DECIDE’s Security Policy reflects the principles and objectives of information security, the results of which enable our company to achieve its goal of improving how information is used both internally and externally.
By drawing up, communicating, and maintaining this policy, DECIDE’s management shows its commitment to protecting the confidentiality of the information with which it operates in the provision of its services, ensuring its integrity in all processing processes carried out, as well as the availability of the information systems involved in these treatments.
To this end, the Management has defined and implemented an Information Security Management System that allows the company to guarantee that the information systems and the information itself that is created, collected, stored and processed complies with:
- Security in Human Resource Management, before, during and upon the termination of employment.
- Proper asset management involving the classification of information and the handling of media. As well as, and the establishment of robust logical access control to its systems and applications, managing user permissions and privileges.
- Protect facilities and the physical environment, by designing secure work areas and securing equipment.
- Ensure safe operations by protecting against malware, backing up, logging, monitoring, and controlling software in operation.
- Management of technical vulnerabilities and the choice of appropriate techniques for auditing systems.
- Communications security, protecting networks and information exchange.
- Ensuring security in the acquisition and maintenance of information systems, limiting and managing change.
- The conduct of secure software development, separating the development and production environments, and performing appropriate functional acceptance testing.
- Controlling relationships with suppliers, contractually requiring compliance with relevant security measures and acceptable service levels.
- Effectiveness in the management of security incidents, establishing appropriate channels for reporting, response and time learning.
- The realisation of a business continuity plan that protects the availability of services during a crisis or disaster.
- Identifying and complying with applicable regulations with a special focus on intellectual
- The periodic review and continual improvement of our information security management system to ensure compliance with and effectiveness of these legal and regulatory requirements.
All the organisation’s personnel must comply with this policy, for which the management has the necessary means and sufficient resources for its fulfilment, and assumes the responsibility of communicating it and keeping it accessible to all interested parties.
Updated as of 04/11/2022