ANNEX I: INFORMATION SECURITY MANAGEMENT SYSTEM POLICY
Grupo Mailteck knows that the security and privacy of the information relating to our clients is highly valuable, and has thus established an Information Security and Privacy Management System in accordance with the requirements of ISO/IEC 27001:2013 and ISO/IEC 27701:2019 to guarantee the continuity of the information systems, minimise damage risks and ensure compliance with the goals set.
The Information Security and Privacy Committee will develop and approve the risk analysis methodology used in the Information Security and Privacy Management System.
Grupo Mailteck will implement all the necessary measures to comply with applicable regulations in general security and Privacy and IT security, relating to IT policy, the safety of buildings and facilities and the behaviour of employees and third parties associated with Grupo Mailteck in the use of IT systems. The measures required to ensure information security and Privacy through the implementation of rules, procedures and controls should guarantee the confidentiality, integrity and availability of the information, which is essential to:
- Comply with current legislation on information systems.
- Ensure the confidentiality of the data managed by Grupo Mailteck.
- Ensure the availability of the information systems both in terms of services offered to clients and internal management.
- Ensure the ability to respond to emergency situations, restoring the operation of critical services in the shortest possible time.
- Avoid undue alterations in the information.
- Promote awareness and training in information security and Privacy.
- Promote and take part in the ongoing improvement of the information security and Privacy management system policy.