INFORMATION SOCIETY S.M.S.A.
ISO Certificates
Business Continuity Policy
Business Continuity Management is a top priority for IS S.A., aiming to:
- Ensure the continuation of its critical activities in case of a disruption, incident or crisis;
- Restore its normal operating levels as soon as possible, if disruption cannot be avoided;
- Protect the interests of the Company and of the parties doing business with it and having entrusted the use and transfer of their confidential data to it;
- Mitigate its operational risk and the damage that may occur to its reputation and credibility in case of crisis;
- Maximize the reliability of Company information resources.
The implementation of Business Continuity Policies, Procedures and Plans aims to:
- Protect the health and safety of Company employees;
- Establish a systematic framework for the design and evaluation of business continuity requirements across Company activities;
- Document Business Continuity policies, strategy and plans, with a view to making sure that staff are well trained to deal with critical disruption events;
- Ensure a minimum acceptable level of Company operation and provision of services, even under the worst conditions;
- Make sure that Company infrastructure and information systems are shielded and under systematic control;
- Make sure that Management and staff are kept up-to-date with operational continuity issues at all times;
- Make sure that incidents disrupting Company operation are dealt with immediately and effectively;
- Make sure that Company Management are fully committed to faithfully complying with all national and Union legislation in force, as well as with the obligations under Company contracts with customers;
- Make sure that Company Management and employees are committed to constantly streamlining the Management System.
The Business Continuity Officer is responsible for controlling and monitoring the functioning of the Business Continuity Management System, as well as for keeping all staff involved up-to-date with the Business Continuity Policy, as revised from time to time.
All Company staff involved in the activities and procedures described in and related to Business Continuity management are responsible for applying the policy and relevant Procedures in their respective areas;
The Management and all employees of IS S.A. are committed to achieving the Company’s objectives and adhering to its Business Continuity principles.
Information Security Policy
The reliability and security of network and information systems is of strategic importance for the Company (IS S.A.), so that it can achieve its short- and long-term objectives, ensure data confidentiality for customers receiving its services and, at the same time, contribute to the orderly functioning of economic and social activities at national level.
Acknowledging the importance of information and systems in carrying out its operational functions, the Company has made the attainment of a high level of Information Security a key priority and implements relevant Policies and Procedures with a view to:
- maintaining the confidentiality, integrity and availability of its information, systems and services in the face of intentional or unintentional threats;
- protecting the data of customers that have put their trust in the Company and are receiving its services;
- safeguarding its own interests, as well as the interests of those doing business with it;
- ensuring the proper and uninterrupted functioning of the network systems and information that support the provision of its core services;
- ensuring Business Continuity in the face of cyber-attacks;
- preventing cyber-security incidents that may damage or disrupt its systems, impede the conduct of economic activity, cause significant financial loss and undermine user trust;
- making sure that Information Security incidents and breaches that may jeopardize its business functions are dealt with immediately and effectively;
- ensuring full compliance with current legal and regulatory requirements relating to the security and continuity of its core services and the protection of the data it processes;
- making sure that the level of Information Security is improved at all times.
To that end, IS S.A.:
- has defined a governance scheme and organizational structures aimed at addressing Information Security issues;
- has drawn up a network system and information risk management strategy, carries out information security risk assessments at regular intervals, and implements appropriate, adequate and proportional technical and organizational measures to address those risks;
- has implemented a framework to evaluate and constantly enhance the effectiveness of the Information Security Procedures through periodic measurement and review of specific performance indicators against defined objectives;
- makes sure that all employees and other third parties involved are kept up-to-date on, and aware of, matters relating to Information Security and to the continuity of its core services;
- has adopted a system for classifying information on the basis of how critical and valuable each piece of information is;
- has defined the actions necessary to protect information, in accordance with the relevant classification level, when processing, storing, transferring and destroying information;
- has implemented technical measures to control access to information and systems, archive data, prevent viruses and external intrusions, prevent and address unexpected incidents, and attain a high level of availability of its core services and critical infrastructure;
- has identified methods for the early detection of Information Security incidents and occurrences, and implements measures to mitigate their impact;
- has described how to ensure safe continuation and restoration of its operational functions at an acceptable and predetermined level in cases of system failures, disasters or crises.
The Information Security Officer (ISO) supervises and coordinates the implementation of Information Security Policies and Procedures through the use of internationally recognized standards and practices, and acts as a point of contact with the competent bodies. He/she is responsible for taking initiatives as appropriate to eliminate all those factors that may jeopardize the confidentiality, integrity and availability of Company information and systems.
All employees and partners with access to Company information, systems and infrastructure are aware of, and have accepted, the obligations to comply with the Company’s Information Security Rules.
IS S.A. Management and staff are committed to uninterruptedly monitoring and complying with the regulatory and legislative framework and to continuously implementing and streamlining the Information Security Policies, Procedures and Measures.