Security Policy
FMIT Consulting S.L. as part of FMIT Group, a company dedicated to software engineering, openly expresses its intention to o er competitive services to all its customers; for this reason, it has implemented an information security management system within the organization, whose main objective is to achieve the business objectives and the satisfaction of its customers guaranteeing at all times the security of information through processes established and based on a continuous improvement process, guaranteeing the continuity of information systems minimizing the risks of damage and ensuring compliance with the objectives set to ensure at all times the confidentiality, integrity and availability of information.
To this end, it assumes its commitment to information security according to the reference standard ISO/IEC 27001:2014, so the General Directorate establishes the following principles:
- Competence and leadership on the part of the management as a commitment to develop the Information Security Management system.
- Establish the internal and external stakeholders that are relevant to the Information Security management system and meet its requirements.
- Understand the context of the organization and determine the opportunities and risks of this regarding information security as a basis for planning actions to address, assume or treat them.
- Ensure the satisfaction of our customers, including stakeholders in the results of the company, in everything related to the performance of our activities and their impact on society.
- Establish objectives and goals focused on the evaluation of performance in the field of Information Security, as well as continuous improvement in our activities, regulated in the Management System that develops this policy.
- Compliance with the requirements of the legislation applicable and regulatory to our activity, the commitments acquired with customers and interested parties and all those internal rules or guidelines of action to which the company is subject.
- Ensure the confidentiality of the data managed by the company and the availability of information systems, both in the services o ered to customers and in internal management, avoiding undue alterations in the information.
- Ensure the capacity to respond to emergency situations, restoring the functioning of critical services in the shortest possible time.
- Establish the appropriate measures for the treatment of the risks derived from the identification and evaluation of assets.
- Motivate and train all the personnel who work in the organization, both for the correct performance of their job and to act in accordance with the requirements imposed by the Reference Standard, providing an adequate environment for the operation of theprocesses.
- Maintenance of clear communication both internally, between the di erent levels of the company, and with customers.
- Evaluate and guarantee the technical competence of the personnel for the performance of their functions, as well as ensure the adequate motivation of this for their participation in the continuous improvement of our processes.
- Guarantee the adequate state of the facilities and equipment, so that they are in correspondence with the activity, objectives, and goals of the company.
- Guarantee a continuous analysis of all relevant processes, establishing the relevant improvements in each case, depending on the results obtained and the defined objectives.
These principles are assumed by the General Director, which provides the necessary means and provides its employees with su icient resources for compliance, reflecting them and making them publicly known through this Information Security Policy.