information Security Policy mentioned herein.
- Promote the continuous improvement of the Information Security Management System.
This policy is implemented through an Information Security Management System, according to policies and support controls, procedures, instructions and records.
DELTA PROTECT employees and external service providers undertake to comply with them.
4.2. efficiency checks
The responsibility for verifying compliance with this policy is the responsibility of the Information Security Officer and Information Security Coordinators of the Business Units, for which reviews and audits may be carried out.
4.3. penalties
Failure to comply with this policy and any supporting policies that may be issued will be sanctioned in accordance with the disciplinary measures described in DELTA PROTECT's Internal Labor Regulations in force, which may include:
- Verbal Warning.
- Written Warning (Minutes).
- Suspension from 1 to 5 working days without pay.
- Termination of the employment relationship.
The company will take into consideration the consequences and seriousness of the offense, the employee's background, category and seniority for the application of the corresponding sanction.
This Information Security Policy is part of and implemented in accordance with DELTA PROTECT's Information Security Management System, which is based on the International Standard ISO/IEC 27001.
5. Document control and approval
The CISO is the owner of this document and it is the responsibility of the CISO to ensure that this procedure is reviewed in accordance with the ISMS review requirements.
A current version of this document is available to all staff members, this being the published version.
5.1. distribution
SITE Delta Protect
Distribution to all personnel involved in the implementation of the ISMS or within its scope.
Training Platform
Distribution to all personnel involved in the implementation of the ISMS or within its scope.