1. APPROVAL AND ENTRY INTO FORCE

Text (excerpt) approved on October 14, 2021. This Information Security Policy is effective from that date and until superseded by a new Policy.

2. INTRODUCTION

SOLUCIONES Y SERVICIOS TELEMÁTICOS SL depends on ICT (Information and Communications Technology) systems to achieve its objectives. These systems must be managed with diligence, taking the appropriate measures to protect them against accidental or deliberate damage that may affect the availability, integrity or confidentiality of the information processed or the services provided.

The objective of information security is to guarantee the quality of information and the continued provision of services, acting preventively, supervising daily activity and reacting promptly and diligently to incidents.

ICT systems must be protected against rapidly evolving threats with the potential to impact the confidentiality, integrity, availability, intended use and value of information and services. To defend against these threats, a strategy that adapts to changes in environmental conditions is required to ensure the continuous provision of services. This implies that the departments must apply the minimum security measures required by the UNE ISO/IEC 27001 standard, as well as carry out continuous monitoring of the levels of service provision, monitor and analyze the reported vulnerabilities, and prepare an effective response to the incidents to guarantee the continuity of the services provided.

The different departments must ensure that ICT security is an integral part of each stage of the system’s life cycle, from conception to decommissioning, through development or acquisition decisions and operational activities. Security requirements and financing needs must be identified and included in planning, request for proposals, and bidding documents for ICT projects.

Departments must be prepared to prevent, detect, react and recover from incidents, in accordance with security regulations.

3. SCOPE

The General Scope of the information systems associated with the business processes that are subject to certification of the UNE ISO/IEC 27001 standard is as follows: “ Proactive maintenance and monitoring service of the telecommunications infrastructure of its clients ”.

4. MISSION, COMMITMENT AND LEADERSHIP

The Management of SOLUCIONES Y SERVICIOS TELEMÁTICOS SL undertakes to facilitate and provide the necessary resources for the establishment, implementation, maintenance and improvement of the Information Security Management System, as well as to demonstrate leadership and commitment with respect to it, through of the constitution of the Security Committee, of its functions and responsibilities. It is the mission of this Directorate:

Maintain full legal compliance
Promote training and awareness plans
Maintain optimum reputational levels
Efficiently and effectively manage security incidents
Develop an adequate communicative and transparent policy
In general, preserve the confidentiality, integrity and availability of the information

This commitment extends to the interested parties described in the context of the ISMS, to satisfy their interests and expectations in information security.

5. REGULATORY FRAMEWORK

SOLUCIONES Y SERVICIOS TELEMÁTICOS SL is subject, by way of example and not limitation, to the following rules and regulations:

Regulation (EU) 2016/679 of the European Parliament and of the Council, of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and by which repeals Directive 95/46/EC (General Data Protection Regulation)
Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights
Law 34/2002, of July 11, on services of the information society and electronic commerce
Royal Legislative Decree 1/1996, of April 12, Intellectual Property Law
Law 10/2010, of April 28, on the prevention of money laundering and the financing of terrorism
Royal Decree 3/2010, of January 8, which regulates the National Security Scheme in the field of Electronic Administration
Law 9/2014, of May 9, General Telecommunications
Law 25/2007, of October 18, on the conservation of data related to electronic communications and public communications networks

6. ISMS SECURITY OBJECTIVES

SOLUCIONES Y SERVICIOS TELEMÁTICOS SL, in order to achieve compliance with its main body and its annex A, which include the basic principles and minimum requirements, has implemented various security measures proportional to the nature of the information and services to be protected and taking into account your risk analysis and your statement of applicability.

7. OBLIGATIONS OF STAFF

All members of SOLUCIONES Y SERVICIOS TELEMÁTICOS SL have the obligation to know and comply with this Information Security Policy and the Security Regulations, the Security Committee being responsible for providing the necessary means for the information to reach those affected.

All members of SOLUCIONES Y SERVICIOS TELEMÁTICOS SL will attend an ICT security awareness session at least once a year. A continuous awareness program will be established to attend to all members of SOLUCIONES Y SERVICIOS TELEMÁTICOS SL, particularly those who have recently joined.

People with responsibility for the use, operation or administration of ICT systems will receive training in the safe handling of the systems to the extent that they need it to carry out their work. The training will be mandatory before assuming a responsibility, whether it is your first assignment or if it is a change of job or responsibilities in it.

8. THIRD PARTIES

When SOLUCIONES Y SERVICIOS TELEMÁTICOS SL provides services to third parties, they will be made participants of this Information Security Policy, channels will be established for reporting and coordination of the respective Security Committees and action procedures will be established for reaction to security incidents. .

When SOLUCIONES Y SERVICIOS TELEMÁTICOS SL subcontracts services to third parties or transfers information to third parties, within the framework of a provision of services to third parties, they will be made participants of this Security Policy and the Security Regulations that pertain to said services or information. Said third party will be subject to the obligations established in said regulations, being able to develop its own operating procedures to satisfy it. Specific incident reporting and resolution procedures will be established. It will be guaranteed that third-party personnel are adequately aware of security matters, at least to the same level as that established in this Policy.

When any aspect of the Policy cannot be satisfied by a third party as required in the preceding paragraphs, a report from the Security Manager will be required specifying the risks incurred and how to treat them. Approval of this report by those responsible for the affected information and services will be required before moving forward.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional		The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary		This cookie is set by GDPR Cookie Consent plugin. The cookies are used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance		This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy		The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

ISMS Policy