INFORMATION SECURITY POLICY
Psiconnea B2B, SL ., as a company dedicated to the design and development, implementation and support of software products for recording communications, telephone control and emergency management , assumes its commitment to information security, committing itself to its proper management. , in order to offer all its stakeholders the best guarantees regarding the security of the information used. For all of the above, the Directorate establishes the following information security objectives:
- Provide a framework to increase the capacity of resistance or resilience to give an effective response.
- Ensure the rapid and efficient recovery of services, in the face of any physical disaster or contingency that could occur and put the continuity of operations at risk
- Prevent information security incidents to the extent that it is technically and economically feasible, as well as mitigate the information security risks generated by our activities.
- Guarantee the confidentiality, integrity, availability, authenticity and traceability of information
In order to achieve these objectives it is necessary:
- Continuously improve our information security system
- Comply with applicable legal requirements and with any other requirements that we subscribe to in addition to the commitments acquired with clients, as well as the continuous updating of the same. The legal and regulatory framework in which we develop our activities is:
- REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data
- Organic Law 3/2018, of December 5, Protection of Personal Data and guarantee of digital rights.
- Royal Legislative Decree 1/1996, of April 12, Intellectual Property Law
- Royal Decree-Law 2/2018, of April 13, which modifies the revised text of the Intellectual Property Law
- Royal Decree 3/2010, of January 8, for the development of the National Security Scheme modified by Royal Decree 951/2015, of October 23.
- Law 34/2002 of July 11 on Services of the Information Society and Electronic Commerce (LSSI)
- Identify potential threats, as well as the impact on business operations that such threats, if they materialize, may cause.
- Preserve the interests of its main stakeholders (customers, shareholders, employees and suppliers), reputation, brand and value creation activities.
- Work jointly with our suppliers and subcontractors in order to improve the provision of IT services, the continuity of services and the security of information, which have an impact on greater efficiency in our activity.
- Evaluate and guarantee the technical competence of the personnel , as well as ensure the adequate motivation of the latter for their participation in the continuous improvement of our processes, providing adequate training and internal communication so that they develop good practices defined in the system.
- Guarantee the correct state of the facilities and the adequate equipment, in such a way that they are in correspondence with the activity, objectives and goals of the company.
- Guarantee a continuous analysis of all the relevant processes , establishing the pertinent improvements in each case, based on the results obtained and the established objectives.
- Structure our management system in such a way that it is easy to understand. Our management system has the following structure:
The management of our system is entrusted to the Manager and the system will be available in our information system in a repository, which can be accessed according to the access profiles granted according to our current access management procedure. These principles are assumed by the Management, who has the necessary means and provides its employees with sufficient resources for their compliance, embodying them and making them public through this Integrated Management Systems Policy. The roles or security functions defined are
|Function||Duties and responsibilities|
|Responsible for the information||– Make decisions regarding the information processed|
|Responsible for services||– Coordinate the implementation of the system – Continuously improve the system|
|security officer||– Determine the adequacy of technical measures – Provide the best technology for the service|
|system manager||– Coordinate the implementation of the system – Continuously improve the system|
|Address||– Provide the necessary resources for the system – Lead the system|
This definition is completed in the job profiles and in the system documents. The procedure for its appointment and renewal will be ratification in the security committee. The security management and coordination committee is the body with the greatest responsibility within the information security management system, so that all the most important decisions related to security are agreed upon by this committee. The members of the information security committee are:
- Responsible for the information.
- Responsible for services.
- Responsible for security.
- System manager.
- Company Address (partners-administrators)
These members are appointed by the committee, the only body that can appoint, renew and remove them. The safety committee is an autonomous, executive body with autonomy for decision-making and does not have to subordinate its activity to any other element of our company. This policy is complemented by the rest of the policies, procedures and documents in force to develop our management system.