ISMS Security Policy
Last updated: January 8, 2024
Purpose
The purpose of this document is to establish the information security policy at UNIWAY TECHNOLOGIES, all based on the Information Security Management System (ISMS) implemented in the organization, thus ensuring the authenticity, confidentiality, integrity, availability and traceability of the information systems of UNIWAY TECHNOLOGIES, SL, thus guaranteeing at all times compliance with all applicable legal obligations in accordance with current regulations.
Likewise, the purpose of this document is to inform employees of UNIWAY TECHNOLOGIES, SL's security policy, which sets out the high-level guidelines to be followed by all company employees with regard to the processing of information related to the business processes indicated in the scope, ensuring that these are carried out safely and only by authorized personnel, protecting at all times the information managed by the company against possible loss of confidentiality, traceability, authenticity, integrity and/or availability.
Scope of application
This information security policy shall be binding on all users of UNIWAY TECHNOLOGIES, SL systems and shall apply to the assets used to provide the services identified in the catalogue, affecting information processed by electronic means.
Compliance with this security policy is mandatory for all personnel who access both the information systems and the information managed by UNIWAY TECHNOLOGIES, SL, regardless of their destination, assignment or relationship with it.
Approval and communication
This information security policy has been approved on 01/08/2024 by the UNIWAY TECHNOLOGIES, SL SGSI Committee.
The Information Security Policy is effective and applicable from that date and until it is replaced by a new Policy.
This Policy must be known and assumed by all interested parties and the necessary procedures must be established for this purpose through corporate communication channels.
Basics of information security
- Asegurar la confidencialidad, integridad y disponibilidad de la información.
- Ensure the confidentiality, integrity and availability of information.
- Comply with all applicable legal requirements.
- Have a continuity plan that allows you to recover from a disaster in the shortest possible time.
- Train and raise awareness among all employees regarding information security.
- Properly manage all incidents that occur.
- All employees are informed of their safety duties and obligations and are responsible for fulfilling them.Comply with legal and contractual requirements.
- A security officer is established in charge of the organization's information security management system (ISMS).
- Continuous improvement of the ISMS in accordance with current regulations at all times, thereby also achieving an improvement in the organization's information security.