1.      OBJECT

 

Define the general policy and guidelines necessary for the successful execution and implementation of the Information Security Management System (ISMS) in Vocé Group.

2.      SCOPE

 

  • This policy supports the execution and implementation of the Information Security Management System (ISMS).
  • This policy should be considered by all Vocé members.

3.      GENERAL POLICY

 

Vocé Group has decided to define, implement, operate and continuously improve an Information Security Management System (ISMS), supported by clear guidelines focused on business needs and regulatory and normative requirements.

The protection of information seeks to reduce the impact generated on the assets, the risks are identified systematically in order to maintain a level of exposure that allows to respond for the integrity, confidentiality and availability of this.

Finally, it is very helpful to include the general description of other relevant policies to comply with the objectives set out in the Information Security Management System, since these are the support on which it is developed; they must be described in a simple, timely and very effective manner.

4. OBJECTIVES OF THE INFORMATION SECURITY PLAN

 

  1. Understand and address operational and strategic information security risks so that they remain at acceptable levels for the organization.
  2. Establish, maintain and improve the management system with security measures aimed at protecting information assets, with a focus on preserving the integrity and confidentiality of information belonging to the organization, its customers and third parties.
  3. Maintain the availability of the services essential to support the operation of the
  4. Implement a security incident management plan to efficiently detect, respond to and mitigate any breach or threat to the organization’s information.
  5. Fortalecer la cultura de seguridad de la información en los directivos, gerentes, colaboradores, y

5. INFORMATION SECURITY PRINCIPLES

 

The organization is committed to satisfy the applicable requirements related to information security such as:

  1. Face risk-taking and tolerate those risks that, based on available information, are understandable, controlled and dealt with when necessary.
  2. All personnel will be communicated and will be responsible for the security of information, to the extent that it is relevant to the performance of their duties.
  3. Funding is available for the operational management of information security-related controls and management processes for their implementation and management.
  4. Information security risks will be monitored and relevant measures will be taken when there are changes that imply a level of risk that does not exceed the level of risk.
  5. The criteria for risk classification and acceptance are referenced in the policy.
  6. Situations that may expose the organization to the violation of laws and legal regulations shall not be
  7. Maintain the trust of its customers, partners, employees and any third party with whom it establishes a relationship.
  8. Support technological innovation.
  9. Protecting technology assets.
  10. Establish information security policies, procedures and manuals.
  11. To understand and cover the needs of each of the business processes, implementing security improvements that provide peace of mind to the operation.

6.    RELATED POLICIES

 

Policies that provide principles and guidance on specific aspects of Information Security are detailed:

  1. Proper use of assets
  2. Exchange of information with third parties
  3. Password management
  4. Information asset management
  5. Supplier login
  6. Access control
  7. Operations security
  8. Supplier Relationship
  9. Communications security
  10. Cryptographic controls
  11. Training and awareness
  12. Physical and environmental security
  13. Technological renewal
  14. User management
  15. Use of corporate cell phones

In the following section the policies that are directly addressed to users are referenced:

  1. Use of the Internet
  2. Use of e-mail and instant messaging
  3. Employees’ responsibilities with information security
  4. Use of laptops and mobile devices
  5. Security in the workplace
  6. Damage at the employee’s expense
  7. Clean desk policy
  8. Protection against malicious software
  9. Installation of illegal software

7. COMPLIANCE AND REVIEW

 

An annual review of this policy will be conducted and updated as necessary during such review. Its approval will require the endorsement of senior management or its designee.

Any violation of the General Security Policy or associated policies may result in sanctions as set forth in the internal work regulations.