To this end, it assumes its commitment to information security according to the reference standard ISO/IEC 27001:2014, so the General Directorate establishes the following principles:
- Competence and leadership on the part of the management as a commitment to develop the Information Security Management system.
- Establish the internal and external stakeholders that are relevant to the Information Security management system and meet its requirements.
- Understand the context of the organization and determine the opportunities and risks of this regarding information security as a basis for planning actions to address, assume or treat them.
- Ensure the satisfaction of our customers, including stakeholders in the results of the company, in everything related to the performance of our activities and their impact on.
- Establish objectives and goals focused on the evaluation of performance in the field of Information Security, as well as continuous improvement in our activities, regulated in the Management System that develops this policy.
- Compliance with the requirements of the legislation applicable and regulatory to our activity, the commitments acquired with customers and interested parties and all those internal rules or guidelines of action to which the company is subject.
- Ensure the confidentiality of the data managed by the company and the availability of information systems, both in the services offered to customers and in internal management, avoiding undue alterations in the information.
- Ensure the capacity to respond to emergency situations, restoring the functioning of critical services in the shortest possible time.
- Establish the appropriate measures for the treatment of the risks derived from the identification and evaluation of assets.
- Motivate and train all the personnel who work in the organization, both for the correct performance of their job and to act in accordance with the requirements imposed by the Reference Standard, providing an adequate environment for the operation of the processes.
- Maintenance of clear communication both internally, between the different levels of the company, and with customers.
- Evaluate and guarantee the technical competence of the personnel for the performance of their functions, as well as ensure the adequate motivation of this for their participation in the continuous improvement of our processes.
- Guarantee the adequate state of the facilities and equipment, so that they are in correspondence with the activity, objectives, and goals of the company.
- Guarantee a continuous analysis of all relevant processes, establishing the relevant improvements in each case, depending on the results obtained and the defined objectives.