skip to Main Content

INFORMATION SECURITY POLICY

ENCOPIM management has defined the information security policy as the set of rules and procedures applied in the company to guarantee that all information technology assets and resources are used and managed in a way that protects their confidentiality, integrity and availability. This policy applies to all the organization’s information technology users and data, as well as infrastructure, networks, systems and third parties.

Information security guarantees the continuity of ENCOPIM’s business and minimizes the risk of damage by preventing security incidents by reducing their potential impact.

The purposes that lead ENCOPIM to apply an information security policy are:

  • Have an organization-wide information security approach and enforce it.
  • Comply with industry legal and regulatory requirements.
  • Maintain brand reputation regarding data security.
  • Ensure the privacy of processed data with a reasonable level of security, resilience and compliance, detecting and responding to potential data confidentiality violations and other security incidents.

The policy goal is to protect the organization’s information assets against all internal, external, deliberate or accidental threats by ensuring the effective protection of people, hardware and software assets and critical and information infrastructures.

The information security policy will be broken down into a set of mandatory policies:

  • 1. Responsible use of assets policy
  • 2. Access control criteria policy
  • 3. Access control policy
  • 4. Cryptographic Controls Policy
  • 5. Key management policy
  • 6. Safe Areas Policy
  • 7. Cloud services usage policy
  • 8. Secure development policy
  • 9. Mobile device, BYOD and Teleworking policy.
  • 10. Physical security policy
  • 11 Vulnerabilities policy

If you want more information or detail about these policies, you can request it from dpo@encopim.com

These policies will ensure that:

  • The information is only accessible to authorized people inside or outside the company.
  • The confidentiality of the information is maintained.
  • The integrity of the information is maintained throughout the process.
  • Business continuity plans are established, maintained and tested.
  • All staff are trained in information security and are informed that compliance with the policies is mandatory.
  • All information security breaches, and suspected weaknesses are reported and investigated.
  • Procedures are in place to support the policy, including virus control measures, passwords and continuity plans.
  • Business requirements for information availability and systems will be met.
  • The person responsible for Information Security is responsible for maintaining the policy and providing support and advice during its implementation.
  • All managers are directly responsible for implementing the policy and ensuring compliance by staff in their respective departments.

 

NON-COMPLIANCE WITH THE POLICY

Any violation of this Information Security Policy and its associated policies may result in the corresponding disciplinary actions being taken in accordance with ENCOPIM management. It is the responsibility of all ENCOPIM employees to notify the person responsible for Information Security of the affected company of any event or situation that could lead to non-compliance with any of the guidelines defined by this Policy.

The approval of this Policy implies that its implementation will have the support of Management to achieve all the objectives established therein, as well as to comply with all its requirements. This Information Security Policy will be reviewed and approved annually by the General Manager. However, if relevant changes take place in the company or significant changes are identified in the threat and risk environment, whether of an operational, legal, regulatory or contractual nature, it will be reviewed whenever possible, deems necessary, thus ensuring that the Policy always remains adapted to the reality of ENCOPIM.

Back To Top