Information Security Policy

In response to a new technological environment where the convergence between IT and communications is facilitating a new paradigm of productivity for companies, Soltec is highly committed to maintaining a competitive service by offering a responsible business model based on the ongoing search for economic, social and environmental balance, where the implementation of best practices in Information Security is essential to achieving the objectives of confidentiality, integrity, availability and legality of all information managed.

Therefore, Soltec has established the following principles of application to be taken into account in the framework of the Information Security Management System (ISMS):
Confidentiality: The information processed by SOLTEC will be known only to authorized persons, after being identified, at the time and by the means authorized.
Integrity: The information processed by SOLTEC will be complete, accurate and valid, and its content will be that provided by the data subjects, without having been tampered with.
Availability: The information processed by SOLTEC can be accessed and used by authorized users that are identified at all times, thus guaranteeing its own credibility in the presence of any unforeseen contingency.
Legality: SOLTEC will ensure compliance with any law or contractual requirements that are applicable thereto, and specifically, the regulations in force related to processing personal data.

Soltec bases the proper performance of its business activities on the processing of different types of data and information, supported by the systems, programs, communication infrastructure, files, databases, records, etc., such that they constitute one of Soltec’s main assets, whereby any damage or loss would have an effect on the performance of its services and could jeopardize the continuity of the organization. To prevent this from happening, an Information Security Policy has been designed, the main purposes of which are to:

Protect, through controls/measures, the assets against threats that could lead to security incidents.
Mitigate the effects of security incidents.
Establish a system for classifying information and data in order to protect critical information assets.
Determine the responsibilities with regard to information security by generating the corresponding organizational structure.
Develop a set of rules, standards and procedures applicable to management bodies, employees, partners, external service providers, etc.
Specify the effects of non-compliance with the Security Policy at the workplace.
Assess the risks affecting the assets in order to adopt the appropriate security measures/controls.
Verify the functioning of security measures/controls through internal security audits conducted by independent auditors.
Train users in security management and information and communication technologies.
Control information and data traffic through communication infrastructures or by sending optical, magnetic, paper data media, etc.
Observe and comply with the laws on data protection, intellectual property, employment matters, information society services, criminal matters, etc. that affect SOLTEC’s assets.
Protect the intellectual capital of the organization from unlawful disclosure and use.
Reduce the chances of unavailability through the proper use of the organization’s assets.
Defend the assets against internal or external attacks so that they do not become security incidents.
Control the functioning of the security measures by finding out the number of incidents, their nature and the effects thereof.

Soltec management assumes responsibility for supporting and promoting the establishment of the organizational, technical and control measures necessary for compliance with this Information Security Policy. It also assumes responsibility for providing those resources that are necessary to resolve, as quickly and efficiently as possible, any nonconformities and incidents regarding information security that may arise, and for implementing any measures necessary to prevent them from happening again.

Esta Política será mantenida, actualizada y adecuada a los fines de la organización, alineándose con el contexto de gestión de riesgos de la organización. A este efecto se revisará a intervalos planificados o siempre que se produzcan cambios significativos, a fin de asegurar que se mantenga su https://soltec.com/wp-content/uploads/2022/03/115-business-consulting-agency_blog_8-1.jpgeidad, adecuación y eficacia.

Likewise, a formally defined risk assessment procedure has been established to manage the risks faced by Soltec.

‍