Information security policy
IPS VIAL, as a company dedicated to the development of IT solutions, openly states its intention to offer competitive services to all its clients.
For this reason, it has implemented an information security management system within the organization, whose main objective is to achieve business objectives and customer satisfaction by guaranteeing information security at all times through established processes based on continuous improvement, ensuring the continuity of information systems, minimizing the risks of damage, and ensuring compliance with the objectives set to guarantee the confidentiality, integrity, and availability of information at all times.
To this end, it assumes its commitment to information security according to the reference standard to Royal Decree 311/2022, of May 3, which regulates the National Security Framework, and therefore the General Directorate establishes the following principles:
- Competence and leadership on the part of management as a commitment to developing the Information Security Management System.
- Determine the internal and external stakeholders that are relevant to the Information Security management system and meet their requirements.
- Understanding the organization's context and determining its opportunities and risks regarding information security as a basis for planning actions to address, assume, or deal with them.
- To ensure the satisfaction of our clients, including stakeholders in the company's results, in all matters relating to the performance of our activities and their impact on society.
- Establish objectives and goals focused on evaluating performance in Information Security, as well as continuous improvement in our activities, regulated in the Management System that develops this policy.
- Compliance with the requirements of the legislation applicable and regulations to our activity, the commitments made to clients and interested parties and all those internal rules or guidelines to which the company is subject.
- To ensure the confidentiality of the data managed by the company and the availability of information systems, both in the services offered to clients and in internal management, preventing undue alterations to the information.
- To ensure the ability to respond to emergency situations, restoring the operation of critical services in the shortest possible time.
- Establish appropriate measures for the treatment of risks arising from the identification and assessment of assets.
- To motivate and train all personnel working in the organization, both for the correct performance of their job and to act in accordance with the requirements imposed by the reference standard, providing a suitable environment for the operation of the processes.
- Maintaining fluid communication both internally, between the different levels of the company, and with clients.
- To evaluate and guarantee the technical competence of the staff for the performance of their functions, as well as to ensure the adequate motivation of the staff for their participation in the continuous improvement of our processes.
- To ensure the proper condition of the facilities and the appropriate equipment, so that they correspond to the activity, objectives and goals of the company
- Ensure continuous analysis of all relevant processes, establishing appropriate improvements in each case, based on the results obtained and the objectives set.