JUSTIFICATION AND REASON
The company's security policy outlines the guidelines to be followed to establish the information security framework and which will be followed by the others.
policies and controls related to the specific Annexes to protect the confidentiality and integrity of information according to ISO 27001 guidelines.
This document is a summary of the most important points of the policy. The full security policy is available to customers upon request at info@winfor.es.
0.1 SECURITY DECLARATION
Winfor makes the following internal statement to all its employees, partners and customers:
• Winfor recognizes the value of information and privacy and has therefore implemented an Information Security Management System (ISMS) to
monitor all our security efforts.
• Winfor's Management, represented in the Information Security Management Committee, considers the security of information and personal data as
a vital aspect of your strategy to achieve your business objectives.
• Winfor's Management is committed to ensuring maximum security in the services it provides, that is, confidentiality, integrity and availability of
the data, systems and/or communications managed by Winfor.
• Winfor's Management is committed to leading and promoting safety at all levels in accordance with the Safety Policy and the objectives that are
approved in it, both general and specific, and to create an ISMS articulated in such a way that it complies with the legal and regulatory requirements, manages the protection
and distribution of the company's assets and be distributed and published on the corporate network for better understanding by employees.
0.2 GUIDING PRINCIPLES
The following are the generic principles that all subsequent policies will follow and the specific controls that follow them:
• Responsibility for all security efforts has been assigned to the Security Risk Manager.
• Policy and procedure documents will be kept up-to-date and made available to all interested parties.
• All employees will be provided with information security training.
• Organizational and technical measures will be taken to protect information assets.
• Communications: At Winfor, communications regarding information security emanate from management and will be managed by general management to
internal communications, in an email or in the daily meeting (which will be recorded to leave evidence of the act) and by business address for the
External communications to clients, also in the form of email or in person depending on the relevance of the client (who will be notified again
formally by email later to leave evidence).
• Procedures will be established to correct and prevent any deviation from policy or security incident.
• Comply with all legal, regulatory, and contractual requirements regarding information security.
• In order to continuously improve, new objectives are reviewed and defined.
• To provide guarantees to all stakeholders, we are seeking ISO 27001 certification.
• Policies are the responsibility of Management and Directors, and must be approved by the Information Security Management Committee after review.
• The controls and Annexes are designed by the Systems Department following the guidelines set by Management and Direction in the Policies, but they must be
operational and are subject to review and continuous improvement by the Committee regarding their operability and effectiveness.
• The Templates and Procedures are the responsibility of the Systems Department and must be known by the different Departments and used for recording
security activity (change requests, access, users, etc.). These are subject to review and change due to their suitability or effectiveness.