APROS recognizes the importance of protecting the confidential and sensitive information of our customers, employees, partners and the company in general. This policy establishes the principles and guidelines to ensure the security, integrity and confidentiality of the information we handle.
I. Scope:
This policy applies to all company information, regardless of its format (digital or physical), including:
- Personal information of customers and employees.
- Financial and commercial data.
- Confidential project and operational information.
- Intellectual property and trade secrets.
- Systems and network information.
II. Fundamental Principles:
- ConfidentialityConfidentiality: The information will be protected from unauthorized access and will be used only for the purposes for which it was collected.
- Integrity: Information will be kept accurate, complete and reliable, avoiding unauthorized modifications.
- Availability: Information will be available to authorized users as needed.
III. Responsibilities:
- Senior Management: Senior management is responsible for establishing the information security policy, allocating resources and ensuring compliance.
- Personnel: All employees are responsible for protecting company information by following established policies and procedures.
IV. Security Controls:
- Access Controls: Strict access controls will be implemented to ensure that only authorized personnel can access information.
- Authentication controls: Robust authentication mechanisms will be used to verify the identity of users before granting access to information.
- Encryption: Confidential information will be encrypted to protect it during storage and transmission.
- Backups and recovery: Regular backups of critical information will be performed to ensure recovery in the event of loss or damage.
- Physical Security: Physical security measures will be implemented to protect equipment, devices, and physical information from unauthorized access.
- Risk management: Risks that may affect information security will be identified, assessed and mitigated.
- Awareness and training: Regular training will be provided to staff on the importance of information security and the company’s policies and procedures.
- Security incidents: Protocols will be established for the detection, response, and recovery from security incidents.
V. Compliance:
- Periodic audits and reviews will be conducted to verify compliance with the information security policy.
- Disciplinary measures will be implemented for employees who fail to comply with the information security policy.
- The information security policy will be periodically reviewed and updated to reflect changes in the security environment and best practices.
VI. Communication:
- This information security policy shall be communicated to all employees of the company.
- Additional information on information security will be provided to customers and business partners as needed.
