Information security policy
Last Updated August 15, 2017
- Ensure the confidentiality, integrity and availability of information.
- Comply with all legal requirements applicable to the organization.
- Elaborate a continuity plan that allows to recover from a disaster in the shortest possible time.
- Train and educate all employees in the field of information security.
- Record and properly manage all security incidents that have occurred.
- Inform all employees of their duties and safety obligations and the responsibility to comply with them.
- Conduct periodic reviews in order to continuously improve the security of the organization's information.
The actions to be carried out by Bluekiri to fulfill the security objectives go through the implementation, operation and maintenance of the Information Security Management System (ISMS), which is always in line with this policy.
In order to guarantee a correct management of the security, Bluekiri carries out a study of the security of the organization through a risk analysis and the establishment of a plan of treatment of risks for those risks not accepted by the Security Committee of the organization.
The procedure for conducting the risk analysis is documented in the Risk Analysis Methodology document (private document), which establishes the requirements to evaluate the different threats to which they are exposed.
Once the security risk assessment and the results obtained in the planning phase have been carried out, it is the responsibility of the Security Officer with the support of the Committee to implement certain security controls for those threats that have a level of risk not assumed by the organization, in addition to operating the procedures of the management system to fulfill the demands of the process.
Information security policy and risk assessment are regularly reviewed at planned intervals or if significant changes occur to ensure the continued appropriateness, effectiveness, and effectiveness of the policy. Generally, they are reviewed annually through the internal audit of the ISMS or the review of the system by Management, which plays an important role by conducting a thorough analysis of the system and detecting possible improvements and deficiencies.
Improvements in the information security policy and the ISMS are established either during the review phases or on the basis of contributions that are considered to be of interest to both the organization's staff and external staff.
The results obtained on the basis of the internal audit, are reviewed by the Safety Officer and raised to the Committee, where opportunities to improve the system will be established.
The whole ISMS is framed within the Demming cycle (PDCA cycle), based on the planning of activities, their implementation and operation, their revision and subsequent improvement. All this applied to the security of the information.
Responsability of Users
Users of information systems should strive to promote their efficient use in order to avoid unnecessary traffic on the network.
The users themselves will be responsible for the correct custody of the assets they hold for the performance of their contractual duties.
Do not disclose or use directly the information to which they have access during their employment relationship with Bluekiri All commitments must be maintained, even after the employment relationship with the company has expired.
Ensure that all employees and third parties understand their responsibilities and are willing to carry out their duties in order to reduce the risk of theft, fraud or misuse of the resources made available to them.
All unauthorized physical access will be prevented and security measures will be taken to avoid losses, damage, theft or circumstances that endanger the assets or that may cause the disruption of Bluekiri activities.
Internet and e-mail users should make efficient use of networks, as well as preserve the confidentiality and integrity of the information transmitted through these means.
Access to the information systems of the organization will be controlled only by authorized personnel and under the security conditions that the organization has decided to operate.
All security incidents should be communicated through the support team of Bluekiri at firstname.lastname@example.org
Any failure to comply with laws, legal, regulatory or contractual obligations and security requirements affecting Bluekiri information systems will be avoided.